Connecting your sites to Wordfence Central

Learn how to connect multiple sites to Wordfence Central.

Before you connect a site to Wordfence Central, you will need to register an account on wordfence.com. If you already have an account, you can sign in to connect your sites. If you are setting up your account for the first time, you will have the option to enable two-factor authentication. We strongly recommend setting this up as it is one of the most reliable countermeasures against account compromise. You can also set it up at any time after you register.

You can connect a site to Wordfence Central from the Central dashboard, or in the Wordfence plugin. (Note: If you are using WordPress Multisite, be sure to add the top-level site for each network).

Connecting a site from the Central dashboard

Once you have logged in to Wordfence Central, you can connect one of your sites by clicking “Add New Site” and entering your site’s URL in the box that appears. You will then be redirected to your site to complete the setup. Note that you will need to log in to your site as an administrator if you are not currently logged in.

Connecting a site from the Wordfence plugin

You can connect a site to Wordfence Central by logging in to your site as an administrator. Select the Wordfence Dashboard menu item. In the “Wordfence Central Status” widget, click “Connect This Site”. Note that if you are not logged in to your wordfence.com account, you will be taken to the sign in page. Once you have logged in, the connection process should proceed.

Removing a site from Wordfence Central

You can remove a site from Wordfence Central by clicking the trash icon in the “Disconnect” column on the main “Dashboard” page. If the site is having connection issues then you can click on the trash icon in the “Remove” column under the “Connection Issues” tab. You can also log in to your site as an administrator and select “Dashboard” from the Wordfence plugin menu and click “Disconnect This Site” in the “Wordfence Central Status” widget.

Troubleshooting connection issues

The “Connection Issues” tab shows the list of sites that are currently having connection issues.

Incomplete setup

If you added a site to Wordfence Central but did not complete the setup, you can click on the “Complete Setup” link that appears, and you will be taken to your site to finish the connection.

Cloudflare connection issues

If your site is protected by Cloudflare, you may need to update your Cloudflare settings to allow Wordfence Central to connect to your site. You should be able to do this by going to your Cloudflare control panel:

  1. Login to Cloudflare
  2. Select your domain from the list of sites
  3. Select the “Security” menu on the left side
  4. Select “WAF” on the Security menu
  5. On the “Custom rules” tab, click the “Create rule” button
  6. Under “Rule Name”, name the rule “Wordfence servers”
  7. Under “If incoming requests match…”, set the “Field”, “Operator”, and “Value” fields to “IP Source Address”, “equals”, and “54.68.32.247”
  8. Click the “Or” button to the right of the IP address
  9. In the new “Field”, “Operator”, and “Value” fields, choose “IP Source Address”, “equals”, and “44.235.211.232”
  10. Click the “Or” button to the right of the IP address
  11. In the new “Field”, “Operator”, and “Value” fields, choose “IP Source Address”, “equals”, and “54.71.203.174”
  12. At the bottom, under “Then… Choose action” select “Skip”
  13. Enable “Log matching requests”
  14. Under “WAF components to skip”, select all
  15. Under “More components to skip”, select all
  16. Click the “Deploy” button

You may also need to also add Wordfence Central’s IP addresses to the “IP Access Rules” in your Cloudflare control panel:

  1. Login to Cloudflare
  2. Select the “Security” menu on the left side
  3. Select “WAF” on the Security menu
  4. Click the “Tools” tab
  5. Scroll to the “IP Access Rules” section
  6. In the field that says “Enter an IP, IP range, country name, or ASN”, enter “54.68.32.247”
  7. Change the “Block” option to “Allow”
  8. Change the “This website” option to “All websites in account” if you have more than one site
  9. In the “Add a note” field, type “Wordfence Central” so you remember why the IP was allowed
  10. Click the “Add” button
  11. Repeat steps 5-9 for the IP addresses 44.235.211.232 and 54.71.203.174

Your Cloudflare account may still have access to “Firewall Rules”, in which case these steps can be used in place of the “Custom Rules” steps above. If your account doesn’t have a Firewall Rule tab anymore, skip this section.

  1. Login to Cloudflare
  2. Select your domain from the list of sites
  3. Select the “Security” menu on the left side
  4. Select “WAF” on the Security menu
  5. On the “Firewall rules” tab, click the “Create firewall rule” button
  6. Under “Rule Name”, name the rule “Wordfence servers”
  7. Under “When incoming requests match…”, set the “Field”, “Operator”, and “Value” fields to “IP Source Address”, “equals”, and “54.68.32.247”
  8. Click the “Or” button to the right of the IP address
  9. In the new “Field”, “Operator”, and “Value” fields, choose “IP Source Address”, “equals”, and “44.235.211.232”
  10. Click the “Or” button to the right of the IP address
  11. In the new “Field”, “Operator”, and “Value” fields, choose “IP Source Address”, “equals”, and “54.71.203.174”
  12. At the bottom, under “Then… Choose an action” change “Block” to “Allow”
  13. Click the “Deploy firewall rule” button

Incapsula connection issues

If your site is protected by Incapsula, you may need to update your Incapsula settings to allow Wordfence Central to connect to your site. You should be able to do this by going to your Incapsula control panel. Note that if your site is being protected by Incapsula via Sitelock, you may need to contact Sitelock support to have a ticket created to add this exception.

  1. Login to Incapsula
  2. Go to “Settings” > “Security” > “Whitelist Specific Sources”
  3. In the “Whitelist IPs” box, enter 54.68.32.247
  4. Click “Add”
  5. Click “Save”
  6. Repeat steps 3-5 for the IP addresses 44.235.211.232 and 54.71.203.174

GoDaddy/Sucuri connection issues

If your site is protected by GoDaddy/Sucuri’s firewall, you may need to update your GoDaddy/Sucuri Firewall settings to allow Wordfence Central to connect to your site. You will need to do this via the GoDaddy control panel:

  1. Login to Godaddy.com
  2. Go to Products->Web Site Security
  3. Click the “Firewall” tab and go to “Access Control”
  4. Click “Allow IP Addresses”
  5. Enter “54.68.32.247” into the “Add new IP” field, select “Permanently”, and click “Allow”
  6. Repeat step 5 for the IP addresses 44.235.211.232 and 54.71.203.174

If you are still using the legacy Sucuri control panel:

  1. Login to Sucuri’s WAF control panel at https://waf.sucuri.net/?settings&panel=whitelist-addr
  2. In the “Whitelist IP Addresses” box, enter 54.68.32.247
  3. Click “Whitelist”
  4. Repeat steps 2 and 3 for the IP addresses 44.235.211.232 and 54.71.203.174

WP Engine connection issues

  1. Remove your site from the “Connection Issues” tab in Wordfence Central
  2. Clear WP Engine’s cache and try connecting again. There is a link to clear the cache in WP Engine’s menu on the top administration bar of WordPress administration pages
  3. If that still fails then open the “Diagnostics” tab on the Wordfence “Tools” page. Scroll down to the “Other Tests” section. Press the “Clear All Connection Data” button next to “Clear all Wordfence Central connection data”. Repeat step 2 above and try connecting again

WP Spamshield connection issues

If your site is using the WP-Spamshield plugin, you will need to add the Wordfence Central IP addresses to the allowlist in this plugin’s settings.

  1. Login to WordPress
  2. Go to “Settings” > “WP-SpamShield”
  3. Check the box next to “Enable WP-SpamShield Whitelist”
  4. In the “Your current WP-SpamShield Whitelist” box, enter 54.68.32.247
  5. Click “Save Changes”
  6. Repeat steps 4 and 5 for the IP addresses 44.235.211.232 and 54.71.203.174

Other connection issues

For other connection issues, you can click on the “Show” link under the “Details” column to see more information. Note that Wordfence Central uses the WordPress REST API to communicate with the plugin. If you have disabled the REST API or set it to require authentication then you will need to enable it before connecting your site to Wordfence Central. More details to troubleshoot this are at the bottom of this section.

In most cases, the easiest way to correct a connection issue is to remove the site from Wordfence Central. Before adding the site to Wordfence Central again, we recommend that you verify that the site is up and running and that the latest version of the Wordfence plugin is installed and active. Once you have done this, you can add the site to Wordfence Central.

If your site has been removed from the listing in Wordfence Central, but the site itself still appears to be connected on the Wordfence “Dashboard” page then open the “Diagnostics” tab on the Wordfence “Tools” page. Scroll down to the “Other Tests” section. Press the “Clear All Connection Data” button next to “Clear all Wordfence Central connection data”. Now try to reconnect your site.

If you have disabled the WordPress REST API or set it to require authentication then this has most likely been caused by custom code added to your site or via another plugin.

To check if this is the case then load the REST API endpoint for Wordfence URL below for your site. Make sure that you do this in another browser where you are not logged into WordPress:

example[.]com/wp-json/wordfence/v1

In the output look for “status: 401”. This means that WordPress is returning a “401 Unauthorized” response status code for our plugin’s REST API endpoint.

This could be due to custom code added to your site by another admin or a developer and most likely be in your theme’s “functions.php” file. WordPress.org has a guide here in their REST API handbook for denying unauthenticated access to the REST API with the code to use.

If you don’t find such code added to your site then it might be another plugin. Here are some common plugins and services and steps to resolve it (note that this is not an exhaustive list of plugins that block access to the REST API):

WP Hardening – Fix Your WordPress Security

https://en-gb.wordpress.org/plugins/wp-security-hardening/

Fix: On the “Security Fixers” settings page, disable the option “Disable WP API JSON”.

Minimal Coming Soon – Coming Soon Page

https://wordpress.org/plugins/minimal-coming-soon-maintenance-mode/

Fix: On the “Basic” settings page you can add our IP addresses shown below to the option “IP Whitelisting”. Note that this is a premium feature and if you are using the free version then you can only add your site to Wordfence Central once you have take your site out of maintenance mode:

44.235.211.232
54.68.32.247
54.71.203.174

Disable REST API

https://wordpress.org/plugins/disable-json-api/

Fix: Enable the option “/wordfence/v1”.

If you are using the free version of Wordfence and these steps fail to correct the issue, please visit the Wordfence forums for support. If you are a Premium customer, you can contact premium support.

PatchStack

https://patchstack.com/

We have had a report that PatchStack can block Wordfence Central from being able to communicate with your site.  In your PatchStack account, on the “Hardening” > “General” page, you will need to ensure the option “Restrict WP REST API Access to authenticated users only” is disabled.