Wordfence Price Increases Coming December 5th, 2024
We haven’t raised our prices in a relatively high inflation environment in 2 years, and in the case of Wordfence Care and Response, for 2.5 years. So that time has come, and we want to let our free and paid user community know ahead of time. We’re giving you almost a month forewarning before we raise prices on December 5th so that you can use the opportunity to purchase new licenses before the price change.
If you need more licenses, you can still purchase licenses at the current lower pricing now through December 4. Customers with legacy pricing for Wordfence Premium below the $119 base price will see their renewal prices increase by 25.21 percent starting December 5th. [Updated to add clarification]
We’re including our current pricing for Premium, Care and Response below, and what those prices will be changing to:
- Wordfence Premium (real-time firewall rules and malware sigs with support) is currently $119 per year and will be increasing to $149 per year.
- Wordfence Care (hands on support during business hours) is currently $490 per year and will be increasing to $590 per year.
- Wordfence Response (24/7 incident response with 1 hour response time) is $950 per year and will be increasing to $1250 per year.
- Wordfence CLI Premium base price is $119 per year and will be increasing to $149 per year.
At Wordfence our Mission is to Secure the Web. You can’t argue with outcomes and we think the outcomes that we have produced over the past 2 years have demonstrated clearly that we have made significant progress in fulfilling that mission. We’re incredibly proud of our team, the high standard that every team member holds themselves to, and the pace of innovation that our organization has demonstrated.
Buying a Wordfence license is more than just the purchase of a paid version of Wordfence. You are helping to fund a team on a mission to secure the WordPress community and the Web. But don’t take our word for it. Here are some of our accomplishments in the past two years. Many of these produce no revenue for us, give away valuable data or software, and have a huge impact on securing the WordPress community and the hundreds of millions of users who visit WordPress websites every day.
- We have become ISO 27001 Certified as an organization.
- We have released 23 new releases of Wordfence with major new features and many incremental improvements including performance, security, best practices and new features that fundamentally improve your security posture.
- We recently released Wordfence version 8.0 which includes a tamper-proof security audit log allowing you to track security events across your site. The events we track are based on a decade of experience in WordPress forensics and analyzing billions of attacks targeting WordPress websites.
- We have made numerous improvements to our infrastructure to improve resilience, performance, and security.
- Since December 2022 our team has released 1399 new malware signatures, each detecting new malware variants and emerging threats that our research team and security analysts discover in their research and forensic activity. These signatures become available to free customers 30 days after release.
- We launched the most comprehensive vulnerability database for WordPress and introduced the Wordfence Intelligence Free API and user interface which anyone can use commercially. This is the only 100% free vulnerability database available for WordPress and it is also the industry leader across all WordPress vulnerability databases, including free and paid.
- In January 2023 we launched the weekly vulnerability roundup report which we have consistently provided to the security community and security conscious users since then.
- In August of 2023 we launched Wordfence CLI – a powerful, free open source command line tool to scan for the latest vulnerabilities and detect malware.
- Early next week we will be announcing the newest release for Wordfence CLI which went out today – Wordfence CLI version 5.0 which includes free database scanning.
- In August 2023 we launched webhooks for the Wordfence Intelligence vulnerability database, to alert users via an API about the latest vulnerabilities in real-time. This can also be used commercially for free.
- In November 2023 we launched the Wordfence Bug Bounty Program to aggressively fund research into WordPress security for the benefit of the community. We’ve paid out almost $400,000 in bounties in the past year.
- Thanks to this program we have over 3,000 vulnerabilities remediated just in the past year.
- We have also increased our funding into security research and today we pay up to $31,200 for every validated in-scope vulnerability reported to us.
We would like to thank you for being a paid Wordfence customer. If you are a free user, we look forward to winning your business and I would strongly encourage you to consider upgrading for real-time threat intelligence, to benefit from the tamper-proof audit log, and to support us on our mission to secure the Web.
Kind regards,
The Wordfence Founders: Mark Maunder (CTO) and Kerry Boyte (CEO)
Comments
3:38 pm
Will there still be a discount for having multiple licenses or buying for multiple years? If so, can you say what those prices will be?
3:49 pm
Hi Thomas,
Yes those are unchanged and continue to be up to 40% off when you combine multiple licenses with multiple years. You can visit our checkout page and play with multiples for details.
Regards,
Mark.
4:02 pm
How do I do an early renewal on my Premium plan which expires in February? I only see upgrade options in my account.
4:21 pm
Hi,
Unfortunately you can't renew a key earlier than 30 days before expiry. So the current pricing is only applicable to keys coming up for renewal or new key purchases. I'll update the blog post to clarify that.
Mark.
2:40 pm
No clarification about this 30 day limit has been added to the blog post in 24 hours. The email didn't state this. Please consider offering early renewal for up to 1 yr (10/2025). Make it easy for people to give you money. I have multiple clients willing to pay early to renew their licenses, but most are outside of the 30 day limit.
1:05 pm
Please see my other reply. Will have an announcement on the 21st of November if things work out. We're working on a solution but don't have anything public to share yet. Complex situation.
Regards,
Mark.
4:21 pm
Hi,
As I pointed out to another commenter, you can’t renew a key earlier than 30 days before expiry. So the current pricing is only applicable to keys coming up for renewal or new key purchases. I'm about to update the blog post to clarify that.
Mark.
2:24 pm
Based on the email - which did NOT include that information - I just got a bunch of clients to agree to have us renew their licenses for an extra year by Dec 4th. Many don't renew within 30 days. So, do I go back to those folks and tell them they can't renew now or are you going to offer some way to do those advanced renewals given that the email did not state this limit?
1:05 pm
Yes. Watch this space. Should have an announcement around the 21st. We're working on a solution but don't have anything to share publicly yet. Turns out that having 5 million customers and 12 years of history makes changes like this non-trivial. Working as fast as we can.
Regards,
Mark.
6:11 am
Thanks all the great improvements and for adding the Audit log feature. Please consider letting us enable it without connecting our site to Wordfence Central. Since the data isn’t end-to-end encrypted and includes personal information, we (an EU based company) can currently not send it to your servers, at least not until Defiant has joined the EU-US Data Privacy Framework program.
Support for custom syslog servers would of course be even better and even make Wordfence a competitor to custom activity log plugins.
/ Karl Emil Nikka
8:58 am
Hi Karl,
The data is end to end encrypted using TLS when it's sent to Central. The data is also encrypted at rest when stored on our cloud servers. Within a few days we'll have an update on the EU-US data privacy question, we're just working through that now, but we should have an answer that will allow those in the EU jurisdiction to use Central without an issue.
We can't allow customers to log this data locally or it would no longer be tamper proof and would become pointless. We could allow logging to a customer-managed server or network that is isolated, but the configurations would vary so much that it would be burdensome on our team to have to support e.g. REST, syslog, SNMP, DB interfaces, etc, etc. So we just provide the service ourselves at a very low cost.
Regards,
Mark.
9:10 am
OK here's the EU update. Yes you can use Wordfence Central and the Audit Log if you're based in the EU. I've included a short summary of why and how this works, and a longer explanation below that for the legal nerds in the audience. So to fully answer your original post, with the Wordfence Audit log, the data is end-to-end encrypted, the data is encrypted at rest on our servers, and you are legally allowed to log data to our servers if you're in the EU and the text below explains why.
Here's the short version:
Chapter 5 of the General Data Protection Regulation (GDPR) provides multiple mechanisms for organizations to transfer personal data lawfully between the EU and US. Two of these mechanism are the EU-US Data Privacy Framework (an adequacy decision under Article 45) and the EU Standard Contractual Clauses (an appropriate safeguard under Article 46). The validity of the Data Privacy Framework (DPF) is currently being challenged in the EU Court of Justice (the predecessor framework to the DPF, the Privacy Shield, was invalidated under a similar challenge). In the interest of maintaining a valid lawful method of transferring data from the EU to the US, Defiant has opted to use the EU Standard Contractual Clauses.
Here's the long version:
Chapter 5 of the EU General Data Protection Regulation (GDPR), addresses the lawful transfer of personal data from the EU to other countries. Among the Articles that address lawful data transfer are: Article 45 – (Transfers on the basis of an adequacy decision) and Article 46 – (Transfer subject to appropriate safeguards). The EU-US Data Privacy Framework is authorized under Article 45 which states:
“A transfer of personal data to a third country or an international organisation may take place where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection.” (GDPR Ch. 5, Art. 45(1))
Countries that have “an adequate level of protection” are known to have been issued an “adequacy decision” by the EU Commission. (A list of countries with adequacy decisions is available here: Adequacy decisions). The United States has received an adequacy decision, but only for “commercial organisations participating in the EU-US Data Privacy Framework.” The EU-U.S. Data Privacy Framework (DPF) is an agreement between the EU and US designed to facilitate the transfer of personal data while ensuring compliance with EU data protection standards. Companies participating in the DPF must adhere to a set of privacy standards administered by the US Department of Commerce (DoC), file an annual registration with the DoC, submit to arbitration regarding EU privacy complaints, among other requirements. The DPF replaces the previous Privacy Shield arrangement, which was invalidated by the European Court of Justice under a ruling commonly known as Schrems 2.
Alternatively, companies that do not seek to comply with the DPF may rely on Article 46 for lawful transfers of personal data form the EU to the US. Article 46 allows for the lawful transfer of personal data where:
“the controller or processor has provided appropriate safeguards” which “may be provided for, without requiring any specific authorisation from a supervisory authority, by … (c) standard data protection clauses adopted by the Commission.” (GDPR Ch. 5, Art. 46(1 – 2))
These “standard data protection clauses” are commonly known as the Standard Contractual Clauses” or “SCCs.” (The Standard Contractual Clauses are available here: Standard Contractual Clauses). Controllers and processors of EU personal data can comply with their legal obligations under for lawful data transfer under Chapter 5 of the GDPR by entering into the Standard Contractual Clauses.
While both the DPF and Standard Contractual Clauses are currently valid lawful data transfer mechanisms under EU law – Defiant has chosen to use the Standard Contractual Clauses under Article 46. Given that the predecessor of the DPF, the Privacy Shield, was invalidated in July of 2020 and the DPF is currently being contested on similar grounds to the Privacy Shield, Defiant has selected the Standard Contractual Clauses as a lawful method of data transfer more likely to remain valid in the future.
11:54 am
Thanks for the answer, Mark. I’ve replied over on the WordPress forurms. https://wordpress.org/support/topic/feature-request-enable-audit-log-without-wordfence-central/#post-18123390
10:11 am
I have three premium licenses and they were just renewed in September. So, the new rates will come in September 2025 at the same percentage increase but with the continuing discounts then?
10:12 am
Yes that's exactly right.
12:15 pm
I take it that a sale during Black Friday/Cyber Monday is unlikely, then, with the planned price increase?
12:17 pm
Hi Morgan. Wordfence has historically never done a Black Friday sale and we have no plans to. What we've worked hard at is to keep our prices as low as possible, while being the absolute best choice to secure your WordPress investment, by investing heavily in our team, infrastructure, research and innovation. We think we've done a spectacular job to that end by keeping a single Premium license (at our new pricing which launches December 5th) as low as $12.41 per month.
Regards,
Mark Maunder - Wordfence Founder & CTO
1:33 pm
Fair enough! I can't really argue with that, I just tend to be cautious making purchases right around now given BF/CM and how many folks participate in it, but I've been considering upgrading to Premium and will likely pull the trigger soon. Kudos to you and your team for all that you do.
3:34 pm
Thanks Morgan, that means a lot to us. Much appreciated. Good luck with BF! I remember when we used to line in in Colorado winter at 4am outside Best Buy. Thankfully most if it seems to be online these days!