Defender Security Plugin Now Available for Free at WordPress.org

WordPress security shouldn’t just be for those who pay the big bucks for “real” protection. Professional grade security should be easy, free and available for everyone. That’s why we’re excited to announce our Defender security plugin is now FREE to download at WordPress.org.

Get all the incredible security protection of Defender free on WordPress.org.

We know there’s a heap of worry around keeping WordPress safe, especially for new users. That’s why we wanted to give something back to the community that’s easy to set up and doesn’t require a degree in cyber security to protect your site.

So we partnered our security development experts with our design team to break down the complexities of cyber crime fighting and to create a user experience that anyone can use without mucking around with a bazillion settings.

Now everyone can get all the hardening and security tweaks they need in minutes without complex settings or expensive service fees.

Scan and Protect With Security Tweaks

Defender is the powerhouse security plugin you need and it’s as easy as activate, scan, protect your WordPress site.

So how does it work?

After you install and activate Defender, it will run a code audit and security scan and then provide you with a list of security tweaks for adding layers of protection to your site, with one-click hardening options you can run directly from the plugin.

Add professional security tweaks to your site with a click.

These hardening options include:

  • Disable trackbacks and pingbacks – safety first
  • Core and server update recommendations – stay on top of your systems
  • Change default database prefix – keep out hackers won’t find this
  • Disable file editor – if hackers get in, they won’t get far
  • Hide error reporting – don’t reveal your issues
  • Update security keys – ultimate security reset
  • Prevent information disclosure – why tell hackers what you have?
  • Prevent PHP execution – because it’s daaaangerous

Run regular code audits that compare your WordPress install with the official versions available at WordPress.org, find any suspicious changes and restore the original files with a click.

Keep the Bad Guys out With IP Lockout

This is one of my favorite features, and just like with Defender Pro, the free version of Defender makes it easy to quickly block and unblock specific locations, import a list of banned IPs and set automated timed and permanent lockouts.

Limit login attempts to stop users that are trying to guess your password. Permanently ban the IP or trigger a timed lockout after a set number of failed login attempts.

IP Lockouts let you temporarily block or permanently ban specific IP addresses.

Use the 404 limiter to detect when bots are being used to scan your site for vulnerabilities and shuts them down. These creepy crawlers will keep trying to access pages that don’t exist and when they do Defender will squash them.

Go Big With Defender Pro!

The free version of Defender is the BIG Kahuna when it comes to security. So why upgrade to pro? If you manage client sites, run a design agency, or have a few passion project websites you oversee, why not invest in a WPMU DEV membership for a small fee each month? We’ll take care of everything you need to automate, protect and optimize your websites.

Get Defender Pro secure cloud-based audit logs so you can see every change made to your site, plugin and theme code file change detection and automated scans and reports. And because you’re a WPMU DEV member you can manage all your sites from the Hub.

But that’s really just the beginning! A WPMU DEV membership includes 10GB of secure cloud storage, speed optimization, uptime monitoring, access to the academy and community forums, world-class WordPress support, and so, so, so much more.

If you need simple security use Defender, If you need more go pro with a 30 day free trial.

James Farmer
If you do give Defender a try we would love your comments, suggestions and feedback. And if you REALLY love Defender go give us 5-stars on WordPress.org!

21 Responses

  • Site Builder, Child of Zeus

    I think that is good news for non-subscribers of WPMUDEV. They now get the same as those of us that do subscribe. Personally, I would have liked to see a free watered down version so for those of us that pay the Pro version would feel we are getting more for our money. Cloud audits and Hub are not that important to me.

    Maybe add country blocking to the Pro version.

    • Hey Bob,

      The Pro version does have some other perks as well, so far:

      -Audit logging (as you mentioned)
      -Customizable security reports
      -Blacklist monitoring
      -Plugin/Theme scanning

      So it definitely has it’s benefits for our members, but we also wanted to make sure it was a more than viable security solution even in it’s free form :)

      Funny you mention country blocking because we actually have geo based IP blocking in the works right now! Little peak at what is to come: https://premium.wpmudev.org/roadmap/

      That roadmap is something we’ve just recently made a public page for so it’s still a work in progress and I’m not sure which of those features will be Pro or not yet but yeah just wanted to give a little tease :) quite a few features in the works.

      • Mr. LetsFixTheWorld

        Absolutely love the roadmap. Shame there hasn’t been an announcement of it yet. Will be subscribing to page updates with an external service. Would be better to get notices of changes to this valuable data as specifics change without our having to use less elegant methods – even RSS from the page would be welcome.

        • Chief of Keepin' it Fresh Div.

          Thanks Tony! I am glad you are diggin’ what we are working on with the Roadmap. This is brand new and we are going to announce soon. Shhhhh…don’t tell anyone ;). We have been using it internally during a testing phase and just started sharing it in the forums. We want to make sure everything is sorted before we link to it and our official push is made. Letting you all in on some of the behind the scenes stuff has been fun and I hope it helps as we strech and improve things.

          • Mr. LetsFixTheWorld

            Appreciated. Suggestions:
            – I have a utility monitoring the roadmap page once per day for updates, so I know when you’re making changes to plans, and so that I can see detail about recent changes. A “Roadmap was updated” notification in the Hub would eliminate the need for that.
            – It would be helpful for me to have a link from each plugin to it’s longer-term list of changes. If I miss a point-update and the most recent change detail, I may miss some new feature or config setting that was added. The ability to see all recent changes fixes that problem.
            – Don’t lose the last line of those roadmap lists. As with The WhiP newsletters, sometimes I feel like the regular dose of professional humour (in good measure) is worth the price of membership. ;)

    • Hey Paul,

      You can use them alongside each other as long as you don’t enable overlapping features on both.

      For example, if you’re using Login Lockout feature in Wordfence then you wouldn’t need to use it in Defender, but perhaps you like the customizable reporting functionality or blacklist monitoring in Defender? Then you can keep using those.

      So you shouldn’t have any issues with it if you just pick and choose which features you want to use from each and don’t turn on overlapping any overlapping functionality in both :)

      If you have any trouble you can always contact our support here: https://premium.wpmudev.org/live-support/

    • Mr. LetsFixTheWorld

      Dove-tailing with Tyler’s response, I’m using a separate IP Geo Block plugin to supplement what’s in Defender. https://wordpress.org/plugins/ip-geo-block/
      I’ll be looking at others and making ongoing conscious decisions about when to shift to/from Defender for specific features.

      On one hand, I don’t think Defender should strive to incorporate all possible features. When a feature is available elsewhere and complimentary to Defender, I think creating a good mix should be encourged. This reduces the burden on WPMU DEV resources to support software that’s already supported elsewhere, which is simply not a good use of resources.

      On the other hand, if another plugin doesn’t do the job well then it’s to our advantage that WPMU DEV include and support a wide variety of functionality that doesn’t leave us vulnerable in obvious areas.

      I think it’s prudent for a plugin like this to try to dance a bit on both sides:
      – Partner with other developers who are providing valuable features and recommend that those plugins be used to supplement Defender.
      – Allow a Defender user to disable specific features where there can be an overlap with other plugins.
      – Be vigilant about other up-and-coming plugins that provide valued features, and about other plugins that no longer provide the level of quality that we need.
      – Offer to contribute to other plugins to improve on FOSS, and incorporate their functionality, rather than competing head-to-head, discouraging innovation by others in this arena, and living under the self-engrandizing pretense that “doing it here” is always better than anything that can be done elsewhere.

      Sometimes being a good developer means not writing and supporting code from scratch, especially in a world full of FOSS. I hope WPMU DEV can develop a better balance in this area.

  • New Recruit

    Hey. Nice move to offer it for free.

    Constructive criticism, meaning to help: your article doesn’t clearly state how the paid version deals with plugins and themes.

    Here’s what I have in mind: OBSOLETE items that haven’t received a single update in more than a year, and REMOVED FROM REPOSITORY entries that are still present in the list of the plugins or themes of a wordpress blog.

    – In the “obsolete” case, it is perfectly possible those are items that are still fully valid and working and reliable, etcetera. But maybe they aren’t anymore. Rule of thumb: become very wary. Suggestion: if there has been no update in two full years, you can safely believe the maintainer abandoned maintenance and it cannot be relied
    anymore, so the plugin/theme ought to be removed.

    – In the “removed from repo, but still present on the blog” case, there is only one solution: remove it at once! Because there is only one rule for removing something from the repo, a reported fault that has not been adressed. Regrettably, one of the greatest flaws of the wordpress ecosystem is that a plugin/theme can become removed from the repo while the blogs where it is install will receive no notification about it and will be allowed to keep the faulty plugin/theme.

    If either paid or free versions of your promising plugins take care of that, it will bring greater value added.
    But, as things are, I can’t tell for sure.
    Maybe, make an update to offer the precision, or make it foor for thought for future updates?

    Good day everyone!

  • Mr. LetsFixTheWorld

    At the moment, here are the only benefits that I see this initiative has for us WPMU DEV clients: It serves as a marketing vehicle to bring in new members, which is good for all of us. It also exposes this security plugin to a wider variety of end-users, which means more feedback, more reports of vulnerabilities, more ideas for enhancements – and that’s definitely good for us. Aside from that, can anyone offer a comment about how this affects us?

    I recommend Defender users should show our support by writing positive reviews for the plugin and company on the new plugin page.

Comments are closed.