Scans and reports are awesome, but who do you call to lay the smack-down on hackers?
Defender not only makes suggestions, he’ll give you action steps and stand guard giving you a stronger site.
Block the Bad Guys With Defender
Brute Force Lockout
Limit login attempts to block attackers trying to guess your password.
File Change Detection
Scan plugins, themes and WordPress core files for changes to the code.
Use 404 detection to stop bots that are scanning for vulnerabilities.
Keep detailed logs of every user action from file modifications to settings changes.
Never be left in the dark with customized reports and automate email notifications.
Trigger timed or permanent site bans with both manual and automatic IP controls.
Security Key Updater
Add another layer of protection by changing security keys on a schedule.
Keep an eye on your site with regular automated scans and reporting.
Checks safe web services and warns you if your site has been flagged as unsafe.
Use 2-factor authentication to protect your site with both a password and a phone.
Remember Me Checked
Set how long the “Remember me” option will keep users logged in to your site.
Make exceptions to lockout rules and prevent administrators from losing access.
Add effective security measures with recommendations and one-click hardening.
Hub Security Manager
Monitor security issues, updates and backups for all your sites from the Hub.
Defender includes 10GB of cloud storage and automated Snapshot backups.
Pro Security Tweaks
Security isn’t one-size-fits-all, so Defender will analyze your site, make suggestions for security tweaks and provide easy activation for the most effective layered security measures used by the pros.
Defender is the professional security upgrade you’ve been looking for.
Theme & Plugin Code Checker
Defender also checks for known issues with themes and plugins you have installed and scans for suspicious behavior in your system files.
Now you can remove the weak points in your system before hackers can get to them.
Let Defender Do The Crime Fighting
Defender scans the dark alleys of your site to find suspicious code in WordPress and alerts you when something doesn’t look right.
If a core file is corrupt Defender brings order. Restore files to their original state with a click.
Tired of mysterious breakages or inexplicable slowness on your site? With Defender keeping watch, you’ll know the cause – every time.
Defender keeps detailed logs of comments, posts, login attempts, plugin installs, and well, pretty much everything.
Defender checks safe web services and warns you if your site has been flagged as unsafe.
Be the first to know if your domain is blacklisted so you can act fast and reinstate your site – before you lose visitors or break trust.
Brute force attacks are no match for Defender’s IP Lockout system. Trigger timed or permanent site bans for repeated 404s or failed login attempts.
Protect your site with both manual and automatic IP ban and whitelist control.
Login Screen Masking
Make it harder for bots to find your login screen with a unique slug. Say goodbye to the default login URL.
As an added bonus, moving your login screen lets you further whitelabel your client sites!
“Warning: I Sense a Disturbance”
Customize your alert settings. Send security updates, lockout notification emails, scheduled reports and audit logs to a team of admins and users.
Use regular security reports and alerts to help keep your site running fast and safe.
Cloud Backups with Snapshot
Security and automated cloud backups – it’s the ultimate Super Duo. Activate Snapshot and you’ll never need to worry about a hack again.
Just restore to a clean install while you patch vulnerabilities.
Protect All Your Sites With Defender
Meet WP Defender
Congratulations! You’re about to lock down your site, keeping your content and your users safe from common threats.
Get setup instructions below or check out our comprehensive Defender feature walkthrough in the documentation library.
Configure Your Defense Network
Visit your WP Admin dashboard, and find Defender in your Admin Menu. Start on the first tab, your Defender Dashboard. The Defender mascot is ready to show you how everything works.
And beneath that you’ll see quick stats for all of the awesome security features. So let’s jump right in and get started!
First up is Hardening.
The first hardening check has already been run as soon as you activated the plugin. Clicking “View List” will take you to the full results screen.
Below this overview, you’ll see a detailed list of all the items that need your attention, and those that are already resolved.
Each of the items under Action Needed can be expanded to see a detailed explanation of the issue, as well as a simple process for resolving the issues reported. Here’s a detailed look at the first item in the Action Needed list, “Disable the file editor.”
To resolve the file editor issue, you can simply click “Disable File Editor”. Every issue you might encounter will be as simple, if not more so, as this step to resolve, most only require the user to click a button.
Each of our recommendations and solutions will put an additional layer of protection between your site and those who might wish to harm it or your users.
WP Defender can also scan your site for malicious files and code, and report any suspicious files to you.
Back on the main Dashboard area you first saw, you will see this Security Scan section the first time you use the plugin. Click “Scan My Website” to get started.
You’ll then be taken to the Scan section of Defender where you will be able to watch the progress of your scan. After your first scan is complete, you will then be able to view the results from here; and clicking “Configure” will take you to the Settings section (discussed later in this guide).
To the right of each reported issue, you’ll see 3 small icons. From left to right, these options are:
– Resolve Issue
– False Alarm? Ignore it
– Delete this File
If you are unsure about what the file is, click the first option – Resolve Issue – and a popup will appear with a proposed solution.
The php_errorlog in this example is not a malicious file, so I’m able to ignore this one.
Return to the Dashboard for Defender, and you will find this section right below “Hardening”. This feature will scan Google’s blacklisted sites for your site’s URL and notify you if your site has been removed from Google’s index.
Just click “Activate Blacklist Monitoring” to enable this feature.
If you ever need to disable this feature, you can click the orange switch on the top right of this block to do so.
Right below Blacklist Monitoring, you’ll find a section for “Setup Automatic Scans”. Setting up automated scans is very simple, just enter the frequency, date, and time, and then click “Activate”.
Once activated, you can then update the schedule for your automated scans from this same section. Just change the date, frequency, or time and then select “Update”. Or to disable the scans entirely, click the small orange switch in the top right corner of this section.
You’ll find more on configuring the settings for your Security Scans & Automatic Scans in the Settings section of this guide.
To the right of Blacklist Monitoring and Automatic Scans, you’ll find the Audit Logging section.
Select “Enable Audit Logging” to get started.
And then let’s click on “Configure” to check out the Audit Logging section.
The top section is where you’re able to search for a specific user’s activity, filter by date range, and show/hide what events you are interested in seeing. Immediately beneath that, is where your Audit Log results will appear.
Since I just enabled Audit Logging on this site, there weren’t any results to view yet. But below is an example of what you may see when you go to check your Log.
From this screenshot, you can see that I was busy uploading PNG files to the media library. You’re able to see the exact file name & save location, the date of the action, the type of file, the IP address where the action was performed from, and finally who performed the action – if they were logged in.
Pretty nifty, ya? I think so! :)
Back on the Defender Dashboard, we can now configure the last feature – IP Lockouts.
Here you’ll be able to view the quick stats on any IP Lockouts that occur this week. Since we haven’t activated this feature yet, there isn’t much to see. So click “Configure” in the top right, and let’s get started.
After selecting “Configure” you’ll be taken to the IP Lockouts section. There are a lot of different options here, so we’ll go through them one by one so you can get the most out of this feature.
The first option we want to configure is Login Protection. Click the pretty blue “Enable” button to begin, as shown in the previous screenshot.
Now you can configure the following settings:
Lockout threshold – define the number of failed attempts within a certain period of time that will trigger a lockout. The default setting is 5 failed attempts, within 300 seconds.
Lockout time – how long the lockout will last for, once triggered. You can also opt to permanently ban anyone that’s been locked for failed logins.
Lockout message – choose the message that will be displayed after a user has been locked out. You can also preview how the message will appear on your site by clicking the blue “here” link.
Ban admin user logins – here you can opt to automatically ban any IPs that attempt to log into your site using the “Admin” username. Which is usually the first thing that hackers will try when attempting to access your site. It’s also a good idea to make sure the username for your administrator account is something unique; details on that (plus other tips) can be found on our blog here.
If you make any changes to this section, be sure to hit “Update Settings” before proceeding to the next section.
Next up is 404 Detection. This feature allows you ban IP addresses that repeatedly try to access pages that do not exist. Click the blue “Enable” button to begin.
Lockout Threshold – just like with Login Protection, you can adjust how many events within a certain period of time will trigger a lockout. In this example, if a single IP address receives 20 404 errors within 300 seconds, then their IP will be temporarily locked out from your site.
Lockout Time – here you can indicate how long you would like the lockout to last for. And you can even permanently ban IP address that trigger your 404 lockout.
Lockout Message – in this section you can customize the message that will appear to your site visitors when they’ve been locked out after triggering a 404 Detection lockout.
Whitelist – in this section you can define any files or pages that you know are commonly searched for, but missing from your website. This will prevent your actual members from being locked out during their usual browsing.
Ignore File Types – similar to the above section, you can define specific file types that you would like to be excluded from triggering a 404 Lockout.
Exclusions – this section is where you can choose whether or not to monitor the 404s that come from logged in users. If you would like these interactions monitored (and for the 404 Lockout rules to apply), then leave the box checked. If you would like to disable the monitoring of these interactions, then simply uncheck the box.
And finally, if you’ve made any changes at all to anything under the 404 Detection tab, be sure to click “Update Settings” before navigating to a new page.
From here, Defender allows you to permanently ban persistent troublemakers via IP their IP address. The IP addresses will remain banned until you manually choose to remove them from the list.
Blacklist – pretty self explanatory what goes here. Just list any IP addresses that you would like to have banned. One IP address per line in IPv4 format. You can also ban IP ranges in the format of xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx
Lockout Message – another opportunity to craft a custom lockout message to let those ne’er do wells know you’re onto them. This one is of course for those that you’ve personally banned by adding to the Blacklist above.
Whitelist – and what would a good security service be without a Whitelist to protect the innocent? :) Here you can add any domains that you would like to make sure are never locked out of your site. The accepted format is the same as for the Blacklist: One IP address per line in IPv4 format. You can also ban IP ranges in the format of xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx
Import & Export – these features are really nifty! If you ever need move your Blacklist & Whitelist to another website, instead of manually copy+pasting all those IP addresses, you can simply Export a CSV file with the complete record. Then all you need to do is Import the CSV file into Defender on your new site. How cool is that?
Under Logs you can view all Lockouts that have occurred within the past 30 days. You’ll be able to view the reason for the Lockout, the IP address that was locked out, and the date.
In my example above no Lockouts have occurred since this is a brand new site. But let’s take a look at an example from a live website that has had some activity this past week.
In this example, you can see that 351 events have been recorded in the past 30 days.
In the top right hand corner I can choose whether I’d like to view all of the results, or filter by a specific Lockout type or event. I can also go through the pages and review all of the events in the log.
For each event you will be able to see what type of event it was (indicated by the small colored box on the left), the reason the event occurred, the IP address that triggered the event, and the date the event occurred.
To the right of each event you will also see two blue links – Ban & Whitelist. By clicking either of these links, you can automatically add the IP address to the respective list (Blacklist or Whitelist).
The section is also pretty self explanatory. Here is where you are able to enable the email notifications you’d receive when a Lockout occurs.
You can also add additional email recipients if you would like someone other than the site admin to be notified. This is great if you have a team of folks helping you to manage your site that you would like to keep in the loop.
And of course click “Update Settings” if you make any changes.
Now let’s move onto the Reporting section.
Like the Notifications section, you can choose whether or not you’d like to receive a regular report regarding all of the events that have been recorded in your Logs.
You can decide the frequency, the day of the week, and the time of day you’ll receive these reports.
And beneath “Time of Day” you will also see when the next scheduled report is to be sent.
You can also add additional email recipients to the list if you need other team members to receive these reports.
Don’t forget to “Update Settings” if you made changes!
And finally, last but not least, “Settings”. You can find this section on the bottom left of your wp-admin area, underneath “Defender”. This section is where you are able to configure your Automated Scans, as well as customize the reports you’ll receive once a scan is complete. (Refer to earlier in this guide for information regarding Automated Scans)
Scan Types – toggle the switch to disable or enable specific portions of the security scans. We of course recommend leaving all of these enabled.
Max Included File Size (MB) – you can have Defender automatically skip large files. This will help Defender scan your site faster too. Just indicate how many megabytes the largest file should be that will be scanned. In this example, all files over 10MB will not be scanned by Defender.
Enable All Email Reports – here you can opt to receive email notifications even when everything is running perfectly. Defender of course will notify you whenever something is wrong, according to the settings you configured in earlier sections.
Email Recipients – Here, you’ll be able to add users who’ll be notified when the site fails or passes a security scan.
Email Templates – At the bottom of the page, you can customize the text of the pass/fail emails. We’ve included a handful of macros to easily insert custom information.
Notes and Info
If enabling WP Defender’s “Prevent PHP execution” option breaks down WP Chat, go to “Chat -> Settings common -> Poll Intervals” page and change value for “Select Polling Source Type” option from “Plugin AJAX” to “WordPress AJAX”.
As always, if you have any questions or need any help at all getting WP Defender set up to protect your site, we’ve always got a light on for you in our support forums.
Get peace-of-mind with a more secure site.
- Analyze site security
- Security tweak recommendations
- Resolve issues with a click
- Manual and automatic IP lockout system
- Scan core files for changes
- 2-Factor Authentification
- Plugin and theme vulnerability scans
- Schedule regular scans
- Repair and restore changed files
- Choose file types to scan
- Skip files based on file size
- Receive email reports
- Choose report recipients
- Google blacklist monitoring
- Automated backups
- Full website backups
- Cloud backups
- Site interactions with logging