Here are some suggestions for new features for Defender:
- integrate a feature that checks all file permissions within WP install folder
- update/fix feature that blocks outside users from seeing readme.txt files, so that admin users can see them (i noticed that viewing some theme & plugin files appeared to not view and displayed errors/blank pages)
- introduce RECAPTCHA v1 &/or v2 for logins, comments, customer/woocommerce signups/sign-ins, and any other submission fields
As for recaptcha:
"here's the issue that happens for a lot of general folks who build their own sites. ...they know enough to make it "work", but not enough to make it "work correctly". Whereas there are lots of examples I could give, the largest example/problem that we face is, "I'm not (or they're not) receiving emails that are submitted (new user accounts/contact forms/etc) through my website."
the answer is to set up an SMTP account, but these people barely know what SMTP is.
so due to that, having 2-factor for admin/shop owners AND recaptcha for customers/commenters would solve both problems"