This documentation is only valid for older versions of Wordfence. If you are using Wordfence 7 or later, please visit our new documentation.

Wordfence system requirements

From Wordfence Documentation
Jump to: navigation, search

The following are the system requirements for running WordPress with Wordfence.

Wordpress version

We currently require Wordpress 3.9 and above for compatibility

Operating system

Wordfence is tested and works on Linux or other Unix type operating systems. We do not recommend using Wordfence on Windows/IIS. Though we have reports of Wordfence working on IIS and other Windows web server platforms they are not officially supported.

Please note that HHVM is currently not supported due to stability issues within HHVM. As of 2017-05-25, WordPress is not tested with HHVM. WordPress development team recommend switching to PHP 7.

PHP version

We recommend PHP version 5.6 or newer. Please note that everything prior to PHP 5.6 is currently considered old and unsupported by the developers of PHP. There are no security releases for older versions, though some hosts may have an old version of PHP with "backported" security fixes, to make the old version safe while making minimal changes to PHP itself. You can see a nice visual depiction of PHP version history here:

Aside from security concerns, newer versions generally have performance and stability improvements. Some hosts let you choose the PHP version your site uses in the site's control panel, separate from WordPress.


You require a MySQL or MariaDB database. Wordfence will work with MyISAM or the InnoDB storage engine set as your default engine. We don't specify type when creating our tables and will use your defaults. If you are having issues with corrupt tables try reinstalling using InnoDB as default instead of MyISAM as it tends to be a bit more stable.


We suggest a minimum of 64 megabytes of memory which needs to be available to PHP for you to run Wordfence. Our recommended memory for Wordfence is 128 megabytes or greater for best operation.

If you receive an error that looks like the following, you have run out of memory:

Fatal error: Out of memory (allocated 33292288) (tried to allocate 616 bytes) in... [and then some filename] 

This is not a Wordfence bug. It means that your web server does not have enough memory to run WordPress, the plugins and theme you have installed along with Wordfence. Even if you see a Wordfence file mentioned in the above out-of-memory error, remember that WordPress has stored a lot of other data belonging to other plugins, your theme and core in memory. So while the error may mention Wordfence, it's likely that Wordfence was the straw that broke the camels back.

If you do not have enough memory to run Wordfence, please log a support call with your hosting provider asking them to upgrade your memory allowance.

Checking available memory

Knowing how much memory your hosting provider has allocated you can be quite challenging. We provide a basic test tool at the bottom of the Wordfence options page which allocates 80 megabytes of memory to test if you at least have that much. However it seems that some hosting providers vary the amount of memory you have, so this might not be reliable.

You can also check your system information by clicking the link at the bottom of your Wordfence options page to view your web server and PHP environment information. On some installations there may be text titled "memory_limit" which shows your memory limit as set in your PHP.ini file. However this is not present on many modern systems and it's also unreliable because it's possible to limit memory at the web server level and also the operating system level. So instead, if you see an out of memory error, we suggest you contact your site admin or hosting provider and work with them to determine:

  1. What your memory limit is.
  2. If you can upgrade it.


Most hosting environments seem to work well with Wordfence and we have not had reports of a well configured Wordfence installation unable to do it's job due to lack of CPU resources. So you should not have to upgrade or change your CPU configuration to use Wordfence.

We see two kinds of CPU issues. In both cases a hosting provider will contact a customer and tell them that something is accessing /wp-admin/admin-ajax.php with many requests and consuming too many resources. The hosting provider will tell the customer (that's you site administrators) to slow down or face throttling. Here's how you fix either scenario:

Scanning too frequently

If you're using the free version of Wordfence, your scans will run every 24 hours and you can't control this. So if you need to reduce scan frequency, upgrade to Wordfence premium and set your site to scan once a week or something less than once per day.

Live Traffic update in your browser is causing your hosting provider to complain

In this scenario, you can reduce the update frequency of your live traffic. The default is 2 seconds. Reduce this to something like 15 seconds. More info here:

Web Server

Wordfence has been tested on and works with the following web servers or environments:

  • Apache using mod_php
  • LiteSpeed
  • Apache with Nginx in front as reverse proxy.
  • Apache with FastCGI
  • Nginx with PHP5-FPM

Please note that on Nginx the Wordfence option "Disable Code Execution for Uploads directory" does not work since it relies on .htaccess. You also need to take special action to hide the .user.ini file on Nginx. You can find information about how to do that here.

WordPress Multi-Site Compatibility

Wordfence is compatible with WordPress multi-site installations. Please note that Wordfence needs to be installed on your Network Admin plugin installation page and will appear as a menu option in the network admin area. Please do not attempt to install Wordfence for each site instance on a multi-site installation.