First time here?
Find out how we want to help you as a developer, and plant trees here
Wordfence’s main selling point is that the plugin runs as an endpoint firewall and claims that this allows the plugin to offer better protection than cloud-based firewalls.
Wordfence’s website explains that the firewall leverages user information in over 85% of its firewall’s rules, whereas cloud-based firewall services do not have access to user information. In addition, the plugin uses end-to-end encryption. It operates before WordPress is opened, meaning that the firewall can block attacks before they can reach the user’s application code.
The Wordfence plugin has a forensic team devoted to actively creating new rules for the Wordfence firewall to protect its users.
Wordfence’s servers also aggregate data obtained from attacks detected in the network of sites using the plugin. This helps identify new attacks and allows Wordfence’s forensic team to update the Threat Defense Feed accordingly.
The feed is available on both free and paid plans, however although the paid feed is kept fully up to date, the feed on the free plan is delayed by 30 days.
Wordfence offers a free community version of the plugin’s security-based offering through the Plugins section of the WordPress website.
The free version offers many of the same features as the plan’s premium versions, though some critical aspects of Wordfence’s premium offerings are absent from the free version.
Extended features like the premium plan’s access to Wordfence’s support systems and country-specific blocking are excluded from the free version, as well as having access to less frequent scans through the malware Security Scanner.
Most notably, the free version does not feature access to the plugin’s Threat Defense Feed and real-time updates to the Wordfence blocklist. Instead, the free version’s blocklist is only updated periodically every 30 days.
Unfortunately, this 30-day delay also applies to the WordPress Security Scanner’s real-time malware signature updates.
The free version also does not include the plugin’s ability to check if your site has been blocklisted for malicious activity or spam by other websites.
Wordfence’s main features break down into four parts: The plugin’s WordPress Firewall, WordPress Security Scanner, the Threat Defense Feed, and Wordfence Central. WordPress Firewall is the plugin’s primary offering, serving as the advertised endpoint rule-based firewall, offering protection against malware and brute force attacks while not breaking encryption and without the chance to leak data.
The WordPress Security Scanner runs frequent scans on its customers’ websites, searching for malware, spam URLs, and more. The scanner also offers repairs for changed files and checking for vulnerabilities and closed plugins.
The Threat Defense Feed is Wordfence’s touted real-time protection service, gathering data from attacks and allowing the plugin to create new rules and block malicious attacks quickly.
The Threat Defense Feed features a team of engineers who constantly update the plugin’s blocklists and identify new attacks, allowing it to protect its users before attacks can happen. Wordfence Central offers customers a centralized database to maintain their security across multiple sites.
Wordfence’s premium options operate on a per-license, per-year basis, with premium users paying a yearly fee based on the number of licenses bought. The site’s pricing plans feature discounted rates for users to purchase multiple licenses with higher discounts for larger purchases.
The plugin’s initial offerings come in at $99.00 per year to buy a license for one site. When purchasing licenses for 2-4 sites, the plugin offers a 10% discount per site, with each license being priced at $89.10.
The value increases with each increment up to 15 or more, where customers gain a 25% discount, bringing the price per license to $74.25.
Wordfence also offers initial purchase discounts of 10% for users who purchase two years of the service and 20% for users purchasing three years of service.
The plugin also offers a separate WordPress Site Cleaning Service that comes packaged with a one-year subscription to Wordfence Premium, priced at $490.
Wordfence aims to offer its users a security system that claims to have a clear advantage over cloud-based security systems. The plugin’s main selling point is its endpoint firewall, boasting protection that can stop attacks before the malicious entities reach a user’s site.
The firewall is accompanied by a complete security system that frequently scans sites for malware and other malicious content, as well as a constantly updated IP blocklist and real-time updates to the firewall’s set of rules.
Wordfence is popular among WordPress users, receiving very positive reviews on WordPress’s user forums, and boasts a user base of over 12 million.