The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.
Yes. WordPress MU or Multi-Site as it's called now is fully supported. Using Wordfence Security you can security scan every blog in your network with one click. If one of your customers posts a page or post with a known malware URL that threatens your whole domain with being blacklisted by Google, we will tell you within a maximum of one hour which is how often scans occur.
No. Actually it will make your site up to 50X faster when Falcon Engine is enabled, up to 30 times faster with our PHP caching engine and even without caching Wordfence is extremely fast and uses techniques like caching it's own configuration data to avoid database lookups. Older versions of Wordfence did incur a slight performance penalty, but we have not only fixed this issue but knocked it out of the park. Wordfence now makes your site faster than any other caching plugin available!!
The Wordfence Security plugin is frequently updated and we update the code on our security scanning servers more frequently. Our cloud servers are continually updated with the latest known security threats and vulnerabilities so that we can blog any security threat as soon as it emerges in the wild.
All our paid customers receive priority support. Excellent customer service is a key part of being a Wordfence Security member. As free or Premium member can visit support.wordfence.com and where you will find out knowledgebase. If you're a Premium member you can also open a support ticket.
Yes! Simply visit the Options page, click on advanced options and enable or disable the security features you want.
Wordfence Security is the only WordPress security plugin that is able to repair core files, themes and plugins on sites where security is already compromised. However, please note that site security can not be assured unless you do a full reinstall if your site has been hacked. We recommend you only use Wordfence Security to get your site into a running state in order to recover the data you need to do a full reinstall. A full reinstall is the only way to ensure site security once you have been hacked.
Wordfence Security sends security alerts via email. Once you install Wordfence Security, you will configure a list of email addresses where security alerts will be sent. When you receive a security alert, make sure you deal with it promptly to ensure your site stays secure.
If your site is accessible from the web, it means that people you don't know can execute PHP code on your site. They have to be able to execute PHP code, like the core WordPress code, in order for your site to work. Most WordPress security threats allow a hacker to execute PHP code on your website. The challenge hackers face is how to get their malicious PHP code onto your site to compromise your security. There are many upload mechanisms that WordPress itself, themes and plugins offer and the vast majority of these are secure. However, every now and then a hacker discovers an upload mechanism that is not secure or a way of fooling your site into allowing an upload. That is usually when security is compromised. Even though your site is behind a commercial firewall, it still accepts web requests that include uploads and executes PHP code and as long as it does that, it may become face a security vulnerability at some point.
The timthumb security exploit occurred in 2011 and all good plugins and themes now use an updated version of timthumb (which the creator of Wordfence Security wrote and donated to the timthumb author) which closes the security hole that caused the problem. However we do scan for old version of timthumb for good measure to make sure they don't cause a security hole on your site.
Most definitely! As of Wordfence version 6.0.1 we fully support IPv6 with all security functions including country blocking, range blocking, city lookup, whois lookup and all other security functions. If you are not running IPv6 Wordfence will work great on your site too. We are fully compatible with both IPv4 and IPv6 whether you run both or only one addressing scheme.
Designed for every skill level, The WordPress Security Learning Center is dedicated to deepening user's understanding of security best practices by having access to in-depth articles, videos, industry survey results, graphics and more.
Requires: 3.9 or higher
Compatible up to: 4.4.2
Last Updated: 1 week ago
Active Installs: 1+ million
236 of 335 support threads in the last two months have been marked resolved.
Got something to say? Need help?