We continuously analyze the latest threats, developing new protection and detection rules.
The Threat Defense Feed arms the Wordfence plugin with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe.
A Web Application Firewall, Malware Scanner, and many other tools make Wordfence the most complete security option available.
You are witnessing real-time attacks of WordPress websites, and seeing the Wordfence WordPress security plugin in action. We are only showing a mere Loading…% of the Loading… attacks happening per minute to keep your browser from slowing down. The map is continually updated as you watch.
Downloads to Date 20,224,663
Our WordPress security plugin provides the best protection available for your website. Powered by the constantly updated Threat Defense Feed, WordFence Firewall stops you from getting hacked. Wordfence Scan leverages the same proprietary feed, alerting you quickly in the event your site is compromised. Our Live Traffic view gives you real-time visibility into traffic and hack attempts on your website. A deep set of additional tools round out the most comprehensive WordPress security solution available.
To learn more about the features of the Wordfence security plugin, activate one of the four categories below, then select a feature for detailed information.
The Web Application Firewall stops you from getting hacked by identifying malicious traffic, blocking attackers before they can access your website. Powered by the Threat Defense Feed, it is automatically updated with new firewall rules that protect you from the latest threats. Even if you are running a vulnerable plugin or theme, Wordfence will protect you from being hacked by blocking attacks based on known and constantly updated attack patterns.
Wordfence protects over 1 million WordPress websites, giving us unmatched access to information about how hackers compromise sites, where attacks originate from and the malicious code they leave behind. The team in our Forensic Lab are constantly adding updates as they discover new threats. Premium members receive the real-time version of the Threat Defense Feed. Free users receive the community version, which is delayed by 30 days.
It takes just one look at the live login activity on your site to quickly realize how many failed login attempts you receive. Wordfence monitors these and will lock out any attempts to brute-force guess your WordPress password or WordPress usernames.
Wordfence country blocking is designed to stop an attack, prevent content theft or end malicious activity that originates from a geographic region in less than 1/300,000th of a second. Blocking countries who are regularly creating failed logins, a large number of page not found errors and are clearly engaging in malicious activity is an effective way to protect your site during an attack.
Quickly and efficiently dispatch site security threats by blocking entire malicious networks and any human or robot activity that indicates suspicious intentions based on pattern matching and IP ranges.
Scan for Malware, Bad URLs, Backdoors and DNS Changes
There are many places on WordPress sites for hackers to hide, but not with Wordfence. We maintain a cluster of high performance servers in our data center to assist with scanning your website. When Wordfence scans your site, it compares your core files, themes and plugins with what is in the WordPress.org repository and reports any changes to you.
Wordfence leaves no corner of your WordPress site untended by:
Wordfence protects over 1 million WordPress websites, giving us unmatched access to information about how hackers compromise sites, where attacks originate from and the malicious code they leave behind. The team in our Forensic Lab are constantly adding updates as they discover new threats. Premium members receive the real-time version of the Threat Defense Feed. Free users receive the community version, which is delayed by 30 days.
Your legitimate customer emails can be caught in spam filters if another site on your shared IP address is generating a lot of spam. Use this feature to confirm that your site is running on a clean IP address, and that the shared IP you are using to host your website is not listed as a known source of spam email.
When your website URL is being used for spamvertising, it can severely impact your SEO rankings and email deliverability. Wordfence checks if your website URL has been flagged for spamvertising, indicating that your site may have been compromised or that you are emailing too aggressively.
Wordfence is not just a standalone plugin for WordPress. It is part of Feedjit Inc. and is powered by our cluster of high performance servers based at our data center in Seattle, Washington. Our premium remote scan capability connects to your server from ours to do an additional scan for possible infections.
Monitor visits and hack attempts not shown in other analytics packages and see attempts in real time; including where in the world they’re coming from, their IP address, the time of day and time spent on your site.
If you’re like most website owners, SEO matters. Monitor Google as it crawls your site to see which pages are being crawled and which aren’t. Identify issues like crawling non-existent pages and missing robots.txt files.
If someone or something is generating many “page not found errors” or consuming content too aggressively, they’re likely up to no good. Block them with Wordfence, and make room for Google crawlers to work unhindered.
There are many scenarios where it is helpful to see who is logging in and out of your site. If you think that you’ve been hacked you can look to see who has logged in, when they did and where they came from. If you are seeing a huge spike in brute force login attempts, you can use the information to develop a blocking strategy. Visibility into which usernames attackers are using during password guessing attacks alerts you to usernames you may need to change.
Monitor visits to your site in real time; including where in the world they’re coming from, their IP address, the time of day and time spent on your site.
Take your site security to the next level with “Two Factor Authentication” and secure your website investment. Used by banks, government agencies and military worldwide, Two Factor is one of the most secure forms of remote system authentication available.
Wordfence uses our source code verification feature to tell you what has changed and help repair hacked files. Backed by our cloud servers (over a terabyte of data), Wordfence checks the integrity of your core files, theme files and plugin files against what is stored in the official WordPress repository. We maintain a record of every WordPress core, theme and plugin file ever released to the official repository to provide this feature.
Strong passwords are crucial to the security of your site, and Wordfence ensures your passwords are strong by checking them against a database of common passwords and simulating a hack attempt using our password auditing GPU cluster. A Wordfence Password Audit simulates what a hacker would do if they stole your password database and launched an attack on it.
Say goodbye to spam with Wordfence. The free version of Wordfence includes an excellent comment spam filter, and if you are a premium customer our advanced comment spam filter is automatically enabled which provides an additional layer of filtering. The advanced filter does an additional check on the source IP of inbound comments and any URLs that are included.
Running out of disk space has the potential to make your server unavailable. Some Denial of Service attacks actually force your website to run out of disk space. Wordfence monitors your available space and will alert you to a problem before it results in downtime.
You will learn more about your visitors using the detailed information Wordfence provides about each visitor IP address. Using this information you can decide to let them into your site or block them.
Choose Your Wordfence Plan | Premium $99 per year or less* | Free $0 per year |
---|---|---|
Real-Time Threat Defense Feed | ⋆ | |
Country Blocking | ⋆ | |
Check if Site IP is Generating Spam | ⋆ | |
Check if Site is Spamvertized | ⋆ | |
Remote Scans | ⋆ | |
Cell Phone Sign In | ⋆ | |
Audit Existing Passwords | ⋆ | |
Advanced Comment Spam Filter | ⋆ | |
Web Application Firewall | ✓ | ✓ |
Block Brute Force Attacks | ✓ | ✓ |
Advanced Manual Blocking | ✓ | ✓ |
Malware Scanner | ✓ | ✓ |
View Blocked Intrusion Attempts | ✓ | ✓ |
View Google Crawl Activity | ✓ | ✓ |
View Bots and Crawlers | ✓ | ✓ |
View Logins and Logouts | ✓ | ✓ |
View Human Visitors | ✓ | ✓ |
Repair Files | ✓ | ✓ |
Monitor Disk Space | ✓ | ✓ |
Get Detailed IP Info | ✓ | ✓ |
*The more Wordfence Premium license keys you buy, the more you save.
Two weeks ago, DNS provider Dyn was attacked in a very large DDoS attack. IoT devices were used to send an overwhelming amount of traffic to Dyn's resolvers which resulted in Dyn effectively being taken offline for hours. This took out Netflix, Paypal, Github, Twitter and many other name brand services....read more
Visit Blog"Our website seems to be under attack at the moment. But all well thanks to a little plugin called Wordfence. Well worth a look."
@mintyslippers, Filmmaker, United Kingdom
"121 attempts to hack the shesageek site in the last 10 minutes! So glad i installed wordfence security on the site."
@shesageeksta, Publisher, Sydney, Australia
"I manage 80+ blog sites and Wordfence is on every one of them! Emails you when anything needs an update or any issue."
@BrianBasilico, Micro Blogger, Aurora, IL
"I have been using Wordfence Premium for over 6 months now and love it! It has protected my site from everything that I could ever think of. Thank you for your great software and being part of a open source community. Keep up the great work!!"
LilGeekShop.net, Online Store, Moultrie, GA
"Found @wordfence when I needed malicious cleanup help on one of my #Wordpress sites. Impressed!"
@bryanchalker, Consultant Web Designer, Atlanta, GA
"Wordfence is a good, free security plugin. Make sure it's activated!!"
@NorthCantonWC, WordCamp, North Canton, Ohio
"Do you use Wordpress? If so, I can highly recommend Wordfence Security. Saved me from a few issues so far."
@Love_London, Blogger, London, England
"Is your site on Wordpress? If so PLEASE get the Wordfence plug in, it's locked three hackers out of my website in the last 24 hours."
@WordNerdSally, Publisher, Nottingham
Broaden your WordPress security skills with resources for all learning levels.Articles, Videos, Checklists, Surveys, Infographics and more.
Get StartedYou can install the Wordfence WordPress security plugin with these four best-practice steps:
When you decide to upgrade to the best WordPress Security out there, simply upgrade to Wordfence Premium.
Get the Easy Install Guide