The Wordfence Security plugin is promoted by its developer and others with extraordinary claims about the protection it provides, up to the level of the developer making an unqualified claim that it “stops you from getting hacked”. In reality, not only could it or any plugin not provide protection against certain hacks, even with the things it should be able to protect against, testing shows that the plugin provides fairly limited protection. That is backed up by confused users of the plugin not understanding why they got hacked despite using their plugins. As well as, Wordfence’s repeated mentions on their blog, that they are providing protection only after vulnerabilities in plugins have been widely exploited, which is too late.

Our Plugin Vulnerabilities Firewall plugin has been developed to provide protection against zero-day vulnerabilities, vulnerabilities being exploited before the developers of the software being exploited know about and therefore before a secured version of the software is available. Testing has shown that it provides protection in many situations that Wordfence Security should provide protection, but still doesn’t, despite having years to have developed that capability.

In addition to providing more protection, testing has shown the plugin doesn’t introduce the same performance penalty that Wordfence Security creates on websites.