Wordfence is highly effective at securing your website in part because it is tightly integrated with the WordPress API. We know your visitor identity information, so we can make smart decisions about who gets access and who gets blocked. It’s very different from the way generic firewalls work.
This allows us to create powerful firewall rules and algorithms that have more data, and can therefore improve detection rates while driving false positive rates down to zero.
Over the past few years we have worked closely with our customers to improve Wordfence performance on their websites. Several recent Wordfence releases have shown spectacular gains in performance. Continuous improvement is one of our core goals with Wordfence, and so we went even further.
We have been reaching out to hosting providers to better understand their needs over the last few months. They are, after all, the platform our customers use to serve their site visitors. Our engineering team has worked with some of the largest hosting companies in the world to create radical improvements in the way Wordfence uses resources.
Today we are announcing Wordfence 6.3.14, which is the fastest and smartest Wordfence yet. I’m going to describe a few of the improvements we have made.
Smart Scan Time Distribution Across VPS Instances
Wordfence now centrally monitors scans that are running on the same server. If we see too many scans running on a single physical or virtual server, we’ll temporary defer any new scans. Once the number of concurrent scans decreases, we start the deferred scans.
This will typically only delay your scans from starting by 30 minutes or less, but it has huge benefits for you and your hosting provider. If you graph all the Wordfence scans happening on a single server, you will now see a smooth constant graph of scans instead of seeing spikes that could have harmed overall server performance.
This “smoothing algorithm” helps hosting providers better predict and manage server performance, and it helps our customers by ensuring their sites are always running on a high-performing server.
New Lightweight Scan Introduced
Parts of our scans use almost no server resources. We decided to break these items out from the main Wordfence scan into a separate scan that can be run more frequently.
The lightweight scan checks for:
- WordPress Core updates
- Outdated themes
- Outdated plugins
- Themes with known vulnerabilities
- Plugins with known vulnerabilities
The new lightweight scan runs every 24 hours on all Wordfence sites, both Premium and free.
New Scan Schedule for Free Customers
If you are using the free version of Wordfence, we’ve changed the frequency with which your full malware scan will run. Prior to this week’s release, Wordfence ran a full scan every 24 hours for free customers. We’ve changed it to run once every 72 hours.
We will continue to schedule when scans run for free users, and the scheduling now varies based on the number of scans occurring on the shared server that you are on.
Our free users will still receive the new lightweight scan every 24 hours so that they receive time critical alerts about themes, plugins and WordPress core as soon as possible.
Wordfence Premium customers continue to have the ability to schedule unlimited scans to run whenever they want each week. In other words, if you’re a Wordfence Premium customer, your existing scan schedule remains completely unchanged. In general, we recommend a maximum frequency of once every 24 hours, but of course that is up to you.
Wordfence Manual Scans Are Unchanged
For both our free and Premium customers, we have not made changes to your manual scan capabilities. You can still run a manual scan on your site as often as you would like.
The manual Wordfence scan includes all the checks it always has. In other words, it includes the checks that your full Wordfence scan has always done, along with the checks from the new lightweight scan we introduced this week.
Connecting With You
Over the years, we have found that working closely with our community and with hosting providers has yielded huge dividends when it comes to better understanding the needs and challenges that you face and how to better secure our customers. The latest Wordfence release is another great example of the results that come from that ongoing collaboration.
We would like to thank the hosting providers who worked with us to make this release a reality and the users who have provided feedback.
As always, I welcome your feedback and comments below and will be around to reply to you.