Announcing Gravityscan

Today the Wordfence team has a big announcement. We are launching, a completely free vulnerability and malware scanner. You can use Gravityscan to find out if your website has been hacked and if you have any security problems that may lead to a hack in future.

The full announcement is on the Gravityscan blog.

I would encourage you to run a scan on your website now. Whether you run WordPress, Joomla, Drupal, Magento, vBulletin or any other platform, Gravityscan performs a thorough vulnerability and malware scan on your site in just a few minutes with real-time updates as the scan progresses.

Gravityscan also works seamlessly with Wordfence and is an excellent addition to your suite of security products if you are already using Wordfence or Wordfence Premium to protect your WordPress website. You can read more about how well Gravityscan complements Wordfence on this page.

Mark Maunder – Wordfence Founder & CEO

The post Announcing Gravityscan appeared first on Wordfence.


Announcing Wordfence 6.3.0 – Exciting Improvements

This morning I’m very excited to announce the release of Wordfence 6.3.0. This is one of our bigger releases and it includes a few exciting changes to the user interface and the way Wordfence helps you secure your site.

Since 2012, Wordfence has been securing WordPress. We started with a handful of important security features. As Wordfence became successful, as the team grew and as we improved the product, the list of menus in Wordfence kept increasing.

Another side-effect of improvements in Wordfence is that the number of things you need to pay attention to also increased.

In user interface design, as with just about everything else, attention is in short supply. We are all busy with plenty of other important things to do in our day to day lives. Securing our WordPress websites is just one of our many priorities.

With the release of Wordfence 6.3.0, the team started by thinking carefully about what is most important when it comes to security. We also looked at the range of functions that Wordfence provides and how they are related to each other.

Finally, the team considered how best to communicate with our users when they have a security problem or something else important they need to know about.

Introducing the Wordfence Dashboard

The first change we’ve introduced is the new Wordfence Dashboard.

The Wordfence Dashboard appears at the top of the new menu structure on the left in your WordPress admin console. The Dashboard is a way for you to view your security posture at a glance. Some of the data the new Dashboard includes is:

  • When your last scan completed.
  • If any security problems were detected.
  • Important security notifications.
  • What security features are enabled and disabled.
  • The number of Threat Defense Feed rules you have enabled and protecting your site. These are malware signatures and firewall rules.
  • Attacks that have been blocked by Wordfence during the past day, week and month.
  • The top IP addresses we have blocked in the past day, week and month.
  • Attacks blocked over time (a chart) across the Wordfence network of sites we protect.
  • The top countries that attacks on your website are originating from.
  • Successful and failed login attempts on your WordPress site.

The Dashboard is completely new, available at the top of your WordPress menu and gives you an instant view of your WordPress site security status.

Menu Redesign

The next thing you will notice in the newest version of Wordfence is the redesign of the menu on the left side of your site.

As you can see the Dashboard is at the top of the new menu and is your “jump off” point because it provides an overview of your website security.

Scan Page Improvements

The next item is the “Scan” menu which combines Scan and Scheduling. We have also introduced a new scan “options” tab which gives you instant access to all the Wordfence options that affect your scan. You no longer need to go to the separate “options” menu to change your scan settings – it’s right where scan is.

Meet Your New Firewall Page

The new ‘Firewall’ option on the menu is one of the most exciting changes in Wordfence 6.3.0 because it consolidates all firewall related security options onto a single page which looks like this:

As you can see above, the new tabs on this page give you tabbed access to:

  • Your Web Application Firewall configuration or WAF. This is the most important firewall option available because our WAF provides the best protection available against attacks.
  • Country Blocking which allows you to selectively block countries.
  • You can view and manage Blocked IPs.
  • Advanced Blocking gives you the ability to build blocking patterns based on address ranges, browser, referring site and more.
  • Brute Force Protection which lets you prevent login and password guessing attacks.
  • Rate Limiting which gives you the ability to limit the rate at which automated crawlers access your site.

Live Traffic is Unchanged and Awesome

The Live Traffic menu option still takes you to the same live traffic page that includes advanced filtering and a real-time view of your website activity. As always, live traffic shows you attacks being blocked in real-time.

Introducing the new ‘Tools’ menu option

The Tools menu option in Wordfence is new. It combines our powerful security tools into a set of tabs that lets you easily find and access them:

As you can see we have combined the following:

  • Password Audit is now the default tab visible when you hit the ‘Tools’ page.
  • The Whois Lookup lets you get detailed information on an attacking IP address or hostname.
  • Cellphone Sign-in gives you the ability to enable and manage two-factor authentication on a per-user basis.
  • The Diagnostics page is our page for diagnosing issues with your system. It provides tools and information related to diagnostics.

The Options Page Remains Unchanged

The Wordfence ‘Options’ page at the bottom of our menu gives you the ability to manage all of your Wordfence options in one place. It is also where you install your Wordfence Premium API key if you have purchased one, in order to upgrade to Wordfence Premium.

Always Improving

Improving Wordfence is a collaborative process. I’d like to thank our user community for all the valuable feedback they’ve given us over the past months and years. Whether you have contributed in the comments on this blog, in our public forums or via a Premium support ticket, we appreciate your input.

Wordfence will continue to evolve and improve this year. We have a few exciting new features we will be announcing later this year that will help make your website even safer.

Please leave your feedback in the comments. Because this is a release announcement, I should add that we don’t recommend you post support requests in the comments below. Our support team does not check these comments. They are waiting to help you in our public support forum and in our Premium ticketing system.

Finally, a huge congratulations to all the team members involved in this release. This was a big one with many moving parts and a lot of testing. Congratulations team!

The post Announcing Wordfence 6.3.0 – Exciting Improvements appeared first on Wordfence.


Announcing a new Firewall, a Threat Defense Feed and a New Approach

This morning at 9am Pacific time we rolled out a new kind of firewall to over 1 Million active WordPress websites. The new Wordfence firewall comes with a Threat Defense Feed that updates our firewall as new threats emerge. It also continuously updates our malware scan as we discover new malware patterns through our forensic research.

If you have auto-update enabled in Wordfence, you will automatically be upgraded to 6.1.1 today which will include the new firewall and features. You can manually update by signing into your WordPress site and upgrading to Wordfence to 6.1.1 or you can download Wordfence from the official WordPress plugin repository.

I want to share with you some of the journey that we took to arrive at this day. About 9 months ago we took a long hard look at Wordfence and asked the question: “How can we do a better job of stopping hacks and detecting them early?”.

We also looked at existing firewall providers and discovered they could be doing a better job. And then we looked at our own malware scan and realized that it could benefit from a few improvements.

So we set ourselves an ambitious goal:

  • Build an excellent forensic analysis team to discover the newest malware infections and new attacks that are used to break into sites.
  • Build a new kind of firewall that stops all attacks immediately, including zero day and emerging attacks.
  • Radically improve intelligence in our scan.
  • Continually feed the data our forensic team uncovers into our firewall and scan.

We worked for 7 months on the project and about 2 months ago we thought we had finished the firewall. But then we discovered a way to radically improve our protection against SQL injection attacks. It meant building an SQL parser into Wordfence that is both extremely fast and is able to understand SQL the way a database does and determine if something is malicious or not. It was worth taking the extra time to include this important functionality and so we did exactly that.

Then a few weeks ago, once again we thought we were ready and we realized we could build protection into the firewall against privilege escalation attacks. When you run Wordfence’s firewall, it knows who your users are so the firewall is able to make decisions about what to block more intelligently. So we went ahead and built that into Wordfence 6.1.1 too.

Instead of letting the marketing team rule, we gave the engineers enough space to solve these very hard problems with innovative solutions.

During the past month we have been quietly beta testing Wordfence 6.1.1 and our beta community has been an invaluable source of feedback and bug reports. Thank you very much to everyone who kindly participated in our public beta testing. You have helped turn Wordfence 6.1.1 into a rock solid enterprise-ready WordPress protector.

We have also been running Wordfence 6.1.1 Beta on this site for longer than a month and it has worked perfectly. At times we have had over 3,000 concurrent users on the site and huge traffic spikes. Last Thursday and Friday thanks to the huge amount of press we received for our ground-breaking research into how the Panama Papers were leaked, we experienced a large sustained traffic spike and the Wordfence firewall just yawned and carried on doing a great job of serving up pages and protecting us from attacks.

It’s really cool watching your own software block hackers in real-time. Instructions on how to watch that below.

Today we are officially announcing the release of Wordfence 6.1.1 along with our Threat Defense Feed. Here are the details:

The Firewall

The Wordfence firewall is installed with 6.1.1 and you will see a new ‘Firewall’ menu option appear in your Wordfence menu. When you arrive on the firewall configuration page, Wordfence should be in Learning Mode if you just upgraded to 6.1.1. It will look like this:

Screen Shot 2016-04-11 at 4.13.56 PM


Wordfence firewall will learn for a week and then automatically switch to “Enabled and Protecting”. During this one week learning period, anything that would have been blocked will automatically be whitelisted. You can scroll to the bottom of the firewall page and see the list of whitelisted items as they grow:

Screen Shot 2016-04-11 at 4.16.35 PM

If you don’t like something that has been whitelisted during Learning Mode or think it may be a real attack, you can simply remove it once the firewall is enabled.

If you don’t want to wait a week you can speed things up by:

  • Visiting all pages and taking all actions you can think of on your site. This includes working in the WordPress admin console, submitting forms on your site and doing everything else that normally happens on your site. This will allow Wordfence to rapidly learn about your site.
  • Then enable the firewall and keep an eye on what it blocks in live traffic. Read on to understand how to view firewall activity in Live Traffic.

Changes to Live Traffic and How to see what the Firewall has blocked

Wordfence Live Traffic has been given a redesign that I can only describe as spectacular. We have added a drop-down list that lets you filter what kind of traffic you want to see:

Screen Shot 2016-04-11 at 4.29.35 PM

Simply select the option “Blocked by Firewall” to see what your firewall has blocked recently. You’ll be surprised what shows up. We have had quite a few attacks on our own site blocked by Wordfence 6.1.1.

You’ll notice that Live Traffic has an advanced filters option that lets you filter your live traffic any way you can possibly imagine.

A Threat Defense Feed through Excellent Forensic Analysis

A great firewall and great scan engine are no good without continuous updates. We started by building an excellent forensic analysis team. Every day our team goes out and analyzes hacked sites and brings that on-the-ground intelligence back into Wordfence.

Malware samples are turned into signatures used by our scan engine. New attacks are turned into firewall rules which update our firewall logic.

We unified this flow of data under a single umbrella called the Threat Defense Feed. This feed constantly updates Wordfence’s ability to block attacks and to detect infections or malicious activity.

Our premium Wordfence customers receive a real-time version of the feed. If a new threat emerges, we can update your rules within minutes. Our free customers receive a delayed version of the Threat Defense Feed.

Changing the Game on Attackers

We realized that the status quo isn’t going to cut it if we are to succeed in our mission of making the web safer and protecting our customer’s sites. Wordfence 6.1.1 isn’t just a new product with new data flowing into it. It is an organizational change for us.

We have had to build a forensic analysis team by bringing senior analysts on board with tremendous depth of experience. Those senior team members have been developing processes and training up more junior colleagues to rapidly get them up to speed.

We have also had to scale up our operations, make new capital investments in hardware, in software and in operations personnel.

We have also brought on board additional senior engineers and customer service staff. We have been hiring so quickly that we decided to turn hiring into a software problem which you would have experienced if you’ve been through one of our tests for forensic analysts. Don’t worry, you still get to talk to us humans as part of the process.

What we’ve ended up with is one of the fastest growing and best performing information security organizations in the world. It has been an incredible experience for me personally during the past 2 years, hiring people who are smarter than I am, stepping back and watching them guide our product, serve our customers and create engineering solutions that are incredibly innovative and that provide a new kind of protection that is able to defeat the new threats that we are seeing.

I’m incredibly proud of our team for creating, testing and shipping Wordfence 6.1.1. Special thanks to Matt Barry our lead developer and Matt Rusnak our QA analyst who both worked tirelessly to improve, find new ways to break and then continue to improve 6.1.1. Thanks guys, you are both legends. Thanks also to the rest of the team who contributed tremendously, you know who you are and you’re amazing!

I speak for the whole team when I say that we are proud to have your trust and to have you as a customer. We are working hard to deliver the level of engineering, research and innovation you have come to expect from Wordfence. And we look forward to a long relationship with our community and our premium customers as we continue to deliver the best available protection for your WordPress website.

Mark Maunder – Wordfence Founder & CEO – April 2016.

Update: At 11am Pacific time we release 6.1.2 which is a point release that fixes a minor issue. It fixed fatal error when using a whitelisted IPv6 range and connecting with an IPv6 address. This is an edge case and would have only affected a small number of sites.

Official Press Release available here.

Press contact: Dan Moen at

Wordfence is hiring. If you’re passionate about tracking attackers and their methods and want to join our forensic analysis team, we’d love to hear from you.

The post Announcing a new Firewall, a Threat Defense Feed and a New Approach appeared first on Wordfence.