Protect your websites with the best WordPress security available.

Updated on: 6th Oct 2021
Wordfence is a WordPress-based plugin that offers its users enhanced security for their WordPress sites through several different forms of protection. The plugin provides endpoint protection and claims to offer better protection than similar cloud-based services.

At the time of writing, the plugin’s main website boasts that its services blocked over 12 billion malicious attacks within the last 30 days.

The service’s main offerings come in three main parts: WordPress Firewall, which runs an endpoint Web Application Firewall; WordPress Security Scanner, which scans a WordPress site’s files for malware; and Threat Defense Feed, which actively updates to provide Wordfence with new information on malicious signatures and IP addresses.  

What sets Wordfence apart

  • 1
    Application Based Firewall

    Wordfence’s main selling point is that the plugin runs as an endpoint firewall and claims that this allows the plugin to offer better protection than cloud-based firewalls.

    Wordfence’s website explains that the firewall leverages user information in over 85% of its firewall’s rules, whereas cloud-based firewall services do not have access to user information. In addition, the plugin uses end-to-end encryption. It operates before WordPress is opened, meaning that the firewall can block attacks before they can reach the user’s application code.

  • 1
    Threat Defense Feed

    The Wordfence plugin has a forensic team devoted to actively creating new rules for the Wordfence firewall to protect its users.

    Wordfence’s servers also aggregate data obtained from attacks detected in the network of sites using the plugin. This helps identify new attacks and allows Wordfence’s forensic team to update the Threat Defense Feed accordingly.

    The feed is available on both free and paid plans, however although the paid feed is kept fully up to date, the feed on the free plan is delayed by 30 days.

Free plan limitations

Wordfence offers a free community version of the plugin’s security-based offering through the Plugins section of the WordPress website.

The free version offers many of the same features as the plan’s premium versions, though some critical aspects of Wordfence’s premium offerings are absent from the free version.

Extended features like the premium plan’s access to Wordfence’s support systems and country-specific blocking are excluded from the free version, as well as having access to less frequent scans through the malware Security Scanner.

Most notably, the free version does not feature access to the plugin’s Threat Defense Feed and real-time updates to the Wordfence blocklist. Instead, the free version’s blocklist is only updated periodically every 30 days.

Unfortunately, this 30-day delay also applies to the WordPress Security Scanner’s real-time malware signature updates.

The free version also does not include the plugin’s ability to check if your site has been blocklisted for malicious activity or spam by other websites.


Sucuri Wordpress Security & Scanner

Sucuri Wordpress Security & Scanner


Sucuri WordPress Security & Scanner is a security-based plugin that promises a suite of features to allow customers to protect their WordPress sites.

The plugin is free and offers some basic protection, but the main point of it is to integrate with the Sucuri cloud based Web Application Firewall (WAF).

This differs from Wordfence in that Wordfence is an application level firewall, so running within the WordPress application, as opposed to Sucuri's cloud based WAF that would run on Sucuri's servers, and intercept traffic before it gets to your WordPress application.

Sucuri offers several different pricing plans based on both the efficiency offered and the breadth of features, starting at $199 per year per site for the plugin’s Basic package.

Wordfence has a single plan at $99/year.

iThemes Security Plugin

iThemes Security Plugin


iThemes Security Pro offers a similar suite of protective services for users who want to protect their WordPress sites. The plugin provides many of the same protective services as Wordfence, such as protection against automated brute force attacks, two-factor authentication, and more.

iThemes Security Pro also allows its users to set designated trusted devices and offers access to its “Brute Force Protections Network,” a community of websites monitoring malicious IPs and websites.

The plugin’s 2FA features integration with services like Google Authenticator and Authy and e-mail and backup codes. iThemes Security offers a limited free version, and premium plans for one website start at $80 per year.




MalCare is a security plugin that prides itself on being the only plugin with “Instant WordPress Malware Removal.”

MalCare’s scanner boasts no load on its customers’ servers and claims to fix hacked websites in less than a minute.

Although both plugins offer similar features, this focus on malware scanning and removal is what separates MalCare from Wordfence.

Wordfence on the other hand has the regularly updated Threat Defense Feed.

MalCare also features an “Emergency” service for users whose sites have already been blacklisted by Google or suspended by their host.

Wordfence has a single plan at $99/year, MalCare features several pricing plans ranging between $99 per year and $299. All plans are for a single site.

View All


Wordfence’s main features break down into four parts: The plugin’s WordPress Firewall, WordPress Security Scanner, the Threat Defense Feed, and Wordfence Central. WordPress Firewall is the plugin’s primary offering, serving as the advertised endpoint rule-based firewall, offering protection against malware and brute force attacks while not breaking encryption and without the chance to leak data.

The WordPress Security Scanner runs frequent scans on its customers’ websites, searching for malware, spam URLs, and more. The scanner also offers repairs for changed files and checking for vulnerabilities and closed plugins.

The Threat Defense Feed is Wordfence’s touted real-time protection service, gathering data from attacks and allowing the plugin to create new rules and block malicious attacks quickly.

The Threat Defense Feed features a team of engineers who constantly update the plugin’s blocklists and identify new attacks, allowing it to protect its users before attacks can happen. Wordfence Central offers customers a centralized database to maintain their security across multiple sites.


Wordfence’s premium options operate on a per-license, per-year basis, with premium users paying a yearly fee based on the number of licenses bought. The site’s pricing plans feature discounted rates for users to purchase multiple licenses with higher discounts for larger purchases.

The plugin’s initial offerings come in at $99.00 per year to buy a license for one site. When purchasing licenses for 2-4 sites, the plugin offers a 10% discount per site, with each license being priced at $89.10.

The value increases with each increment up to 15 or more, where customers gain a 25% discount, bringing the price per license to $74.25.

Wordfence also offers initial purchase discounts of 10% for users who purchase two years of the service and 20% for users purchasing three years of service.

The plugin also offers a separate WordPress Site Cleaning Service that comes packaged with a one-year subscription to Wordfence Premium, priced at $490.


Wordfence aims to offer its users a security system that claims to have a clear advantage over cloud-based security systems. The plugin’s main selling point is its endpoint firewall, boasting protection that can stop attacks before the malicious entities reach a user’s site.

The firewall is accompanied by a complete security system that frequently scans sites for malware and other malicious content, as well as a constantly updated IP blocklist and real-time updates to the firewall’s set of rules.

Wordfence is popular among WordPress users, receiving very positive reviews on WordPress’s user forums, and boasts a user base of over 12 million.