Wordfence – WordPress Security Plugin
Our WordPress security plugin provides the best protection available for your website. Powered by the constantly updated Threat Defense Feed, WordFence Firewall stops you from getting hacked. Wordfence Scan leverages the same proprietary feed, alerting you quickly in the event your site is compromised. Our Live Traffic view gives you real-time visibility into traffic and hack attempts on your website. A deep set of additional tools round out the most comprehensive WordPress security solution available.
- Web Application Firewall
- Real-Time Threat Defense Feed
- Block Brute Force Attacks
- Country Blocking
- Advanced Manual Blocking
- Malware Scanner
- Check if Site IP is Generating Spam
- Check if Site is Spamvertized
- View Blocked Intrusion Attempts
- View Google Crawl Activity
- View Bots and Crawlers
- View Logins and Logouts
- View Human Visitors
- Two Factor Authentication
- Repair Files
- Monitor Disk Space
- Get Detailed IP Info
More Powerful Features
Leaked Password Protection
Protect your site against attacks that leverage password information stolen in data breaches. Block logins for administrators using known compromised passwords.
Data breaches have become all too common lately, arming attackers with millions of usernames, passwords and other sensitive data. We are unfortunately seeing attacks on WordPress sites in the wild leveraging this info.
Stay a Step Ahead of Attackers
Wordfence now includes protection against this specific threat. The feature allows you to block logins for administrators that use a known compromised password. Any administrator using a password previously seen in a breach will need to reset their password to log in. And we keep up to date with the latest breaches as the occur. We’ve done this by integrating our login security with the database provided by Troy Hunt’s version 2 of the Pwned Passwords API. Troy has built a substantial list of hundreds of millions of compromised passwords across hundreds of data breaches.
Live Traffic
Monitor visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address and the time of day.
Wordfence Live Traffic is a powerful tool that enables you to view activity on your site in real-time, including traffic not shown by Google Analytics and other Javascript loggers.
- Watch hackers trying to break into your site right now. Monitor visits and hack attempts not shown in other analytics packages and see attempts in real time; including where in the world they’re coming from, their IP address and the time of day.
- Watch visitors log in and out of your site in real time. There are many scenarios where it is helpful to see who is logging in and out of your site. If you think that you’ve been hacked you can look to see who has logged in, when they did and where they came from. If you are seeing a huge spike in brute force login attempts, you can use the information to develop a blocking strategy. Visibility into which usernames attackers are using during password guessing attacks alerts you to usernames you may need to change.
- Watch Google Crawl Your Site In Real Time. If you’re like most website owners, SEO matters. Monitor Google as it crawls your site to see which pages are being crawled and which aren’t. Identify issues like crawling non-existent pages and missing robots.txt files.
- Watch site visitors use your site in real time; including where in the world they’re coming from, their IP address and the time of day.
- Protect your intellectual property from content thieves. Content thieves are crawlers that steal your site content and hard-earned brand recognition by crawling your site for content and republishing it on their own website. Keep your content under control.
- Block rogue crawlers in real-time. If someone or something is generating many “page not found errors” or consuming content too aggressively, they’re likely up to no good. Block them with Wordfence, and make room for Google crawlers to work unhindered.
Advanced Manual Blocking
Quickly and efficiently block entire malicious networks and any human or robot activity that indicates suspicious intentions based on pattern matching and IP ranges.
Powerful options allow you to block traffic from any source
Quickly and efficiently dispatch site security threats by blocking entire malicious networks and any human or robot activity that indicates suspicious intentions based on pattern matching and IP ranges.
Wordfence helps you intelligently block WordPress website threats by giving you the ability to:
- Block ranges of IP addresses (Think of these as networks)
- Specific web browsers and web browser patterns
- Referring websites
- Any combination of the above
Country Blocking
Blocking countries who are clearly engaging in malicious activity is an effective way to protect your site during an attack. Premium Feature.
Put geographic protection in place
Wordfence country blocking is designed to stop an attack, prevent content theft or end malicious activity that originates from a geographic region in less than 1/300,000th of a second. Blocking countries who are regularly creating failed logins, a large number of page not found errors or are clearly engaging in malicious activity is an effective way to protect your site during an attack.
Wordfence Country Blocking gives you these options to protect your WP site:
- Block access to your login form
- Block access to the rest of your WordPress site
- Access to a continually updated database of country to IP mappings
- You’ll find even more options in Advanced Blocking
Repair Files
Wordfence uses our source code verification feature to help you recover from a hack. It tells you what changed in core, theme and plugin files and helps repair them.
Don’t just find corrupted files. See the changes and repair them
Wordfence uses our source code verification feature to tell you what has changed and help repair hacked files. Backed by our cloud servers (over a terabyte of data), Wordfence checks the integrity of your core files, theme files and plugin files against what is stored in the official WordPress repository. We maintain a record of every WordPress core, theme and plugin file ever released to the official repository to provide this feature.
After Wordfence has alerted you to file changes, you can:
- See how files have changed, something only Wordfence does
- Download the original file to compare original to current
- View and repair the file by overwriting with a pristine, original version
Two-Factor Authentication
Stop brute force attacks permanently by using one of the most secure forms of remote system authentication available.
Wordfence – WordPress changelog
= v7.5.4 – June 7, 2021 =
Fix: Resolve conflict with woocommerce-gateway-amazon-payments-advanced plugin
= v7.5.3 – May 10, 2021 =
* Improvement: Expanded WAF capabilities including better JSON and user permission handling
* Improvement: Switched to relative paths in WAF auto_prepend file to increase portability
* Improvement: Eliminated unnecessary calls to Wordfence servers
* Fix: Prevented errors on PHP 8.0 when disk_free_space and/or disk_total_space are included in disabled_functions
* Fix: Fixed PHP notices caused by unexpected plugin version data
* Fix: Gracefully handle unexpected responses from Wordfence servers
* Fix: Time field now displays correctly on “See Recent Traffic” overlay
* Fix: Corrected typo on Diagnostics page
* Fix: Corrected IP counts on activity report
* Fix: Added missing line break in scan result emails
* Fix: Sending test activity report now provides success/failure response
* Fix: Reduced SQLi false positives caused by comma-separated strings
* Fix: Fixed JS error when resolving last scan result
* Improvement: Updated GeoIP database.
* Fix: Syncing requests from Wordfence Central no longer appear in Live Traffic.
* Fix: Addressed some display issues with the Wordfence Central panel on the Wordfence Dashboard.
Check /Extract files before uploading to wordpress, some .zip/.rar file may have more than 1 theme/plugin file in it.
