WordPress security plugin with malware scanner, IP blocking, audit logs, antivirus scans, firewall, 2FA, brute force login security, and more.
Defender adds the best in WordPress plugin security to your website with just a few clicks, including malware scanner, firewall, and login security features. Stop brute force login attacks, SQL injections, cross-site scripting XSS, and other WordPress security vulnerabilities and hacks with Defender’s malware scanner, providing antivirus scans, IP blocking, firewall, activity log, security log, and two-factor authentication (2FA) login security.
No more complex security settings, Defender’s malware scanner, firewall, and login security features add all the hardening and security you need.
Enjoy complete site protection from malware, vulnerabilities, and bot attacks from the start with Defender Pro.
Level up security immediately with exclusive Pro features like scheduled malware scanning, Safe Repair for suspicious files, and known WordPress vulnerability detection. Learn more about Pro.
Defender’s one-click security hardening recommendations instantly adds layers of protection and security to your site.
Defender’s malware scanner security checks for suspicious code and malware. It also compares your WordPress install with the WP directory master copy, and reports any changes so you can restore the original file with a click.
Easily add an extra layer of protection and security to your WordPress sites with Defender’s two-factor authentication (2FA) features. Including: mobile app verification (Google Authenticator, Microsoft Authenticator, Authy), backup code generation, lost device emails, WooCommerce 2FA, Biometric Authentication (fingerprint/facial recognition), and Hardware Key Authentication (USB security keys). Easily prevent brute force attacks and login security vulnerabilities.
Brute force attacks are no match for Defender’s login security. Limit login attempts so hackers can’t guess passwords. Permanently ban IPs or trigger a timed lockout after a set number of failed login attempts. Use Geo IP blocking to ban users from specific countries or locations.
Improve your website security with Defender’s IP manager and firewall. Manually block specific IPs, import a list of banned IPs, and set automated timed and permanent lockouts. Defender makes it easy to block and unblock specific locations quickly thanks to its advanced firewall security(WAF) offering Geographical IP blocking.
Add user agents to the block or allowlist and stop bad bots from spamming and scraping your site. All major search engines and special network bots are allow-listed out of the box. Easy to set up, Defender’s user agent banning tool does all the security work, with no editing of the .htaccess file required.
Add reCAPTCHA security to your login / registration pages, lost password forms, and post comments in a couple of steps to up security and help protect from fraud and abuse. Select reCAPTCHA type, language, location, and style to suit. As well as Google, Defender also supports the following reCAPTCHA types:
Defender makes it easy to move your login screen to a custom URL. Not only does login screen masking improve security, but it also lets you white label your login user experience and improves branding.
Enhance site security by forcing all users with selected roles to reset their password at any time. Especially helpful if you suspect a possible data breach on your site.
Protect your site against common attacks, such as: XSS, code injection, cross site scripting, and more. Enable the following security headers:
Detect when bots are being used to scan your site for security vulnerabilities and shut them down. The 404 limiter lets you stop the scan by detecting when a bot keeps visiting pages that do not exist, which can also save you from a giant strain on your site’s performance.
Defender runs surveillance and sends security notifications with information that matters. All activity and notifications are recorded in the activity log to let you see at a glance the website security actions that have been taken by the Defender security plugin.
Save your Defender security plugin configurations and reapply them to your other sites in just a few clicks. You can create and save an unlimited number of security configurations.
Entered passwords are checked against public database breach records to further boost security. If a password is identified as compromised, the user will be asked to change it.
Create your IP block/allow list once, then apply and automatically sync it to all your other sites with just a single click. Save hours by not having to manually add IPs to each individual site. *Note: a [free WPMU DEV account] (https://wpmudev.com/register) is required to access this feature.
★★★★★
“I found other pro security plugins a bit too fiddly for my taste…I’m delighted with Defender” – KeithADV
★★★★★
“Thank you for bringing back a free and easy to use 2-Factor Authentication after Clef! Defender helps keep me aware of my site’s security.” – awijasa
★★★★★
“Defender’s interface is very intuitive with warnings that are very helpful” – djohns
★★★★★
“Defender Recently blocked over 3000 attacks in one week without any noticeable impact on the website. WPMUDEV knocking it out of the park on this one.” – David Oswald
If you’re running a business website or eCommerce store, privacy, security, uptime and trust are essential.
The Defender security plugin is here to help you: it’s a one of a kind WordPress security plugin that makes web security easy for anyone, for free!
All the above is free and will enhance WordPress security for you. If you need extra security for your WordPress site, you should get a WPMU DEV Membership.
Our Membership gives you access to Defender Pro – which security features include automated scanning, scheduled malware scans for Core, themes, plugins and other files, audit logs, firewall protection, Safe Repair, Blocklist monitoring – alongside Snapshot Pro cloud backups, the Hub with automated plugin, theme and core updates and safe-upgrade scans, all our premium WordPress plugins, 24/7 WordPress support and if your sites already been hacked our team of security experts will clean it up at no additional cost.
It’s an incredible deal, and you can find out more here.
WPMU DEV is a premium supplier of quality WordPress plugins and themes. For premium support with any WordPress-related issues you can join us here:
https://wpmudev.com/
Don’t forget to stay up to date on everything WordPress from the Internet’s number one resource:
WPMU DEV Blog
Hey, one more thing… we hope you enjoy our free offerings as much as we’ve loved making them for you!
wp-defender
plugin to your /wp-content/plugins/
directory.defender
menu item in the WordPress dashboard.Malware scans and one-click website security hardening recommendations.
Layered security recommendations let you harden your site with a few clicks.
Compare your WordPress install with the directory and restore original files with a click.
Use 2-Step Verification (2FA) to protect your accounts with your phone.
IP blocklisting, 404 limiter, Geo IP Blocking, and Timed Lockout attack shield.
Defender is built to add all the best hardening and website security recommendations used by the pros without having to become a security expert. This means you get all the most effective and proven protection methods other services provide with fewer settings, one-click hardening and faster setup.
Hackers and bot attacks are not the only security threats to your site. No matter what security plugin or service you use, always be prepared with a secure backup stored in a safe location away from your live site. Security does not protect from hosting outages, server errors and accidentally lost or damaged data. We recommend Snapshot. Defender with scheduled managed backups is the best way to keep your site safe.
Yes! Defender’s Firewall gives you robust site protection and security by allowing you to block bad bot IPs and use geographical IP blocking
You can. Just make sure not to enable the same security features in the third-party plugin that you also have enabled in Defender, as this might cause conflicts, such as malware scanners, firewall, and login security features.
Yes! All of Defender’s security features are fully compatible with a multisite installation. It can be network enabled and managed from the network admin.
A high percentage of Trackbacks and Pingbacks are spam. Defender allows you to easily disable both, giving you added security and protection.
Yes. Defender’s IP banning, IP lockout, and 404 detection security features can identify DDoS attacks and block bad IPs.
Add the code below to your theme’s function.php file, which you’ll find in the main directory of an active theme. Replace “YOUR IP HERE” with your IP address. Use a site like whatsmyip to get your IP.
add_filter( 'ip_lockout_default_whitelist_ip', function ( $ips ) { $ip = 'YOUR IP HERE'; $ips[] = $ip; return $ips; } );
WPMU DEV’s expert support can advise you on how to clean up your site if it’s been hacked. Create a new thread in our support forum, or Defender Pro gives you access to 24/7 live support.
We take plugin security incredibly seriously; if you have a bug or vulnerability to report, you can do so through the Patchstack Vulnerability Disclosure Program. It’s fast, easy, and you will be notified when the issue is fixed. Report a vulnerability.
Please open a new thread in Defender’s support forum. Our support team is always happy to help!