Join WPMU DEV and secure your site with

Defender Pro

Keep your site safe from hackers! Brute force attacks and malicious bots are no match for Defender's mighty WordPress security shields and cloaking technology.

Defender's regular security scans, vulnerability reports, audit logs, 2-factor authentication, safety recommendations, blacklist monitoring, IP lockout device, simple security tweaks, core, plugin and theme code checker and login masking are too much for even the most wily villain.
Downloads 755,013
Active Installs 108,358
Ultra Compatible
Version 2.1.4

Changelog / Translations

Version 2.1.4
  • Fix: Mask Login cause issue when visiting /wp-admin/network/sites.php
Version 2.1.4
  • Fix: Mask Login cause issue when visiting /wp-admin/network/sites.php

Version 2.1.3
  • Feature: Security tweaks will send reminder when no tweaks were actioned after activation
  • Improvement: Scanning will be more catchy, especially with code using eval function, however that can lead to more false positive, please consider to check with our support before delete the file.
  • Fix: Bring back the tooltips system
  • Fix: Audit filter links doesn\'t reflect the right results if open in new tab
  • Fix: Filtering issue type in scanning now show correct results.
  • Fix: Scanning notification keep sending when the setting turn to \"off\"
  • Fix: User IP in IP Lockout->Blacklist now show the correct IP.
  • Fix: Bring back the subject customization field in Scanning email config.
  • Fix: Manage Login Duration wont make user to login twice anymore.
  • Fix: Audit filtering by user now working properly
  • Fix: We change the Audit logging items\' color from red to more neutral.
  • Fix: Ad Widget won\'t be show in vulnerability list by accident anymore
  • Fix: Bottom bulk selector in Scanning page now work properly
  • Fix: Deprecate warning from the function strpos() in php 7.3
  • Fix: Sync issues with HUB will be more consistent.
  • Fix: Mask login doesn\'t work properly if Wordpress get installed in a sub-folder
  • Fix: Conflict with Avada theme which making scanning stuck
  • Fix: Gracefully handle error when php dom extension does not install
  • Fix: Prevent factory reset revert database prefix into wp_ even though it was not set by Defender.
  • Fix: Prevent slashes added in email template
  • Fix: Minor grammar and UX improvements.

Version 2.1.2
  • Feature: Defender Pro now supports the WPMU DEV Dashboard’s white label feature.
  • Feature: You can now perform a factory reset of Defender’s settings via the Settings screen, as well as control what happens to data when the plugin is uninstalled.
  • Improvement: Defender File Scanning no longer identifies robots.txt as a potentially harmful file.
  • Improvement: We’ve turned off autocomplete on the two-factor authentication field so that previous codes don’t show up.
  • Fix: Fixed a conflict with Defender where the 404 lockout feature would lock out users who tried to access old Hummingbird cache files.
  • Fix: You can now view date ranges greater than 7 days for IP Lockout logs
  • Fix: Minor grammar and UX improvements.

  • Fix: Two-Factor Authentication QR code not being displayed on new device registration.

Version 2.1.1
  • Fix: Prevent Information Disclosure corrupts htaccess code

Version 2.1
  • New: Geo-based IP blocking. Completely block incoming traffic from specific countries to gain full control over who can and can’t access your site.
  • New: Upgraded design components and improved user experience across the board.
  • Fix: Corrupt .htaccess rules generated by Defender weren’t able to be re-applied when adding them a second time.
  • Fix: Users can no longer get past login masking when using double slashes.
  • Fix: Javascript errors prevented adding recipients to notifications and editing templates.
  • Fix: Blacklist monitoring could not be enabled on some sites.
  • Fix: Parse error on installations running PHP 5.3.
  • Improvement: Removed activation redirection and tooltips on first activation.
  • Other minor enhancements and fixes

Version 2.0.1
  • Fix: permanent ban on 404 lockouts now sends correct email.
  • Fix: IP lockout logs not showing correct results/order on different pages.
  • Fix: IP lockout logs showing wrong badge for 404 lockouts.
  • Fix: 2FA not working properly when using Sensei plugin.
  • Other minor enhancements and fixes.

Version 2
  • New: added tweak “Disable XML-RPC”
  • Improvement: Two factor authentication can now be force enabled by role.
  • Improvement: Masking URL description.
  • Fix: Compatibility with Appointments+ login when Mask Login is enabled.
  • Fix: /login/ will be blocked instead of redirecting to right login URL
  • Fix: new site registration email login URL will now show right Login URL instead of the original one when Mask URL is enabled.
  • Fix: Accessibility issue when activating 2FA.
  • Changes: Show Admin Pointer on initial Defender activation, and removing the redirect behavior.
  • Other minor enhancements and fixes

Version 1.9.1
  • Fix: Mask Login Area description text is misleading
  • Fix: wp-admin link of sub-sites in networks link to wrong admin URL
  • Fix: Prevent Information Disclosure & Prevent PHP Execution show false error message when first applied
  • Fix: Dashboard reporting section mis-alignment
  • Other minor enhancements and fixes

Version 1.9
  • New: Ability to edit default two-factor authentication email notifications
  • New: Added Privacy Policy in privacy guideline page
  • Improvements for lockout logs interface
  • Improvement: Smarter report default time.
  • Fix: Defender auto redirect issue when bulk activating plugins
  • Fix: saving 404 redirect URL issue
  • Fix: Some layouts are shifted on mobile devices
  • Other minor enhancements and fixes

Version 1.8
  • New: Hide the default WordPress login URLs with the new Mask Login Area feature, giving you enhanced protection from hackers and bots.
  • New: Ability to force two-factor authentication for all users.
  • Fix: Fixed a bug where file scanning would detect wp-config.php as suspicious.
  • Fix: Fixed an issue where the lockout pages could be cached by external cache engines.

Version 1.7.6
  • Fix: Defender now can recognize and verify Bing Bot for whitelisting
  • Fix: Lockout page now will use site title instead of the text 'WP Defender'
  • Other minor enhancements and fixes

Version 1.7.5
  • Fix: Report status missing in Hub Security tab
  • Fix: Some themes/plugins shown as a vulnerability but no info available
  • Other minor enhancements and fixes

  • Fix: Remove debug data
  • Fix: Issue with Hub

  • Added: Endpoint API so HUB can work with Defender natively through WPMU DEV Dashboard plugin

Version 1.7.4
  • Fix: Conflict with Jetpack where Defender 2FA module would not detect if Jetpack 2FA was disabled.
  • Fix: Visitor would get a 404 lockout if landing on a page with many dead links.
  • Improvement: When an user is deleted, audit logging now display the user's login instead of only UID.
  • Other minor enhancements/fixes

Version 1.7.3
  • Fix: Two-factor authentication can be bypassed by user with no role.
  • Improvement: Enhanced two-factor authentication protection across multisites.

Version 1.7.2
  • Improvement: Improvement: IPv6 support for both whitelisting and blacklisting, requires IPv6 support on the server.
  • Improvement: Better UI/UX for Two-factor authentication.
  • Fix: Security tweak "Prevent PHP Execution" and "Protect Information" now support Apache 2.4 htaccess rules.
  • Other minor enhancements/fixes

Version 1.7.1
  • Improvement: Audit logging logs will be stored up to 1 year, query range can be set up to 3 months
  • Improvement: Option to set a cooldown period for lockout notifications.
  • Added: widget for 2 factors authentication
  • Fix: Defender does not detect the right IP when CloudFlare is being used
  • Fix: Conflict with TM Photo Gallery Plugin
  • Other minor enhancements/fixes

Version 1.7
  • New: Now you can enable 2 factors authentication with Defender and Google Authenticator app, support for iOS and Android
  • New: We can define how long the "Remember me" can take affect, via a new Security Tweak, called "Manage Login Duration"
  • Improvement: IP Lockout logs now have separate tables, better for performance.
  • Fix: Ignore a file in Scanning section sometimes coming back after couple of scans.
  • Other minor enhancements/fixes

Version 1.6.2
  • New: CSV export for Audit Logging.
  • Improvement: Email reports now have unsubscribe link, and link to Reports where email reports can be turned off.
  • Fix: Typo in Audit email.
  • Other minor enhancements/fixes

Version 1.6.1
  • Improvement: Improved IP Lockout performance.
  • Fix: Audit logging detects wrong WordPress version when upgrade
  • Fix: "Update old security keys" doesn't move to resolved list after processed
  • Fix: When emptying IP Lockout logs cause timeout error.
  • Fix: Typos in some places
  • Other minor enhancements/fixes

Version 1.6
  • Improvement: Allow users to select and apply rules to other server type in Prevent PHP Execution and Prevent Information Disclosure.
  • Fix: Sometimes HUB status doesn't sync with WordPress site.
  • Other minor enhancements/fixes

Version 1.5
  • New: You can now add exceptions for specific PHP files in the PHP Execution Security Tweak.
  • Improvement: Filtering all log types now uses URLs instead of ajax only, meaning you can link to a filtered log easily.
  • Improvement: Various user experience updates across the plugin interface to make using Defender even easier.
  • Fix: Lockout Logs now display from newest to oldest.
  • Fix: Lockout Logs pagination now works correctly.
  • Fix: Inconsistencies in the IP Lockouts stats across the plugin.
  • Fix: Sending Audit Logging reports to multiple recipients would address all recipients as the first user's name.
  • Fix: Grammar and typos in some modals and error messages.
  • Fix: If Defender finds a vulnerability in WordPress's core, the text would indicate running an update would fix the issue though no update was actually available yet.

Version 1.4.2
  • Improvement: The plugin interface will now stretch to utilize extra screen space on larger screens.
  • Fix: Audit Logging was getting its days mixed up in the summary area. You’ll now see the correct day of the week.
  • Fix: We squashed a bug that was causing files scans to sometimes report false positive files after WordPress core upgrades.
  • Fix: A conflict with Jetpack was causing scans to stall, which we have now fixed up.
  • Fix: In some cases File Scanning reports wouldn't actually stop sending if you disabled them. It now obeys commands.
  • Fix: Google's bot was being blocked by IP Lockouts but now it's free to crawl and index as it pleases.
  • Fix: We removed redundant “cancel” buttons on settings pages. You probably won’t even notice!
  • Fix: We’ve added live stats so now there’s no need to wait around in anticipation while running files scan actions.
  • Fix: Stats weren’t displaying the right numbers after actioning security tweaks, but it’s all good now.
  • Fix: Pagination on the Audit Logging logs page now works like you would expect it to.
  • Fix: Files detected in File Scanning now have metrics with their file sizes.
  • Fix: We’ve fixed styling issues with toggles.
  • Fix: We removed the” Resolve bulk update” option from File Scanning. It wasn’t really a valid action.
  • Fix: Incomplete icons in the Dashboard reports area have been updated.
  • Fix: We’ve removed redirection from the dashboard to the File Scanning page are after preforming a file scan so now you shouldn’t feel lost.
  • Fix: Lots of other small stuff, like minor cosmetic and grammar fixes.

Version 1.4.1
  • Fix: Compatibility issue with Getting Started Wizard
  • Fix: Scanning was sometimes slow or getting stuck

Version 1.4
  • New: Meet the brand new Defender! This release focuses on making security for WordPress a better place. We’ve given the UI a refresh and updated the UX, so configuring your security settings is a walk in the park.
  • Fix: A ton of bug fixes & improvements. Yep, vague description! But why bore you with the small stuff when you could be spending time bolstering your site’s security?

Version 1.3
  • Added: Endpoint API so HUB can work with Defender natively through WPMU DEV Dashboard plugin
  • Other minor enhancements/fixes

Version 1.2
  • Added: New Hardening Rule (PHP version)
  • Improvement: Audit Logging now allows date range selection.
  • Improvement: IP Lockouts now allow IP ranges in whitelist/blacklist.
  • Improvement: IP Lockouts now can import/export whitelist/backlist.
  • Fixed: IP Lockouts email notification text on permanent IP ban.

  • Fixed: Cache issue causing multiple requests to API endpoint when scanning suspicious files.

Version 1.1.6
  • Fixed: Collapse Menu button shows bigger font and in all caps
  • Fixed: Missing strings in translation (.pot) file
  • Fixed: Audit logging reports not using correct timezone.
  • Fixed: DB prefix replacing all instances of “wp” if it's used multiple times (ie wp_mytable_wp_subtext)
  • Fixed: Auto ban users who log in with the “admin" username not working.
  • Some other minor enhancements/fixes

Version 1.1.5
  • Added: IP Lockouts. Defender can now protect your login area from brute force attacks, monitor 404 errors and automatically lockout any unwanted behavior. It can also permanently ban specific IP addresses and receive email notifications when lockouts occur.
  • Fixed: Minor bug fixes and improvements.

  • Fixed: Fatal error when PHP extension sockets is not enabled

Version 1.1.4
  • Improvement: Audit logging now detects file changes in WordPress core.
  • Fixed: Updating via WordPress core now syncs better with the Hub.
  • Fixed: Some compatibility fixes for PHP 5.2.

Version 1.1.3
  • Improvement: Audit Logging now ajax based.
  • Fixed: minor bug fixes & some UI/UX improvements

Version 1.1.2
  • Improvement: Switched the User dropdown in Audit Logging to load results via AJAX to increase initial load performance.
  • Improvement: Scan results now pre-load information so that you can action fixes faster.
  • Fixed: Removed cronjob events from being tracked in Audit Logging.
  • Fixed: The Audit Logging filter box now stays visible if no results are returned.
  • Fixed: Other small bug fixes and improvements.

Version 1.1.1
  • Added: A warning indicator in WP Admin sidebar to let you know how many security issues are outstanding.
  • Added: The ability to choose to only receive email reports when there are issues with your website.
  • Fixed: Minor bug fixes & improvements

Version 1.1
  • New feature: Audit logging
  • New plugin icon
  • Vulnerability plugins/theme scan result can be ignored
  • Some other minor enhancements/fixes

Version 1.0.8
  • Improve Core Integrity Scan.
  • Improve caching method

Version 1.0.7
  • Improved: Scan schedule.
  • Fix: issue with W3 Total Cache Object Cache

Version 1.0.6
  • Fix: Defender data doesn't sync with HUB correctly
  • Fix: Email report doesn't send properly
  • Some other minor enhancements/fixes

Version 1.0.5
  • Added: Option to choose reminder period for Hardener rule "Update old security keys"
  • Improved: Compatibility with Windows server
  • Improved: Optimized resource usage when scanning

Version 1.0.4
  • Improve scan engine, reduce false positives
  • Improve uninstallation method
  • Add the ability to ignore hardener rules.
  • Improve the performance impact on the site.

Version 1.0.3
  • Optimize scanning
  • Preventing performance issue with some hosts

Version 1.0.2
  • Applied ajax inline updates for plugins/themes
  • One click Prevent PHP execution
  • One click Prevent Information Disclosure
  • Add detail page for core integrity issue, and automate resolution

Version 1.0.1
  • Scanning can auto detect if user is active on scanning page to work based on ajax, or leave to enable background scan
  • Improve condition checking for Prevent Information Disclosure module
  • Improve condition checking for Prevent PHP execution module

Version 1
  • Initial release!
Schedule security scans, vulnerability reports, get safety recommendations and make security tweaks.
  • Recommendation and one-click action steps
  • Plugin, theme and core vulnerability scans
  • Manual and automatic IP lockout system
  • Google blacklist monitoring and alerts
  • Restore and repair changed files
  • 2-Factor Authentification

Scans and reports are awesome, but who do you call to lay the smack-down on hackers?

Defender not only makes suggestions, he’ll give you action steps and stand guard giving you a stronger site.

Block the Bad Guys With Defender


Brute Force Lockout

Limit login attempts to block attackers trying to guess your password.

File Change Detection

Scan plugins, themes and WordPress core files for changes to the code.

404 Lockout

Use 404 detection to stop bots that are scanning for vulnerabilities.


Audit Logs

Keep detailed logs of every user action from file modifications to settings changes.

Email Notifications

Never be left in the dark with customized reports and automate email notifications.

IP Lockout

Trigger timed or permanent site bans with both manual and automatic IP controls.


Security Key Updater

Add another layer of protection by changing security keys on a schedule.

Automated Scans

Keep an eye on your site with regular automated scans and reporting.

Blacklist Monitoring

Checks safe web services and warns you if your site has been flagged as unsafe.


2-Factor Authentication

Use 2-factor authentication to protect your site with both a password and a phone.

Remember Me Checked

Set how long the “Remember me” option will keep users logged in to your site.

Whitelist IP

Make exceptions to lockout rules and prevent administrators from losing access.


Security Tweaks

Add effective security measures with recommendations and one-click hardening.

Hub Security Manager

Monitor security issues, updates and backups for all your sites from the Hub.

Snapshot Backups

Defender includes 10GB of cloud storage and automated Snapshot backups.

Defender finds areas you can improve and makes suggestions for security tweaks.

Pro Security Tweaks

Security isn’t one-size-fits-all, so Defender will analyze your site, make suggestions for security tweaks and provide easy activation for the most effective layered security measures used by the pros.

Defender is the professional security upgrade you’ve been looking for.

Expose hidden code with regular scans.

Theme & Plugin Code Checker

Defender also checks for known issues with themes and plugins you have installed and scans for suspicious behavior in your system files.

Now you can remove the weak points in your system before hackers can get to them.

Get notified of core file changes and restore order with a click.

Let Defender Do The Crime Fighting

Defender scans the dark alleys of your site to find suspicious code in WordPress and alerts you when something doesn’t look right.

If a core file is corrupt Defender brings order. Restore files to their original state with a click.

Keep tabs on everything that happens on your site!

Audit Logging

Tired of mysterious breakages or inexplicable slowness on your site? With Defender keeping watch, you’ll know the cause – every time. Defender lets you keep and quickly search a detailed logs of comments, posts, login attempts, plugin installs, and well, pretty much everything.

Use blacklist monitoring to help keep a trusted brand.

Blacklist Monitoring

Defender checks safe web services and warns you if your site has been flagged as unsafe.

Be the first to know if your domain is blacklisted so you can act fast and reinstate your site – before you lose visitors or break trust.

Protect your site from brute force attacks.

IP Lockout

Brute force attacks are no match for Defender’s IP Lockout system. Trigger timed or permanent site bans for repeated 404s or failed login attempts. Run quick lockout audits with filterable logs. Protect your site with both manual and automatic IP ban and whitelist control.

  • Defender's interface is very intuitive with warnings that are very helpful.
  • Worth every penny! Plugins like Defender and Snapshot are one of a kind.
    Andre M.
  • I found other pro security plugins a bit too fiddly for my taste...I’m delighted with Defender.
  • This is the sort of security data I’ve always wished all my websites and web apps had.
  • So once again, my WPMU DEV membership pays huge dividends. Defender is awesome! Huge thanks.
    DigiBlueArc - DezinerBlogs
  • Defender Recently blocked over 3000 attacks in one week without any noticeable impact on the website. WPMUDEV knocking it out of the park on that one.
    David Oswald - Founder @
Mask your login screen with a custom URL.

Login Screen Masking

Make it harder for bots to find your login screen with a unique slug. Say goodbye to the default login URL.

As an added bonus, moving your login screen lets you further whitelabel your client sites!

Stay ahead of security with customized alert settings and notifications.

“Warning: I Sense a Disturbance”

Customize your alert settings. Send security updates, lockout notification emails, custom 2-factor emails, scheduled reports and audit logs to any one – an admin or  a team of people. Use regular security reports and alerts to help keep your site running fast and safe.

Backup and restore from any point with Snapshot.

Cloud Backups with Snapshot

Security and automated cloud backups – it’s the ultimate Super Duo. Activate Snapshot and you’ll never need to worry about a hack again.

Just restore to a clean install while you patch vulnerabilities.

Meet WP Defender

Congratulations! You’re about to lock down your site, keeping your content and your users safe from common threats.

Get setup instructions below or check out our comprehensive Defender feature walkthrough in the documentation library.

Because Defender features need the WPMU DEV super servers to function, access to pro features requires an active WPMU DEV membership. For more information see the API Access section in the terms of service.

New to WordPress? The Installing Plugins section or our comprehensive WordPress and WordPress Multisite Manual will guide you through installing your first plugin.

Configure Your Defense Network

Visit your WP Admin dashboard, and find Defender in your Admin Menu. Start on the first tab, your Defender Dashboard. The Defender mascot is ready to show you how everything works.

And beneath that you’ll see quick stats for all of the awesome security features. So let’s jump right in and get started!


First up is Hardening.

The first hardening check has already been run as soon as you activated the plugin. Clicking “View List” will take you to the full results screen.

Below this overview, you’ll see a detailed list of all the items that need your attention, and those that are already resolved.

Each of the items under Action Needed can be expanded to see a detailed explanation of the issue, as well as a simple process for resolving the issues reported. Here’s a detailed look at the first item in the Action Needed list, “Disable the file editor.”

To resolve the file editor issue, you can simply click “Disable File Editor”. Every issue you might encounter will be as simple, if not more so, as this step to resolve, most only require the user to click a button.

Each of our recommendations and solutions will put an additional layer of protection between your site and those who might wish to harm it or your users.

Security Scan

WP Defender can also scan your site for malicious files and code, and report any suspicious files to you.

Back on the main Dashboard area you first saw, you will see this Security Scan section the first time you use the plugin. Click “Scan My Website” to get started.

You’ll then be taken to the Scan section of Defender where you will be able to watch the progress of your scan. After your first scan is complete, you will then be able to view the results from here; and clicking “Configure” will take you to the Settings section (discussed later in this guide).

To the right of each reported issue, you’ll see 3 small icons. From left to right, these options are:

– Resolve Issue
– False Alarm? Ignore it
– Delete this File

If you are unsure about what the file is, click the first option – Resolve Issue – and a popup will appear with a proposed solution.

The php_errorlog in this example is not a malicious file, so I’m able to ignore this one.

Blacklist Monitoring

Return to the Dashboard for Defender, and you will find this section right below “Hardening”. This feature will scan Google’s blacklisted sites for your site’s URL and notify you if your site has been removed from Google’s index.

Just click “Activate Blacklist Monitoring” to enable this feature.

If you ever need to disable this feature, you can click the orange switch on the top right of this block to do so.

Automatic Scans

Right below Blacklist Monitoring, you’ll find a section for “Setup Automatic Scans”. Setting up automated scans is very simple, just enter the frequency, date, and time, and then click “Activate”.

Once activated, you can then update the schedule for your automated scans from this same section. Just change the date, frequency, or time and then select “Update”. Or to disable the scans entirely, click the small orange switch in the top right corner of this section.

You’ll find more on configuring the settings for your Security Scans & Automatic Scans in the Settings section of this guide.

Audit Logging

To the right of Blacklist Monitoring and Automatic Scans, you’ll find the Audit Logging section.

Select “Enable Audit Logging” to get started.

And then let’s click on “Configure” to check out the Audit Logging section.

The top section is where  you’re able to search for a specific user’s activity, filter by date range, and show/hide what events you are interested in seeing. Immediately beneath that, is where your Audit Log results will appear.

Since I just enabled Audit Logging on this site, there weren’t any results to view yet. But below is an example of what you may see when you go to check your Log.

From this screenshot, you can see that I was busy uploading PNG files to the media library. You’re able to see the exact file name & save location, the date of the action, the type of file, the IP address where the action was performed from, and finally who performed the action – if they were logged in.

Pretty nifty, ya? I think so! :)

IP Lockouts

Back on the Defender Dashboard, we can now configure the last feature – IP Lockouts.

Here you’ll be able to view the quick stats on any IP Lockouts that occur this week. Since we haven’t activated this feature yet, there isn’t much to see. So click “Configure” in the top right, and let’s get started.

After selecting “Configure” you’ll be taken to the IP Lockouts section. There are a lot of different options here, so we’ll go through them one by one so you can get the most out of this feature.

Login Protection

The first option we want to configure is Login Protection. Click the pretty blue “Enable” button to begin, as shown in the previous screenshot.

Now you can configure the following settings:

Lockout threshold – define the number of failed attempts within a certain period of time that will trigger a lockout. The default setting is 5 failed attempts, within 300 seconds.

Lockout time – how long the lockout will last for, once triggered. You can also opt to permanently ban anyone that’s been locked for failed logins.

Lockout message – choose the message that will be displayed after a user has been locked out. You can also preview how the message will appear on your site by clicking the blue “here” link.

Ban admin user logins – here you can opt to automatically ban any IPs that attempt to log into your site using the “Admin” username. Which is usually the first thing that hackers will try when attempting to access your site. It’s also a good idea to make sure the username for your administrator account is something unique; details on that (plus other tips) can be found on our blog here.

If you make any changes to this section, be sure to hit “Update Settings” before proceeding to the next section.

404 Detection

Next up is 404 Detection. This feature allows you ban IP addresses that repeatedly try to access pages that do not exist. Click the blue “Enable” button to begin.

Lockout Threshold – just like with Login Protection, you can adjust how many events within a certain period of time will trigger a lockout. In this example, if a single IP address receives 20 404 errors within 300 seconds, then their IP will be temporarily locked out from your site.

Lockout Time – here you can indicate how long you would like the lockout to last for. And you can even permanently ban IP address that trigger your 404 lockout.

Lockout Message – in this section you can customize the message that will appear to your site visitors when they’ve been locked out after triggering a 404 Detection lockout.

Whitelist – in this section you can define any files or pages that you know are commonly searched for, but missing from your website. This will prevent your actual members from being locked out during their usual browsing.

Ignore File Types – similar to the above section, you can define specific file types that you would like to be excluded from triggering a 404 Lockout.

Exclusions – this section is where you can choose whether or not to monitor the 404s that come from logged in users. If you would like these interactions monitored (and for the 404 Lockout rules to apply), then leave the box checked. If you would like to disable the monitoring of these interactions, then simply uncheck the box.

And finally, if you’ve made any changes at all to anything under the 404 Detection tab, be sure to click “Update Settings” before navigating to a new page.

IP Blacklist

From here, Defender allows you to permanently ban persistent troublemakers via IP their IP address. The IP addresses will remain banned until you manually choose to remove them from the list.

Blacklist – pretty self explanatory what goes here. Just list any IP addresses that you would like to have banned. One IP address per line in IPv4 format. You can also ban IP ranges in the format of

Lockout Message – another opportunity to craft a custom lockout message to let those ne’er do wells know you’re onto them. This one is of course for those that you’ve personally banned by adding to the Blacklist above.

Whitelist – and what would a good security service be without a Whitelist to protect the innocent? :) Here you can add any domains that you would like to make sure are never locked out of your site. The accepted format is the same as for the Blacklist: One IP address per line in IPv4 format. You can also ban IP ranges in the format of

Import & Export – these features are really nifty! If you ever need move your Blacklist & Whitelist to another website, instead of manually copy+pasting all those IP addresses, you can simply Export a CSV file with the complete record. Then all you need to do is Import the CSV file into Defender on your new site. How cool is that?


Under Logs you can view all Lockouts that have occurred within the past 30 days. You’ll be able to view the reason for the Lockout, the IP address that was locked out, and the date.

In my example above no Lockouts have occurred since this is a brand new site. But let’s take a look at an example from a live website that has had some activity this past week.

In this example, you can see that 351 events have been recorded in the past 30 days.

In the top right hand corner I can choose whether I’d like to view all of the results, or filter by a specific Lockout type or event. I can also go through the pages and review all of the events in the log.

For each event you will be able to see what type of event it was (indicated by the small colored box on the left), the reason the event occurred, the IP address that triggered the event, and the date the event occurred.

To the right of each event you will also see two blue links – Ban & Whitelist. By clicking either of these links, you can automatically add the IP address to the respective list (Blacklist or Whitelist).


The section is also pretty self explanatory. Here is where you are able to enable the email notifications you’d receive when a Lockout occurs.

You can also add additional email recipients if you would like someone other than the site admin to be notified. This is great if you have a team of folks helping you to manage your site that you would like to keep in the loop.

And of course click “Update Settings” if you make any changes.


Now let’s move onto the Reporting section.

Like the Notifications section, you can choose whether or not you’d like to receive a regular report regarding all of the events that have been recorded in your Logs.

You can decide the frequency, the day of the week, and the time of day you’ll receive these reports.

And beneath “Time of Day” you will also see when the next scheduled report is to be sent.

You can also add additional email recipients to the list if you need other team members to receive these reports.

Don’t forget to “Update Settings” if you made changes!


And finally, last but not least, “Settings”. You can find this section on the bottom left of your wp-admin area, underneath “Defender”. This section is where you are able to configure your Automated Scans, as well as customize the reports you’ll receive once a scan is complete. (Refer to earlier in this guide for information regarding Automated Scans)

Scan Types – toggle the switch to disable or enable specific portions of the security scans. We of course recommend leaving all of these enabled.

Max Included File Size (MB) – you can have Defender automatically skip large files. This will help Defender scan your site faster too. Just indicate how many megabytes the largest file should be that will be scanned. In this example, all files over 10MB will not be scanned by Defender.

Enable All Email Reports – here you can opt to receive email notifications even when everything is running perfectly. Defender of course will notify you whenever something is wrong, according to the settings you configured in earlier sections.

Email Recipients – Here, you’ll be able to add users who’ll be notified when the site fails or passes a security scan.

Email Templates – At the bottom of the page, you can customize the text of the pass/fail emails. We’ve included a handful of macros to easily insert custom information.

Notes and Info

If enabling WP Defender’s “Prevent PHP execution” option breaks down WP Chat, go to “Chat -> Settings common -> Poll Intervals” page and change value for “Select Polling Source Type” option from “Plugin AJAX” to “WordPress AJAX”.

As always, if you have any questions or need any help at all getting WP Defender set up to protect your site, we’ve always got a light on for you in our support forums.

Defender Pro is covered by the WPMU DEV Guarantee

WPMU DEV Guarantee

We guarantee that...

  • Defender Pro will work as advertised
  • You will receive 24/7 365 expert support for any problem
  • If you cancel your FREE trial, you can keep Defender Pro
  • Defender Pro is secure, always updated and well coded

Money back guarantee!

While you have 30 days, no obligations risk-free trial of WPMU DEV if you become a paid member and are dissatisfied with any of the above we'll refund you, no questions asked.

Defender Features

Get peace-of-mind with a more secure site.

  • Analyze site security
  • Security tweak recommendations
  • Resolve issues with a click
  • Manual and automatic IP lockout
  • Filterable IP logs
  • Scan core files for changes
  • 2-Factor Authentification
  • Customize 2-factor email
  • Vulnerability scans
  • Schedule scans
  • Repair/restore changed files
  • Choose file types to scan
  • Skip files based on file size
  • Receive email reports
  • Set report recipients
  • Google blacklist monitoring
  • Automated backups
  • Full website backups
  • Cloud backups
  • Site interactions with logging