How Wordfence Protects Your Site


Today we want to give you a high-level overview of Wordfence and how it protects your site. We built it from the ground up to protect WordPress sites. We are currently a team of over 35 people, and WordPress Security remains our sole focus.

Protection for your site starts with an endpoint firewall, which examines traffic to your site and blocks malicious traffic.

Hacker hacking the server in the dark room

We designed our firewall to run at the endpoint, on your server, because it allows us to deeply integrate with WordPress. In fact, over 85% of our firewall rules directly leverage that integration. And unlike cloud-based alternatives, the Wordfence firewall does not break encryption, cannot be bypassed and can’t leak data.

The Wordfence security scanner is a powerful complement to our firewall. It proactively alerts you to security risks like software vulnerabilities so you can address them before they’re discovered by an attacker. It also looks for malware and compares core, theme and plugin files with what is in the repository, checking their integrity and reporting any changes to you. Should your site get hacked, reacting quickly is critical.

Our threat defense feed delivers the firewall rules, malware signatures and malicious IP data Wordfence uses to protect your site. Premium customers receive updates in real time versus the community feed which is delayed by 30 days.

Rounded out by a number of other powerful features, Wordfence is the most comprehensive WordPress security solution available. With live traffic, you can monitor visits and hack attempts not shown in other analytics packages in real time. Take login security to the next level with two factor authentication, one of the most secure forms of remote system authentication available. Block attackers by IP or build advanced rules based on IP Range, Hostname, User Agent and Referrer. Country blocking is available with Wordfence Premium.