Web Application Firewall - Basic WordPress Protection vs. Extended Protection
When Wordfence 6.1.1 or newer is installed, you will be prompted to optimize the firewall. Optimizing the firewall changes the “Protection Level” shown on the Firewall page on the Wordfence menu.
Basic WordPress Protection
When Wordfence is first installed, Basic WordPress Protection will be active. The plugin will load as a regular plugin after WordPress has been loaded, and while it can block many malicious requests, some vulnerable plugins or WordPress itself may run vulnerable code before all plugins are loaded.
Additionally, some plugin, core, or theme files can be accessed directly, and in that case, your server will not load the firewall since WordPress plugins are not loaded.
In the optimization process, Wordfence changes the PHP configuration to allow the firewall to be loaded before WordPress or any other PHP files that may be directly accessible. Depending on your server’s configuration, this may require changes to the files .htaccess, .user.ini, or php.ini.
Wordfence prompts you to download backup copies of these files before they’re modified, in case the server is configured in a way that the changes will not work.
Once the optimization steps are complete, all PHP requests will be processed by the firewall.
If you previously dismissed the notice about optimizing the firewall, you can click the button that says “Optimize the Wordfence Firewall” on the Firewall page to complete the same process.
The firewall also has modes that determine what the firewall does. Learning Mode allows the firewall to learn what requests may be safe, that could trigger blocking if it were enabled, while Enabled and Protecting mode will block requests that may contain malicious content. You can find more information about Learning Mode here.