• WordPress version (require WordPress 3.9 and above for compatibility)
  • Recommended PHP version is 5.6 or newer, and preferably PHP 7.0 or greater
  • Minimum of 64 megabytes of memory which needs to be available to PHP for you to run Wordfence. It is recommended memory for Wordfence is 128 megabytes or greater for best operation.


  • Log in to your site’s Dashboard (e.g.
  • In the left panel, click “Plugins”, then click “Add New”.
  • Search for “Wordfence Security – Firewall & Malware Scan”
  • Click the “Install Now” button.
  • Wait for the installation to finish, then click on the “Activate” button.
  • You can download the zip file from the plugin’s page ( and upload it from the Plugins >> Add New > Upload page.
  • Upon activation, the plugin will add a new menu item labeled Wordfence to your WordPress admin bar. Clicking on it will take you to the plugin’s settings dashboard.
  • There will be a popup that will appear for setup of wordfence email  where Wordfence should send you alerts:
  • If popup is not appearing, just go to wordfence >dashboard > Global Options > General Wordfence Options :
  • On View customization uncheck ‘Display Live Traffic menu item’
  • How does Wordfence get IPs: From the drop-down menu, select “Use PHP’s built in REMOTE_ADDR…”
  • Screenshot:
  • Under Scans (wordfence > scan > scan options and schedules > general options) select all options:
  • On Brute Force Protection (wordfence > all options > Firewall Options > Brute Force Protection), set the option same as on the screenshot :

Scan for Malware, spam, etc.

  • After above setup go to wordfence > scan, click start new scan button :
  • Finished scan will look like this :
  • Please be noted that results for scan  is different on every sites defending on results found
  • Check for the suggested fixed under result found:
  • Check details for each result to check the fix suggestion :