WordPress.org

To install Wordfence Security and start protecting your WordPress website:

Remember to visit our support forums if you have questions or comments.

1. Install Wordfence Security automatically or by uploading the ZIP file.
2. Activate the security plugin through the 'Plugins' menu in WordPress.
3. Wordfence is now activated. Go to the scan menu and start your first security scan. Scheduled security scanning will also be enabled.
4. Once your first scan has completed a list of security threats will appear. Go through them one by one to secure your site.
5. Visit the Wordfence options page to enter your email address so that you can receive email security alerts.
6. Optionally change your security level or adjust the advanced options to set individual security scanning and protection options for your site.
7. Click the "Live Traffic" menu option to watch your site activity in real-time. Situational awareness is an important part of website security.

To install Wordfence on WordPress Multi-Site installations (support is currently in Beta):

1. Install Wordfence Security via the plugin directory or by uploading the ZIP file.
2. Network Activate Wordfence Security. This step is important because until you network activate it, your sites will see the plugin option on their plugins menu. Once activated that option dissapears.
3. Now that Wordfence is network activated it will appear on your Network Admin menu. Wordfence will not appear on any individual site's menu.
4. Go to the "Scan" menu and start your first security scan.
5. Wordfence will do a security scan all files in your WordPress installation including those in the blogs.dir directory of your individual sites.
6. Live Traffic will appear for ALL sites in your network. If you have a heavily trafficked system you may want to disable live traffic which will stop logging to the DB.
7. Firewall rules and login rules apply to the WHOLE system. So if you fail a login on site1.example.com and site2.example.com it counts as 2 failures. Crawler traffic is counted between blogs, so if you hit three sites in the network, all the hits are totalled and that counts as the rate you're accessing the system.