Defender

Get regular security scans, vulnerability reports, safety recommendations and simple security tweaks for your site in just a few clicks. Defender is the analyst and enforcer that never sleeps.

Version 1.6.1

  • Improvement: Improved IP Lockout performance.
  • Fix: Audit logging detects wrong WordPress version when upgrade
  • Fix: "Update old security keys" doesn't move to resolved list after processed
  • Fix: When emptying IP Lockout logs cause timeout error.
  • Fix: Typos in some places
  • Other minor enhancements/fixes

Changelog

Version 1.6.1
  • Improvement: Improved IP Lockout performance.
  • Fix: Audit logging detects wrong WordPress version when upgrade
  • Fix: "Update old security keys" doesn't move to resolved list after processed
  • Fix: When emptying IP Lockout logs cause timeout error.
  • Fix: Typos in some places
  • Other minor enhancements/fixes

Version 1.6
  • Improvement: Allow users to select and apply rules to other server type in Prevent PHP Execution and Prevent Information Disclosure.
  • Fix: Sometimes HUB status doesn't sync with WordPress site.
  • Other minor enhancements/fixes

Version 1.5
  • New: You can now add exceptions for specific PHP files in the PHP Execution Security Tweak.
  • Improvement: Filtering all log types now uses URLs instead of ajax only, meaning you can link to a filtered log easily.
  • Improvement: Various user experience updates across the plugin interface to make using Defender even easier.
  • Fix: Lockout Logs now display from newest to oldest.
  • Fix: Lockout Logs pagination now works correctly.
  • Fix: Inconsistencies in the IP Lockouts stats across the plugin.
  • Fix: Sending Audit Logging reports to multiple recipients would address all recipients as the first user's name.
  • Fix: Grammar and typos in some modals and error messages.
  • Fix: If Defender finds a vulnerability in WordPress's core, the text would indicate running an update would fix the issue though no update was actually available yet.

Version 1.4.2
  • Improvement: The plugin interface will now stretch to utilize extra screen space on larger screens.
  • Fix: Audit Logging was getting its days mixed up in the summary area. You’ll now see the correct day of the week.
  • Fix: We squashed a bug that was causing files scans to sometimes report false positive files after WordPress core upgrades.
  • Fix: A conflict with Jetpack was causing scans to stall, which we have now fixed up.
  • Fix: In some cases File Scanning reports wouldn't actually stop sending if you disabled them. It now obeys commands.
  • Fix: Google's bot was being blocked by IP Lockouts but now it's free to crawl and index as it pleases.
  • Fix: We removed redundant “cancel” buttons on settings pages. You probably won’t even notice!
  • Fix: We’ve added live stats so now there’s no need to wait around in anticipation while running files scan actions.
  • Fix: Stats weren’t displaying the right numbers after actioning security tweaks, but it’s all good now.
  • Fix: Pagination on the Audit Logging logs page now works like you would expect it to.
  • Fix: Files detected in File Scanning now have metrics with their file sizes.
  • Fix: We’ve fixed styling issues with toggles.
  • Fix: We removed the” Resolve bulk update” option from File Scanning. It wasn’t really a valid action.
  • Fix: Incomplete icons in the Dashboard reports area have been updated.
  • Fix: We’ve removed redirection from the dashboard to the File Scanning page are after preforming a file scan so now you shouldn’t feel lost.
  • Fix: Lots of other small stuff, like minor cosmetic and grammar fixes.

Version 1.4.1
  • Fix: Compatibility issue with Getting Started Wizard
  • Fix: Scanning was sometimes slow or getting stuck

Version 1.4
  • New: Meet the brand new Defender! This release focuses on making security for WordPress a better place. We’ve given the UI a refresh and updated the UX, so configuring your security settings is a walk in the park.
  • Fix: A ton of bug fixes & improvements. Yep, vague description! But why bore you with the small stuff when you could be spending time bolstering your site’s security?

Version 1.3
  • Added: Endpoint API so HUB can work with Defender natively through WPMU DEV Dashboard plugin
  • Other minor enhancements/fixes

Version 1.2
  • Added: New Hardening Rule (PHP version)
  • Improvement: Audit Logging now allows date range selection.
  • Improvement: IP Lockouts now allow IP ranges in whitelist/blacklist.
  • Improvement: IP Lockouts now can import/export whitelist/backlist.
  • Fixed: IP Lockouts email notification text on permanent IP ban.

Version 1.1.6.1
  • Fixed: Cache issue causing multiple requests to API endpoint when scanning suspicious files.

Version 1.1.6
  • Fixed: Collapse Menu button shows bigger font and in all caps
  • Fixed: Missing strings in translation (.pot) file
  • Fixed: Audit logging reports not using correct timezone.
  • Fixed: DB prefix replacing all instances of “wp” if it's used multiple times (ie wp_mytable_wp_subtext)
  • Fixed: Auto ban users who log in with the “admin" username not working.
  • Some other minor enhancements/fixes

Version 1.1.5
  • Added: IP Lockouts. Defender can now protect your login area from brute force attacks, monitor 404 errors and automatically lockout any unwanted behavior. It can also permanently ban specific IP addresses and receive email notifications when lockouts occur.
  • Fixed: Minor bug fixes and improvements.

Version 1.1.4.1
  • Fixed: Fatal error when PHP extension sockets is not enabled

Version 1.1.4
  • Improvement: Audit logging now detects file changes in WordPress core.
  • Fixed: Updating via WordPress core now syncs better with the Hub.
  • Fixed: Some compatibility fixes for PHP 5.2.

Version 1.1.3
  • Improvement: Audit Logging now ajax based.
  • Fixed: minor bug fixes & some UI/UX improvements

Version 1.1.2
  • Improvement: Switched the User dropdown in Audit Logging to load results via AJAX to increase initial load performance.
  • Improvement: Scan results now pre-load information so that you can action fixes faster.
  • Fixed: Removed cronjob events from being tracked in Audit Logging.
  • Fixed: The Audit Logging filter box now stays visible if no results are returned.
  • Fixed: Other small bug fixes and improvements.

Version 1.1.1
  • Added: A warning indicator in WP Admin sidebar to let you know how many security issues are outstanding.
  • Added: The ability to choose to only receive email reports when there are issues with your website.
  • Fixed: Minor bug fixes & improvements

Version 1.1
  • New feature: Audit logging
  • New plugin icon
  • Vulnerability plugins/theme scan result can be ignored
  • Some other minor enhancements/fixes

Version 1.0.8
  • Improve Core Integrity Scan.
  • Improve caching method

Version 1.0.7
  • Improved: Scan schedule.
  • Fix: issue with W3 Total Cache Object Cache

Version 1.0.6
  • Fix: Defender data doesn't sync with HUB correctly
  • Fix: Email report doesn't send properly
  • Some other minor enhancements/fixes

Version 1.0.5
  • Added: Option to choose reminder period for Hardener rule "Update old security keys"
  • Improved: Compatibility with Windows server
  • Improved: Optimized resource usage when scanning

Version 1.0.4
  • Improve scan engine, reduce false positives
  • Improve uninstallation method
  • Add the ability to ignore hardener rules.
  • Improve the performance impact on the site.

Version 1.0.3
  • Optimize scanning
  • Preventing performance issue with some hosts

Version 1.0.2
  • Applied ajax inline updates for plugins/themes
  • One click Prevent PHP execution
  • One click Prevent Information Disclosure
  • Add detail page for core integrity issue, and automate resolution

Version 1.0.1
  • Scanning can auto detect if user is active on scanning page to work based on ajax, or leave to enable background scan
  • Improve condition checking for Prevent Information Disclosure module
  • Improve condition checking for Prevent PHP execution module

Version 1
  • Initial release!
Try Defender today!
  • Recommendation and one-click action steps
  • Plugin, theme and core vulnerability scans
  • Manual and automatic IP lockout system
  • Google blacklist monitoring and alerts
  • Restore and repair changed files
  • Schedule email security reports
Defender comes FREE with your WPMU DEV Membership GET Defender FOR FREE Free month & pricing info
  • "Defender's interface is very intuitive with warnings that are very helpful."
    djohns
  • "Worth every penny! Plugins like Defender and Snapshot are one of a kind."
    Andre M.
  • "I found other pro security plugins a bit too fiddly for my taste...I’m delighted with Defender. "
    KeithAdv
  • "This is the sort of security data I’ve always wished all my websites and web apps had."
    Guy
  • "So once again, my WPMU DEV membership pays huge dividends. Defender is awesome! Huge thanks. "
    DigiBlueArc - DezinerBlogs
Downloads 224,641 Compatibility WordPress 4.8Multisite 4.8BuddyPress 2.8.0Upfront1.8.1 Version 1.6.1 - Changelog - Translations

"Defender's interface is very intuitive with warnings that are very helpful."

djohns

"Worth every penny! Plugins like Defender and Snapshot are one of a kind."

Andre M.

"I found other pro security plugins a bit too fiddly for my taste...I’m delighted with Defender. "

KeithAdv

"This is the sort of security data I’ve always wished all my websites and web apps had."

Guy

"So once again, my WPMU DEV membership pays huge dividends. Defender is awesome! Huge thanks. "

DigiBlueArc - DezinerBlogs

Scans and reports are awesome, but who do you call to lay the smack-down on hackers?

Defender not only makes suggestions, he’ll give you action steps and stand guard giving you a stronger site.

Block the Bad Guys With Defender

 

Brute Force Lockout

Limit login attempts to block attackers trying to guess your password.

File Change Detection

Scan plugins, themes and WordPress core files for changes to the code.

404 Lockout

Use 404 detection to stop bots that are scanning for vulnerabilities.

 

Audit Logs

Keep detailed logs of every user action from file modifications to settings changes.

Email Notifications

Never be left in the dark with customized reports and automate email notifications.

IP Lockout

Trigger timed or permanent site bans with both manual and automatic IP controls.

 

Security Key Updater

Add another layer of protection by changing security keys on a schedule.

Automated Scans

Keep an eye on your site with regular automated scans and reporting.

Blacklist Monitoring

Checks safe web services and warns you if your site has been flagged as unsafe.

 

Security Tweaks

Add effective security measures with recommendations and one-click hardening.

Hub Security Manager

Monitor security issues, updates and backups for all your sites from the Hub.

Snapshot Backups

Defender includes 10GB of cloud storage and automated Snapshot backups.

Defender finds areas you can improve and makes suggestions for security tweaks.

Pro Security Tweaks

Security isn’t one-size-fits-all, so Defender will analyze your site, make suggestions for security tweaks and provide easy activation for the most effective layered security measures used by the pros.

Defender is the professional security upgrade you’ve been looking for.

Expose hidden code with regular scans.

Theme & Plugin Code Checker

Defender also checks for known issues with themes and plugins you have installed and scans for suspicious behavior in your system files.

Now you can remove the weak points in your system before hackers can get to them.

Get notified of core file changes and restore order with a click.

Let Defender Do The Crime Fighting

Defender scans the dark alleys of your site to find suspicious code in WordPress and alerts you when something doesn’t look right.

If a core file is corrupt Defender brings order. Restore files to their original state with a click.

Keep tabs on everything that happens on your site!

Audit Logging

Tired of mysterious breakages or inexplicable slowness on your site? With Defender keeping watch, you’ll know the cause – every time.

Defender keeps detailed logs of comments, posts, login attempts, plugin installs, and well, pretty much everything.

Use blacklist monitoring to help keep a trusted brand.

Blacklist Monitoring

Defender checks safe web services and warns you if your site has been flagged as unsafe.

Be the first to know if your domain is blacklisted so you can act fast and reinstate your site – before you lose visitors or break trust.

Protect your site from brute force attacks.

IP Lockout

Brute force attacks are no match for Defender’s IP Lockout system. Trigger timed or permanent site bans for repeated 404s or failed login attempts.

Protect your site with both manual and automatic IP ban and whitelist control.


Stay ahead of security with customized alert settings and notifications.

“Warning: I Sense a Disturbance”

Customize your alert settings. Send security updates, lockout notification emails, scheduled reports and audit logs to a team of admins and users.

Use regular security reports and alerts to help keep your site running fast and safe.

Backup and restore from any point with Snapshot.

Cloud Backups with Snapshot

Security and automated cloud backups – it’s the ultimate Super Duo. Activate Snapshot and you’ll never need to worry about a hack again.

Just restore to a clean install while you patch vulnerabilities.

Protect All Your Sites With Defender

 

Get Defender Now

Meet WP Defender

Congratulations! You’re about to lock down your site, keeping your content and your users safe from common threats.

New to WordPress? The Installing Plugins section or our comprehensive WordPress and WordPress Multisite Manual will guide you through installing your first plugin.

Configure Your Defense Network

Visit your WP Admin dashboard, and find WP Defender in your Admin Menu. Start on the first tab, your WP Defender Dashboard. The WP Defender mascot is ready to show you how everything works.

And beneath that you’ll see quick stats for all of the awesome security features. So let’s jump right in and get started!

Hardening

First up is Hardening.

The first hardening check has already been run as soon as you activated the plugin. Clicking “View List” will take you to the full results screen.

Below this overview, you’ll see a detailed list of all the items that need your attention, and those that are already resolved.

Each of the items under Action Needed can be expanded to see a detailed explanation of the issue, as well as a simple process for resolving the issues reported. Here’s a detailed look at the first item in the Action Needed list, “Disable the file editor.”

To resolve the file editor issue, you can simply click “Disable File Editor”. Every issue you might encounter will be as simple, if not more so, as this step to resolve, most only require the user to click a button.

Each of our recommendations and solutions will put an additional layer of protection between your site and those who might wish to harm it or your users.

Security Scan

WP Defender can also scan your site for malicious files and code, and report any suspicious files to you.

Back on the main Dashboard area you first saw, you will see this Security Scan section the first time you use the plugin. Click “Scan My Website” to get started.

You’ll then be taken to the Scan section of Defender where you will be able to watch the progress of your scan. After your first scan is complete, you will then be able to view the results from here; and clicking “Configure” will take you to the Settings section (discussed later in this guide).

To the right of each reported issue, you’ll see 3 small icons. From left to right, these options are:

– Resolve Issue
– False Alarm? Ignore it
– Delete this File

If you are unsure about what the file is, click the first option – Resolve Issue – and a popup will appear with a proposed solution.

The php_errorlog in this example is not a malicious file, so I’m able to ignore this one.

Blacklist Monitoring

Return to the Dashboard for Defender, and you will find this section right below “Hardening”. This feature will scan Google’s blacklisted sites for your site’s URL and notify you if your site has been removed from Google’s index.

Just click “Activate Blacklist Monitoring” to enable this feature.

If you ever need to disable this feature, you can click the orange switch on the top right of this block to do so.

Automatic Scans

Right below Blacklist Monitoring, you’ll find a section for “Setup Automatic Scans”. Setting up automated scans is very simple, just enter the frequency, date, and time, and then click “Activate”.

Once activated, you can then update the schedule for your automated scans from this same section. Just change the date, frequency, or time and then select “Update”. Or to disable the scans entirely, click the small orange switch in the top right corner of this section.

You’ll find more on configuring the settings for your Security Scans & Automatic Scans in the Settings section of this guide.

Audit Logging

To the right of Blacklist Monitoring and Automatic Scans, you’ll find the Audit Logging section.

Select “Enable Audit Logging” to get started.

And then let’s click on “Configure” to check out the Audit Logging section.

The top section is where  you’re able to search for a specific user’s activity, filter by date range, and show/hide what events you are interested in seeing. Immediately beneath that, is where your Audit Log results will appear.

Since I just enabled Audit Logging on this site, there weren’t any results to view yet. But below is an example of what you may see when you go to check your Log.

From this screenshot, you can see that I was busy uploading PNG files to the media library. You’re able to see the exact file name & save location, the date of the action, the type of file, the IP address where the action was performed from, and finally who performed the action – if they were logged in.

Pretty nifty, ya? I think so! :)

IP Lockouts

Back on the Defender Dashboard, we can now configure the last feature – IP Lockouts.

Here you’ll be able to view the quick stats on any IP Lockouts that occur this week. Since we haven’t activated this feature yet, there isn’t much to see. So click “Configure” in the top right, and let’s get started.

After selecting “Configure” you’ll be taken to the IP Lockouts section. There are a lot of different options here, so we’ll go through them one by one so you can get the most out of this feature.

Login Protection

The first option we want to configure is Login Protection. Click the pretty blue “Enable” button to begin, as shown in the previous screenshot.

Now you can configure the following settings:

Lockout threshold – define the number of failed attempts within a certain period of time that will trigger a lockout. The default setting is 5 failed attempts, within 300 seconds.

Lockout time – how long the lockout will last for, once triggered. You can also opt to permanently ban anyone that’s been locked for failed logins.

Lockout message – choose the message that will be displayed after a user has been locked out. You can also preview how the message will appear on your site by clicking the blue “here” link.

Ban admin user logins – here you can opt to automatically ban any IPs that attempt to log into your site using the “Admin” username. Which is usually the first thing that hackers will try when attempting to access your site. It’s also a good idea to make sure the username for your administrator account is something unique; details on that (plus other tips) can be found on our blog here.

If you make any changes to this section, be sure to hit “Update Settings” before proceeding to the next section.

404 Detection

Next up is 404 Detection. This feature allows you ban IP addresses that repeatedly try to access pages that do not exist. Click the blue “Enable” button to begin.

Lockout Threshold – just like with Login Protection, you can adjust how many events within a certain period of time will trigger a lockout. In this example, if a single IP address receives 20 404 errors within 300 seconds, then their IP will be temporarily locked out from your site.

Lockout Time – here you can indicate how long you would like the lockout to last for. And you can even permanently ban IP address that trigger your 404 lockout.

Lockout Message – in this section you can customize the message that will appear to your site visitors when they’ve been locked out after triggering a 404 Detection lockout.

Whitelist – in this section you can define any files or pages that you know are commonly searched for, but missing from your website. This will prevent your actual members from being locked out during their usual browsing.

Ignore File Types – similar to the above section, you can define specific file types that you would like to be excluded from triggering a 404 Lockout.

Exclusions – this section is where you can choose whether or not to monitor the 404s that come from logged in users. If you would like these interactions monitored (and for the 404 Lockout rules to apply), then leave the box checked. If you would like to disable the monitoring of these interactions, then simply uncheck the box.

And finally, if you’ve made any changes at all to anything under the 404 Detection tab, be sure to click “Update Settings” before navigating to a new page.

IP Blacklist

From here, Defender allows you to permanently ban persistent troublemakers via IP their IP address. The IP addresses will remain banned until you manually choose to remove them from the list.

Blacklist – pretty self explanatory what goes here. Just list any IP addresses that you would like to have banned. One IP address per line in IPv4 format. You can also ban IP ranges in the format of xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx

Lockout Message – another opportunity to craft a custom lockout message to let those ne’er do wells know you’re onto them. This one is of course for those that you’ve personally banned by adding to the Blacklist above.

Whitelist – and what would a good security service be without a Whitelist to protect the innocent? :) Here you can add any domains that you would like to make sure are never locked out of your site. The accepted format is the same as for the Blacklist: One IP address per line in IPv4 format. You can also ban IP ranges in the format of xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx

Import & Export – these features are really nifty! If you ever need move your Blacklist & Whitelist to another website, instead of manually copy+pasting all those IP addresses, you can simply Export a CSV file with the complete record. Then all you need to do is Import the CSV file into Defender on your new site. How cool is that?

Logs

Under Logs you can view all Lockouts that have occurred within the past 30 days. You’ll be able to view the reason for the Lockout, the IP address that was locked out, and the date.

In my example above no Lockouts have occurred since this is a brand new site. But let’s take a look at an example from a live website that has had some activity this past week.

In this example, you can see that 351 events have been recorded in the past 30 days.

In the top right hand corner I can choose whether I’d like to view all of the results, or filter by a specific Lockout type or event. I can also go through the pages and review all of the events in the log.

For each event you will be able to see what type of event it was (indicated by the small colored box on the left), the reason the event occurred, the IP address that triggered the event, and the date the event occurred.

To the right of each event you will also see two blue links – Ban & Whitelist. By clicking either of these links, you can automatically add the IP address to the respective list (Blacklist or Whitelist).

Notifications

The section is also pretty self explanatory. Here is where you are able to enable the email notifications you’d receive when a Lockout occurs.

You can also add additional email recipients if you would like someone other than the site admin to be notified. This is great if you have a team of folks helping you to manage your site that you would like to keep in the loop.

And of course click “Update Settings” if you make any changes.

Reporting

Now let’s move onto the Reporting section.

Like the Notifications section, you can choose whether or not you’d like to receive a regular report regarding all of the events that have been recorded in your Logs.

You can decide the frequency, the day of the week, and the time of day you’ll receive these reports.

And beneath “Time of Day” you will also see when the next scheduled report is to be sent.

You can also add additional email recipients to the list if you need other team members to receive these reports.

Don’t forget to “Update Settings” if you made changes!

Settings

And finally, last but not least, “Settings”. You can find this section on the bottom left of your wp-admin area, underneath “Defender”. This section is where you are able to configure your Automated Scans, as well as customize the reports you’ll receive once a scan is complete. (Refer to earlier in this guide for information regarding Automated Scans)

Scan Types – toggle the switch to disable or enable specific portions of the security scans. We of course recommend leaving all of these enabled.

Max Included File Size (MB) – you can have Defender automatically skip large files. This will help Defender scan your site faster too. Just indicate how many megabytes the largest file should be that will be scanned. In this example, all files over 10MB will not be scanned by Defender.

Enable All Email Reports – here you can opt to receive email notifications even when everything is running perfectly. Defender of course will notify you whenever something is wrong, according to the settings you configured in earlier sections.

Email Recipients – Here, you’ll be able to add users who’ll be notified when the site fails or passes a security scan.

Email Templates – At the bottom of the page, you can customize the text of the pass/fail emails. We’ve included a handful of macros to easily insert custom information.

Notes and Info

If enabling WP Defender’s “Prevent PHP execution” option breaks down WP Chat, go to “Chat -> Settings common -> Poll Intervals” page and change value for “Select Polling Source Type” option from “Plugin AJAX” to “WordPress AJAX”.

As always, if you have any questions or need any help at all getting WP Defender set up to protect your site, we’ve always got a light on for you in our support forums.

Defender Features

Get peace-of-mind with a more secure site.

  • Analyze site security
  • Security tweak recommendations
  • Resolve issues with a click
  • Manual and automatic IP lockout system
  • Scan core files for changes
  • Plugin and theme vulnerability scans
  • Schedule regular scans
  • Repair and restore changed files
  • Choose file types to scan
  • Skip files based on file size
  • Receive email reports
  • Choose report recipients
  • Google blacklist monitoring
  • Automated backups
  • Full website backups
  • Cloud backups
  • Site interactions with logging