Protect your websites with the best WordPress security available.
Wordfence includes an endpoint firewall and malware scanner that were built from the ground up to protect WordPress. Our Threat Defense Feed arms Wordfence with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe. Rounded out by a suite of additional features, Wordfence Premium is the most comprehensive security option available.
Why choose an endpoint firewall like Wordfence?
Wordfence runs at the endpoint, your server, providing better protection than cloud alternatives. Cloud firewalls can be bypassed and have historically suffered from data leaks. Wordfence firewall leverages user identity information in over 85% of our firewall rules, something cloud firewalls don’t have access to. And our firewall doesn’t need to break end-to-end encryption like cloud solutions.
Stay a Step Ahead of Attackers with Real-time Threat Intelligence
Our data is what makes the firewall and scanner effective, upgrade to Premium to enable real-time protection. If your website is mission-critical you can’t afford the downtime, reputation challenges or SEO impact of getting hacked. That’s why so many sites rely on the real-time protection provided by Wordfence Premium. Wordfence Premium provides the real-time endpoint protection you need to protect your mission-critical website. Upgrade to enable these powerful features:
- Real-time IP Blacklist. Blocks all requests from IP addresses that are actively attacking WordPress sites protected by Wordfence. Improves protection while improving site performance.
- Real-time Firewall Rule Updates. The Wordfence firewall leverages firewall rules to identify and block malicious traffic to your website, protecting you from the latest WordPress attacks and security vulnerabilities.
- Real-time Malware Signature Updates. The Wordfence security scanner and firewall rely on thousands of malware signatures to help identify malware on your website and to block malicious uploads.
- Reputation Checks. Check to see if your site or IP have been listed on 3 different blacklists for malicious activity, generating spam, or spamvertizing during each scan.
- Country Blocking. Designed to stop an attack, prevent content theft or end malicious activity that originates from a geographic region in less than 1/300,000th of a second.
Wordfence includes a Web Application Firewall (WAF) that identifies and blocks malicious traffic. It runs at the endpoint, enabling deep integration with WordPress. Unlike cloud alternatives it does not break encryption, cannot be bypassed and cannot leak data. An integrated malware scanner blocks requests that include malicious code or content. Defends against brute force attacks by limiting login attempts, enforcing strong passwords and other login security measures. Upgrading to Premium enables real-time firewall rule and malware signature updates as well as the Real-time IP Blacklist, which blocks all requests from the most malicious IPs, protecting your site while reducing load.
WordPress Security Scanner
The Wordfence scanner checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections. It also compares your files with what is in the WordPress.org repository, checking their integrity and reporting any changes to you. Repair files that have changed by overwriting them with a pristine, original version and easily delete any files that don’t belong. It also checks your site for known security vulnerabilities, abandoned and closed plugins. Content safety checks ensure that your files, posts and comments don’t contain dangerous URLs or suspicious content. Upgrading to Premium enables real-time malware signature updates, reputation checks and better control over scan timing and frequency.
Threat Defense Feed
The Threat Defense Feed arms the Wordfence plugin with the newest firewall rules, malware signatures, and malicious IP addresses it needs to keep your website safe. Wordfence protects over 3 million WordPress websites, giving us unmatched access to information about how hackers compromise sites, where attacks originate from and the malicious code they leave behind. Our security analysts and developers are 100% focused on WordPress security, constantly adding updates as they discover new threats. Premium members receive the real-time version of the Threat Defense Feed. Free users receive the community version, which is delayed by 30 days.