Help Documentation
Welcome to the official documentation for Wordfence.
Wordfence Free
Wordfence Free is an all-in-one security solution for WordPress websites that includes an endpoint firewall, security scanner, login security, alerts, centralized management, and more.
Wordfence Premium
Wordfence Premium comes with real-time firewall protection, real-time scan signatures, an IP address blocklist, country blocking, and Premium support.
Wordfence Care
Wordfence Care is for business owners who place a premium on their time. Our team installs, configures, optimizes, and maintains your WordPress site security.
Wordfence Response
Wordfence Response is for mission-critical WordPress websites that require 24/7/365 security monitoring with a 1-hour response time and 24-hour remediation.
Incident Response Services
Let one of our Security Analysts help you clean your infected site or inspect it for vulnerabilities.
License Key
All Wordfence installations need a license key, also known as an API-key. The key can be a free key or a Premium key.
Account and Billing History
How to navigate and use your Wordfence account.
Wordfence Central
Wordfence Central provides a powerful and efficient way to manage the security of many WordPress sites via a single interface.
Connecting your sites to Wordfence Central
Learn how to connect multiple sites to Wordfence Central.
Setting up two-factor authentication
Enabling two-factor authentication, or 2FA, is one of the most important steps you can take to prevent account compromise.
Using the Dashboard page
See a quick overview of all your sites managed in Wordfence Central.
Using the Configuration page
Manage your Wordfence plugin options for all of your sites.
Using Wordfence plugin options Templates
Create templates of Wordfence plugin options to be used on any of your sites.
Viewing scan Findings
See an overview of last scan date and any scan issues found for all of your sites. You can also launch scans for your sites from here.
Using Wordfence Central Teams
Teams are a Wordfence Central feature that lets multiple users collaborate and manage websites under a single account.
Using the Settings page
The Settings page allows you to configure alert settings for sites connected to Central, and allows you to receive alerts via Email, SMS, or Slack.
Dashboard
The Wordfence Dashboard provides insight into the current state of your site’s security.
Global Options
These allow you to update your Wordfence License, set your Alert Preferences, and other settings.
Alerts
Email alerts quickly inform you of security related events on your site.
Wordfence Web Application Firewall (WAF)
The Wordfence Web Application Firewall is a PHP based, application level firewall that filters out malicious requests to your site.
Optimizing The Firewall
The Wordfence firewall has a feature that allows the firewall to be loaded before any other code loads. This provides the highest level of protection and we refer to this as "Extended Protection". In order to get Extended Protection, you have to go through a short configuration procedure.
Statistics
The Wordfence plugin saves information about recent attacks on your site. You can view this data on the Wordfence "Dashboard" and "Firewall" pages.
Firewall Learning Mode
"Learning Mode" allows the firewall to be adjusted to your site.
Firewall Options
Change the firewall status mode, optimize the firewall and configure advanced options.
MySQLi storage engine
In Wordfence 7.4.0, an alternate data storage engine has been added to the firewall, so that sites can store firewall data in the MySQL database instead of using files in "wp-content/wflogs/".
Brute Force Protection
Brute Force Protection limits login attempts on your site.
Rate Limiting
Wordfence includes a rate limiting firewall that controls how your site content can be accessed.
Troubleshooting
How to resolve issues with the Wordfence Web Application Firewall.
Blocking
Aside from the firewall rules that protect against various attacks, Wordfence also has custom features for additional blocking.
Country Blocking
Country Blocking allows you to block access to your site from certain countries.
Blocking Troubleshooting
What to do if you locked yourself out or are experiencing unwanted blocks.
Scan
A Wordfence scan examines all files on your WordPress website looking for malicious code, backdoors, and shells that hackers have installed. It also scans for known malicious URLs and known patterns of infections.
Scan Options
Select which aspects of your site the scan should investigate, adjust scan performance and configure advanced options.
Scan Results
How to interpret results from the Wordfence Scan.
Scan Scheduling
The Wordfence Scan runs regularly on sites for users of the free version. Premium license key customers can adjust how often the scan runs.
Scan Troubleshooting
If you are having problems getting your scans to start or complete then here are instructions for some basic debugging steps.
Tools
Wordfence Tools include Live Traffic analysis, WHOIS Lookup, Import/Export Options, and Diagnostics.
Real-Time Live Traffic
Wordfence Live Traffic shows you what is happening on your site in real-time.
WHOIS Lookup
The WHOIS Lookup Service gives you a way to look up who the owner of an Internet resource is.
Import/Export
Wordfence provides a feature to import and export most of your plugin settings. Use this feature to copy settings to other sites or to backup your settings when reinstalling Wordfence.
Diagnostics
Find out your PHP version, database permissions, connectivity test results, and much more in Wordfence Diagnostics.
Legacy Two-Factor Authentication
Two-Factor Authentication allows you to add an extra layer of security to your WordPress login page.
Two-Factor Authentication
Two-Factor Authentication allows you to add an extra layer of security to your WordPress login page.
Audit Log
The Wordfence Audit Log is a premium feature that records a history of events on your site to assist in monitoring for unauthorized actions or signs of compromise. Events can include everything from user creation and editing to plugin/theme installation and updates. All data captured for relevant events is saved remotely to Wordfence Central to prevent any tampering that may interfere with post-incident analysis and response.
Login Security Options
The Login Security page currently contains settings for two-factor authentication (2FA) and reCAPTCHA. In a future Wordfence version, existing login-related features will also move to the same page.
Basic Plugin Settings
Here are our minimal recommended settings to set up once you have installed and activated our plugin.
Advanced information and configuration
If you want to know more about the technical details of Wordfence, you will find the answers in this section.
Compatibility
Some Cloudflare features may need adjustments for compatibility.
Technical Details
Details about technical aspects of how Wordfence works.
Changelog
Historical information about previous Wordfence plugin versions.
Constants
Wordfence has many options that can be set within the WordPress admin pages, but there are some additional options that are not often needed.
Remove or Reset
A full guide on how to reset or remove Wordfence from your site.
System requirements
Wordfence works on most WordPress websites. However, to make sure it works on your site you can check that it meets our minimum system requirements.
Wordfence API
Additional functions for developers to import settings or whitelist IP addresses.
Troubleshooting
Information about debugging issues with your site can be found here.
Plugin / Theme Conflicts
This is a list of plugins and themes that are currently known to us that can or do conflict with the Wordfence plugin.
Wordfence and GDPR - General Data Protection Regulation
Defiant, the company behind Wordfence, has updated its terms of use, privacy policies and software, as well as made available standard contractual clauses to meet GDPR compliance. Customers must review and agree to updated terms in order to continue using our products and services.
Sub-Processors List
Sub-Processors for Wordfence products and services
Login Security Plugin
The Wordfence Login Security plugin contains a subset of the features found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA. It is ideal for sites that need login security functionality but either can’t or don’t want to run the full Wordfence plugin.
Wordfence Intelligence
Wordfence Intelligence is an industry-leading WordPress vulnerability database and evolving Threat Intelligence platform that contains over 12,000 records for vulnerabilities in WordPress plugins, themes, and core.
V2: Accessing and Consuming the Vulnerability Data Feed
The Vulnerability Data Feed provides the most-current information about vulnerabilities impacting WordPress. This feed requires no authentication, and is publicly available for free for personal and commercial use.
V1: Accessing and Consuming the Vulnerability Data Feed
The Vulnerability Data Feed provides the most-current information about vulnerabilities impacting WordPress. This feed requires no authentication, and is publicly available for free for personal and commercial use.
Wordfence Intelligence Webhook Notifications
Stay on top of the latest WordPress vulnerabilities that are added, updated, and removed from the Wordfence Intelligence WordPress Vulnerability Database utilizing our webhook notifications. Use the Slack and Discord integration to be notified of the newest vulnerabilities in real-time as they are added to our database, or for more customization utilize the raw notifications that send you the complete vulnerability information in a JSON format.