SOURCE: Wordfence


April 09, 2015 11:01 ET

Wordfence Releases First Supercomputer-Powered WordPress Plugin to Simulate Password Attacks

Powerful New Security Auditing Tool Allows Users to Quickly Test the Strength of WordPress and Other Passwords by Employing a Supercomputing Cluster in a Simulated Attack

SEATTLE, WA--(Marketwired - Apr 9, 2015) - Wordfence, which makes the Web's most popular security plugin for WordPress, today announced the industry's first Password Auditing Tool for WordPress. Included in the premium version of Wordfence, the new feature is designed to simulate a brute force attack and allows WordPress publishers and admins to quickly verify the strength of user and admin-level passwords. It uses what is commonly known as a cracking cluster (i.e., supercomputer) to assess password strength and then offers remediation options and other features to ensure improved site security. 

Download Wordfence Premium and put the Password Auditing Tool to the test.

WordPress sites account for nearly 24 percent of all websites worldwidei. But unfortunately, in 2014 WordPress and its plugins had three times as many bugs reported than the next highest content management system (CMS).ii Cyber criminals have noticed, and this has resulted in WordPress now being the most attacked CMS platform in the world.iii As a matter of fact, the Wordfence plugin alone stops on average more than 23 million attacks every day. By providing WordPress site administrators with a way to ensure their users have strong passwords, Wordfence is providing another layer of defense.

"Hackers today have access to a tremendous amount of processing power in the form of off-the-shelf computing hardware from vendors like Nvidia and AMD. This hardware excels at parallel data processing and reduces the time needed to crack a password by orders of magnitude," said Mark Maunder, co-founder at Wordfence. "To help ensure our customers and the WordPress community are using the strongest passwords possible, we've created our own powerful cracking cluster with more than 40 Teraflops of processing power so users can quickly evaluate existing password strength and more effectively secure their sites."

The tool makes it quick and simple to verify password efficacy for organizations. Using the latest Premium version of Wordfence (5.3.11), log in to your WordPress site and submit a list of user or admin password accounts for audit by clicking the "Password Audit" menu option. Once the audit is complete, an email notification is sent. The user can then view a report that shows the accounts with weak passwords. At no time does Wordfence reveal the actual cracked password. Finally, Wordfence provides recommendations for password remediation. Once the user has updated the weak passwords, they can immediately re-audit to validate security. 

"The secret to this service is the powerful cracking cluster we've created. It combines off-the-shelf hardware with custom built enterprise-grade data center equipment that allows us to quickly process and securely handle this sensitive information," Maunder said. "Not only is a brute force attack simulated, but we also work against a list of more than 260 million passwords that has been distributed amongst the hacker community. As more attacks occur it becomes increasingly important for users and administrators to maintain strong passwords -- and the Wordfence simulation improves as they incorporate this new data."

Wordfence currently has more than 700,000 active users. Its security plugin comes in a Free and Premium version. The solution starts by scanning a website to see if it's already infected. This includes a deep server-side scan of source code, comparing it to the official WordPress repository for core, themes and plugins. Once complete and clean, Wordfence applies its protection to the site by constantly blocking malicious activity and scanning the site for infections, giving the administrator the ability to repair their site if a problem is found. The Premium version includes additional features and tools such as Premium Support, country blocking, enhanced scan capabilities, cellphone sign-on, and now adds Password Auditing to this range of powerful features.

For complete information on the product, click here. To download the Free version, click here. To go Premium, click here.

About Wordfence
Wordfence is the leading WordPress security plugin designed to protect websites from today's most advanced cyber threats. With more than 5.1 million downloads worldwide, it delivers complete firewall and Anti-Virus protection with two-factor authentication, and incorporates firewall machine learning functionality and hacker recovery tools. Simple to install and manage, Wordfence is available in a Free or Premium version and can be downloaded here. Wordfence is a service of Feedjit, Inc., a Delaware company, and is headquartered in Seattle, Wash. To learn more visit

For additional information, promotions and updates, follow Wordfence on Twitter @wordfence or on the company blog.

Wordfence is a registered trademark of Feedjit, Inc. All other marks are property of their respective owners.

i, Usage Statistics and Market Share of WordPress Websites

ii National Vulnerability Database,

iii eWeek, WordPress to Remain Most Attacked Platform, Research Says, March 2015

Contact Information