Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence · by mmaunder · wordpress.org ↗ · SVN ↗

Active installs: 5M+
Current version: 8.2.0
Added: 2012-04-21
Last updated: 2026-04-29 (23d ago)
First seen by beacon: 1mo ago
Total downloads: 410,596,196

Alerts (0)

No open alerts.

Show 2 resolved alerts

High code_scan_match Resolved · fp:overgeneric_ioc 2026-05-02 22:49:08 (19d ago)

Slug wordfence

Finding count 37

Findings

Pattern	Kind	File	Line	Snippet	Confidence
`base64_decode`	`builtin`	`lib/wfActivityReport.php`	592	`$paramKey = base64_decode($actionData['paramKey']);`	`medium`
`base64_decode`	`builtin`	`lib/wfActivityReport.php`	593	`$paramValue = base64_decode($actionData['paramValue']);`	`medium`
`base64_decode`	`builtin`	`lib/wfUtils.php`	3,791	`$intermediate = base64_decode($intermediate);`	`medium`
`base64_decode`	`builtin`	`lib/wfJWT.php`	21	`$decodedHeader = base64_decode($header);`	`medium`
`base64_decode`	`builtin`	`lib/wfJWT.php`	32	`$decodedBody = base64_decode($body);`	`medium`
`base64_decode`	`builtin`	`lib/wfJWT.php`	91	`$decodedHeader = base64_decode($header);`	`medium`
`base64_decode`	`builtin`	`lib/wfJWT.php`	107	`$decodedBody = base64_decode($body);`	`medium`
`base64_decode`	`builtin`	`lib/wfJWT.php`	179	`return base64_decode(strtr($data, '-_', '+/'));`	`medium`
`base64_decode`	`builtin`	`lib/wordfenceURLHoover.php`	604	`$skipList = new wfBinaryList(base64_decode(wfConfig::get('wfsbskip', '')));`	`medium`
`base64_decode`	`builtin`	`lib/wfLog.php`	1,356	`$actionData[$key] = base64_decode($actionData[$key]);`	`medium`
`base64_decode`	`builtin`	`lib/wordfenceClass.php`	1,182	`$iwpRequest = json_decode(trim(base64_decode($iwpRequestDataArray[1])), true);`	`medium`
`base64_decode`	`builtin`	`lib/wordfenceClass.php`	7,588	$waf->whitelistRuleForParam(base64_decode($_POST['path']), base64_decode($_POST['paramKey']),	`medium`
`base64_decode`	`builtin`	`lib/wordfenceClass.php`	8,116	`$paramKey = base64_decode($actionData['paramKey']);`	`medium`
`base64_decode`	`builtin`	`lib/wordfenceClass.php`	8,117	`$paramValue = base64_decode($actionData['paramValue']);`	`medium`
`base64_decode`	`builtin`	`lib/wordfenceClass.php`	8,356	`$value['path'] = base64_decode($path);`	`medium`

Triage note 2026 05 03 wordfence: 37 base64_decode hits, all in legitimate JWT decode (lib/wfJWT.php), activity-report parameters, URL hoover skip-list. Standard security-plugin internals.

View raw JSON

{
    "slug": "wordfence",
    "finding_count": 37,
    "findings": [
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/wfActivityReport.php",
            "line": 592,
            "snippet": "$paramKey = base64_decode($actionData['paramKey']);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/wfActivityReport.php",
            "line": 593,
            "snippet": "$paramValue = base64_decode($actionData['paramValue']);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/wfUtils.php",
            "line": 3791,
            "snippet": "$intermediate = base64_decode($intermediate);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/wfJWT.php",
            "line": 21,
            "snippet": "$decodedHeader = base64_decode($header);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/wfJWT.php",
            "line": 32,
            "snippet": "$decodedBody = base64_decode($body);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/wfJWT.php",
            "line": 91,
            "snippet": "$decodedHeader = base64_decode($header);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/wfJWT.php",
            "line": 107,
            "snippet": "$decodedBody = base64_decode($body);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/wfJWT.php",
            "line": 179,
            "snippet": "return base64_decode(strtr($data, '-_', '+/'));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/wordfenceURLHoover.php",
            "line": 604,
            "snippet": "$skipList = new wfBinaryList(base64_decode(wfConfig::get('wfsbskip', '')));",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/wfLog.php",
            "line": 1356,
            "snippet": "$actionData[$key] = base64_decode($actionData[$key]);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/wordfenceClass.php",
            "line": 1182,
            "snippet": "$iwpRequest = json_decode(trim(base64_decode($iwpRequestDataArray[1])), true);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/wordfenceClass.php",
            "line": 7588,
            "snippet": "$waf->whitelistRuleForParam(base64_decode($_POST['path']), base64_decode($_POST['paramKey']),",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/wordfenceClass.php",
            "line": 8116,
            "snippet": "$paramKey = base64_decode($actionData['paramKey']);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/wordfenceClass.php",
            "line": 8117,
            "snippet": "$paramValue = base64_decode($actionData['paramValue']);",
            "confidence": "medium"
        },
        {
            "pattern": "base64_decode",
            "kind": "builtin",
            "file": "lib/wordfenceClass.php",
            "line": 8356,
            "snippet": "$value['path'] = base64_decode($path);",
            "confidence": "medium"
        }
    ],
    "triage_note_2026_05_03": "wordfence: 37 base64_decode hits, all in legitimate JWT decode (lib/wfJWT.php), activity-report parameters, URL hoover skip-list. Standard security-plugin internals."
}

High committer_younger_than_plugin Resolved · benign_company_employee 2026-04-27 10:32:30 (25d ago)

Slug	wordfence
Committer slug	`wfmatt`
Committer display name	`wfmatt`
Committer employer	—
Committer member since	2014-12-21
Committer first commit	2014-12-22 03:10:09
Committer commit count	28
Plugin listed author	`mmaunder`
Earliest plugin commit	2011-09-04 10:09:14
Plugin age at join days	1,204
Committer age at join days	1
Active installs	5,000,000

View raw JSON

{
    "slug": "wordfence",
    "committer_slug": "wfmatt",
    "committer_display_name": "wfmatt",
    "committer_employer": null,
    "committer_member_since": "2014-12-21",
    "committer_first_commit": "2014-12-22 03:10:09",
    "committer_commit_count": 28,
    "plugin_listed_author": "mmaunder",
    "earliest_plugin_commit": "2011-09-04 10:09:14",
    "plugin_age_at_join_days": 1204,
    "committer_age_at_join_days": 1,
    "active_installs": 5000000
}

SVN committers (5)

Accounts with actual commit access to wordfence on plugins.svn.wordpress.org, reconstructed from svn log. This is the list that matters for ownership changes — not the readme contributors.

Committer	Member since	Commits	First commit	Latest commit
Mark Maunder	2011-05-13	179	2012-04-21 · r534556	2015-06-08 · r1177050
wfalexk	2021-01-14	52	2021-05-10 · r2529162	2025-08-25 · r3349902
wfmatt Young account	2014-12-21	28	2014-12-22 · r1051226	2023-01-27 · r2856048
plugin-master	2007-03-09	1	2011-09-04 · r433177	2011-09-04 · r433177
wfryan	2016-04-13	1	2016-10-11 · r1512898	2026-04-29 · r3518605

Readme contributors (4)

Names the plugin's readme declares as contributors. A soft signal — anyone can be listed. The SVN access column is the ground-truth cross-reference: does this contributor actually commit code?

Contributor	Member since	SVN access	Status
Mark Maunder	2011-05-13	179 commits	Active
wfmatt	2014-12-21	28 commits	Active
wfryan	2016-04-13	1 commits	Active
WFMattR	2015-07-14	—	Active

Versions (100 most recent)

Version	Released	Download
8.2.0	2026-04-29 · 23d ago	zip
8.1.4	2025-12-20 · 5mo ago	zip
8.1.3	2025-12-03 · 5mo ago	zip
8.1.2	2025-11-12 · 6mo ago	zip
8.1.1	2025-11-05 · 6mo ago	zip
8.1.0	2025-08-25 · 9mo ago	zip
8.0.5	2025-04-08 · 1y ago	zip
8.0.4	2025-03-19 · 1y ago	zip
8.0.3	2025-01-15 · 1y ago	zip
8.0.2	2025-01-02 · 1y ago	zip
8.0.1	2024-11-14 · 1y ago	zip
8.0.0	2024-11-04 · 1y ago	zip
7.11.7	2024-07-29 · 1y ago	zip
7.11.6	2024-07-11 · 1y ago	zip
7.11.5	2024-04-03 · 2y ago	zip
7.11.4	2024-03-21 · 2y ago	zip
7.11.3	2024-02-15 · 2y ago	zip
7.11.2	2024-02-14 · 2y ago	zip
7.11.1	2024-01-02 · 2y ago	zip
7.11.0	2023-11-28 · 2y ago	zip
7.10.7	2023-11-06 · 2y ago	zip
7.10.6	2023-10-31 · 2y ago	zip
7.10.5	2023-10-23 · 2y ago	zip
7.10.4	2023-09-25 · 2y ago	zip
7.10.3	2023-07-31 · 2y ago	zip
7.10.2	2023-07-17 · 2y ago	zip
7.10.1	2023-07-12 · 2y ago	zip
7.10.0	2023-06-21 · 2y ago	zip
7.9.3	2023-05-31 · 2y ago	zip
7.9.2	2023-03-27 · 3y ago	zip
7.9.1	2023-03-01 · 3y ago	zip
7.9.0	2023-02-14 · 3y ago	zip
7.8.2	2023-01-27 · 3y ago	zip
7.8.1	2022-12-13 · 3y ago	zip
7.8.0	2022-11-28 · 3y ago	zip
7.7.1	2022-10-26 · 3y ago	zip
7.7.0	2022-10-03 · 3y ago	zip
7.6.2	2022-09-19 · 3y ago	zip
7.6.1	2022-09-06 · 3y ago	zip
7.6.0	2022-07-28 · 3y ago	zip
7.5.11	2022-06-14 · 3y ago	zip
7.5.10	2022-05-17 · 4y ago	zip
7.5.9	2022-03-22 · 4y ago	zip
7.5.8	2022-02-01 · 4y ago	zip
7.5.7	2022-01-19 · 4y ago	zip
7.5.6	2021-10-18 · 4y ago	zip
7.5.5	2021-08-16 · 4y ago	zip
7.5.4	2021-07-15 · 4y ago	zip
7.5.3	2021-05-10 · 5y ago	zip
7.5.2	2021-03-24 · 5y ago	zip
7.5.1	2021-03-24 · 5y ago	zip
7.5.0	2021-03-24 · 5y ago	zip
7.4.14	2021-03-03 · 5y ago	zip
7.4.12	2020-10-21 · 5y ago	zip
7.4.11	2020-08-27 · 5y ago	zip
7.4.10	2020-08-05 · 5y ago	zip
7.4.9	2020-07-08 · 5y ago	zip
7.4.8	2020-06-16 · 5y ago	zip
7.4.7	2020-04-23 · 6y ago	zip
7.4.6	2020-03-27 · 6y ago	zip
7.4.5	2020-01-16 · 6y ago	zip
7.4.4	2020-01-14 · 6y ago	zip
7.4.3	2020-01-13 · 6y ago	zip
7.4.2	2019-12-03 · 6y ago	zip
7.4.1	2019-11-06 · 6y ago	zip
7.4.0	2019-08-22 · 6y ago	zip
7.3.6	2019-07-31 · 6y ago	zip
7.3.5	2019-07-16 · 6y ago	zip
7.3.4	2019-06-17 · 6y ago	zip
7.3.3	2019-06-11 · 6y ago	zip
7.3.2	2019-05-16 · 7y ago	zip
7.3.1	2019-05-14 · 7y ago	zip
7.2.5	2019-04-18 · 7y ago	zip
7.2.4	2019-03-26 · 7y ago	zip
7.2.3	2019-02-28 · 7y ago	zip
7.2.2	2019-02-14 · 7y ago	zip
7.2.1	2019-02-05 · 7y ago	zip
7.1.20	2019-01-08 · 7y ago	zip
7.1.19	2019-01-08 · 7y ago	zip
7.1.18	2018-12-04 · 7y ago	zip
7.1.17	2018-11-06 · 7y ago	zip
7.1.16	2018-10-16 · 7y ago	zip
7.1.15	2018-10-01 · 7y ago	zip
7.1.14	2018-10-01 · 7y ago	zip
7.1.12	2018-09-12 · 7y ago	zip
7.1.11	2018-08-21 · 7y ago	zip
7.1.10	2018-07-31 · 7y ago	zip
7.1.9	2018-07-12 · 7y ago	zip
7.1.8	2018-06-26 · 7y ago	zip
7.1.7	2018-06-05 · 7y ago	zip
7.1.6	2018-05-22 · 8y ago	zip
7.1.5	2018-05-22 · 8y ago	zip
7.1.4	2018-05-02 · 8y ago	zip
7.1.3	2018-04-18 · 8y ago	zip
7.1.2	2018-04-04 · 8y ago	zip
7.1.1	2018-03-20 · 8y ago	zip
7.1.0	2018-03-01 · 8y ago	zip
7.0.5	2018-02-14 · 8y ago	zip
7.0.4	2018-02-12 · 8y ago	zip
7.0.3	2018-02-12 · 8y ago	zip