911 Hack Removal

Security Plugin Wordfence Deactivated Automatically? How to fix it?

Updated on: August 23, 2021

Security Plugin Wordfence Deactivated Automatically? How to fix it?

A WordPress security issue that is gaining a lot of attention and has surfaced recently is the Wordfence deactivated automatically issue. In this issue, the famous WordPress security plugin Wordfence is getting deactivated/deleted automatically. The users are notified via e-mail.

Wordfence deactivation security alert
                           Email stating Wordfence security plugin deactivated

The main reason behind this attack is you have installed Jetpack plugin and it might be the door that allowed hackers to access your website using compromised credentials. If Jetpack is integrated with your WordPress website, it has the same authority as the site admin account. It is commonly installed, attackers often target this and other popular plugins to inject scripts and malware. So now the attacker has the full control, to disable or to install the plugin, no questions asked.


  • Wordfence Deactivated Automatically.
  • Wordfence Deleted Automatically.
  • Check the plugin name, if it is other than ‘Wordfence Security’ you are hacked. Example-‘Wordfence – Anti-virus, Firewall and Malware Scan. Versión 7.1.8 | By Wordfence’ or ‘wordfence’ in lowercase.
  • New user created
  • Foreign and modified files
  • Redirect links in the Admin dashboard
  • Website redirecting to dodgy pages

How to fix

It is recommended to have a strong password. Moreover, you have to enable Two Step Authentication for your WordPress login.

In the Two-step Authentication method of protecting accounts, you not only have to verify your password to log in but also your mobile device. The best part of this security is, if someone guesses or cracks your password, they need to have access to your mobile device to break into your account.

WordPress.com offers two-step authentication via a mobile device. They verify your identity by sending a code via one of a couple of methods. Once they have authenticated your device, any time you log in with your password, they will send a new code, which you need before logging in. It is a small authentication step to the login process but increases your website security and prevent unauthorized logins.

Here are the detailed steps How to set Two Step Authentication in WordPress.

By following the above steps you can prevent Wordfence getting automatically deactivated.

Our security experts have created a WordPress Security checklist to reduce the risk of malware infection.

Also, follow The secure coding practices checklist to reduce vulnerabilities.

Was this post helpful?

Tags: , , , ,

Naman Rastogi

Naman Rastogi is a Growth hacker and digital marketer at Astra security. Working actively in cybersecurity for more than a year, Naman shares the passion for spreading awareness about cybersecurity amongst netizens. He is a regular reader of anything cybersecurity which he channelizes through the Astra blog. Naman is also a jack of all trade. He is certified in market analytics, content strategy, financial markets and more while working parallelly towards his passion i.e cybersecurity. When not hustling to find newer ways to spread awareness about cybersecurity, he can be found enjoying a game of ping pong or CSGO.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany