WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Wordfence Security safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Wordfence Security WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: wordfence
  • Requires PHP: 7.0+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] <= 7.2.3 [CVE-2019-9669]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 5.1.5 [CVE-2014-4932, WordPress Wordfence Plugin <= 5.1.4 - Cross Site Scripting, Wordfence <= 5.1.4 - Reflected Cross-Site Scripting, Wordfence &lt;= 5.1.4 - Cross-Site Scripting (XSS)]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 5.2.5 [CVE-2014-4664, WordPress Wordfence Security Plugin <= 5.1.3 - XSS, Wordfence Security – Firewall & Malware Scan <= 5.1.3 - Cross-Site Scripting, Wordfence &lt;= 5.2.4 - Multiple Vulnerabilities (XSS &amp; Bypasses)]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 5.2.4 [WordPress Wordfence Plugin <= 5.2.3 - Bypass]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 3.3.6 [WordPress Wordfence Security Plugin - Cross Site Scripting]
+ 29 more known vulnerabilities
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] <= 5.2.3 [WordPress Wordfence Security Plugin - Multiple Vulnerabilities]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 3.8.7 [WordPress Wordfence Plugin <= 3.8.6 - Stored XSS]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 5.2.4 [WordPress Wordfence Plugin <= 5.2.3 - Multiple Vulnerabilities]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 3.8.3 [WordPress Wordfence Plugin <= 3.8.1 - Bypass]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 5.2.5 [WordPress Wordfence Plugin <= 5.2.4 - Stored XSS]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 5.2.3 [WordPress Wordfence Plugin <= 5.2.2 - Cross Site Scripting]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 3.8.3 [WordPress Wordfence Plugin <= 3.8.1 - Stored XSS]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 3.3.7 [WordPress Wordfence Plugin <= 3.3.5 - Multiple Vulnerabilities]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 5.2.5 [WordPress Wordfence Plugin <= 5.2.4 - Unspecified Vulnerability]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 7.6.1 [CVE-2022-3144, WordPress Wordfence Security – Firewall & Malware Scan plugin <= 7.6.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability, Wordfence Security – Firewall & Malware Scan <= 7.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting, Wordfence &lt; 7.6.1 - Admin+ Stored Cross-Site Scripting]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 7.1.14 [Wordfence Security – Firewall & Malware Scan <= 7.1.13 - Reflected Cross-Site Scripting and Information Disclosure]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 6.1.7 [Wordfence Security – Firewall & Malware Scan 6.1.1 - 6.1.6 - Reflected Cross-Site Scripting]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 5.2.4 [Wordfence Security <= 5.2.3 - Stored Cross-Site Scripting via HTTP_HOST]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 5.2.4 [Wordfence <= 5.2.3 - Multiple Protection Mechanism Bypasses]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 5.2.4 [Wordfence <= 5.2.3 - Stored Cross-Site Scripting via REQUEST_URI]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 5.2.3 [Wordfence <= 5.2.2 - Stored Cross-Site Scripting]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 3.8.3 [Wordfence Security <= 3.8.1 - Stored Cross-Site Scripting]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 3.3.7 [Wordfence < 3.3.7 - Reflected Cross-Site Scripting]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 3.3.7 [Wordfence Security - Firewall & Malware Scan <= 3.3.6 - Stored Cross-Site Scripting]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 7.1.14 [Wordfence &lt;= 7.1.12 - Username Enumeration Prevention Bypass]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 5.2.3 [Wordfence 5.2.2 - XSS in Referer Header]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 5.2.4 [Wordfence 5.2.3 - Multiple Vulnerabilities]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 5.2.4 [Wordfence 5.2.3 - Banned IP Functionality Bypass]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 5.2.5 [Wordfence 5.2.4 - IPTraf.php URI Request Stored XSS]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 5.2.5 [Wordfence 5.2.4 - Unspecified Issue]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 3.3.7 [Wordfence 3.3.5 - XSS &amp; IAA]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 3.8.3 [Wordfence 3.8.1 - wp-admin/admin.php whois Parameter Stored XSS]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 3.8.3 [Wordfence 3.8.1 - Password Creation Restriction Bypass]
  • Wordfence Security &#8211; Firewall, Malware Scan, and Login Security [wordfence] < 3.8.7 [Wordfence 3.8.6 - lib/IPTraf.php User-Agent Header Stored XSS]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.