Defender Security – Malware Scanner, Login Security & Firewall


Defender adds the best in WordPress security plugin to your website with just a few clicks. Stop brute force attacks, SQL injections, cross-site scripting XSS, and other WordPress vulnerabilities and hacks with Defender malware scans, antivirus scans, IP blocking, firewall, activity log, security log, and two-factor authentication login security.

No longer do you have to go through hideously complex settings and get a virtual PhD in security. Defender adds all the hardening and security recommendations you need.

Security Recommendations

Defender rozpoczyna się od listy zabezpieczeń za pomocą jednego kliknięcia, które natychmiast dodadzą warstwy ochrony do witryny.

Blokuj hakerów na każdym poziomie:

  • Two-factor authentication – passwords and mobile app verification codes
  • Login masking – change the location of WordPress’s default login area
  • Login lockout – failed login attempts lockout
  • 404 Detection – automated block of bot IPs
  • Geolocation IP lockout – block users based on location and country (IP blocking)
  • WordPress Security Firewall – block or allowlist IPs
  • Disable trackbacks and pingbacks – spam prevention
  • Core and server update recommendations – stay on top of your system
  • Disable file editor – if they get in, they won’t get far
  • Hide error reporting – don’t reveal your issues
  • Update security keys – reset on-demand
  • Prevent information disclosure – why tell them what you have
  • Prevent PHP execution – because it’s daaaangerous
  • Resolve security recommendations and issues in bulk

Learn The Ropes With These Hands-On Defender Tutorials

WordPress Security Scans

Run free malware scans that check WordPress for suspicious code and malware. The Defender scan tool compares your WordPress install with the master copy in WP directory, reports changes and lets you restore the original file with a click.

Dwuetapowa weryfikacja Google

Join the millions of users that make their accounts safer with Google 2-Step Verification – along with other third-party integrations like Microsoft Authenticator and Authy. Activate two-factor authentication and protect your account with both your password and your phone.

Firewall and IP Manager

Keep your site safe with Defender’s IP manager and firewall. Manually block specific IPs, import a list of banned IPs and set automated timed and permanent lockouts. Defender makes it easy to block and unblock specific locations quickly thanks to its advanced firewall (WAF).

Ochrona logowania

Ataki Brute Force nie mogą się równać z wtyczką Defender. Ogranicz próby logowania, aby zatrzymać użytkowników próbujących odgadnąć hasła. Trwale zablokuj adresy IP lub uruchom blokadę czasową po określonej liczbie nieudanych prób logowania.

Maskowanie adresu logowania

Defender makes it easy to move your login screen to a custom URL. Not only does login screen masking improve security, but it also lets you white label your login user experience and improves branding.

Ogranicznik błędów 404

Defender detects when bots are being used to scan your site for vulnerabilities and shuts them down. The 404 limiter lets you stop the scan by detecting when a bot keeps visiting pages that do not exist, which can also save you from a giant strain on your site’s performance.

Powiadomienia i raporty

Defender prowadzi nadzór i wysyła powiadomienia z ważnymi informacjami.

What Do People Say About Defender?

“I found other pro security plugins a bit too fiddly for my taste…I’m delighted with Defender” – KeithADV

“Thank you for bringing back a free and easy to use 2-Factor Authentication after Clef! Defender helps keep me aware of my sites security.” – awijasa

“Defender’s interface is very intuitive with warnings that are very helpful” – djohns

“Defender Recently blocked over 3000 attacks in one week without any noticeable impact on the website. WPMUDEV knocking it out of the park on this one.” – David Oswald

Secure Websites, More Trust, Better Profit

Your visitors expect a super-safe extra secure website when deciding whether or not to make a purchase or submit information. If visitors don’t trust your site, they will leave without completing a transaction.

If you’re running a business website or eCommerce store privacy, security, uptime and trust are essential.

Defender is here to help you: it’s a one of a kind WordPress security plugin that makes web security easy for anyone, for free!

  • Dwuetapowa weryfikacja Google
  • Ulepszanie witryny i poprawianie bezpieczeństwa za pomocą jednego kliknięcia
  • Skanowanie i naprawa podstawowych plików WordPress
  • Maskowanie adresu logowania
  • IP Blocklist manager and logging
  • Nieograniczone skanowanie plików
  • Timed Lockout brute force attack shield for login protection
  • Ogranicznik błędów 404 do blokowania skanowań luk w zabezpieczeniach
  • Powiadomienia i raporty o blokowaniu IP

Defender is built to make security simple: it makes your WordPress site harder to hack and it’s insanely easy to set up. Run a scan and implement recommended changes in one-click, for added security in mere minutes.

All the above is free and will secure WordPress for you. If you need extra security for your WordPress site, you should get WPMU DEV Membership.

Our Membership gives you access to Defender Pro – which features automated scanning, scheduled malware scans for Core, themes, plugins and other files, audit logs, Blocklist monitoring – alongside Snapshot Pro cloud backups, the Hub with automated plugin, theme and core updates and safe-upgrade scans, all our premium WordPress plugins, 24/7 WordPress support and if your sites already been hacked our team of security experts will clean it up at no additional cost.

It’s an incredible deal, and you can find out more here.

A Note From Defender

Hey! This is Defender, your trusted solution for WordPress security and hack prevention. I’m part of the WPMU DEV team, a superhero-suite of WordPress plugins, services, and support. Here are some of our other free plugins:

  • Smush – Image Compression and Optimization
  • Forminator – Form, Quiz, Poll and Survey Builder
  • Hummingbird – Page Speed Optimization
  • Hustle – Pop-ups, Slide-ins and Email Opt-ins
  • SmartCrawl – SEO checker, Analyzer and Optimizer

And if you need ALL our Pro plugins AND 24/7 WordPress support, get WPMU DEV membership! You can try it free for 30 days:

My superhero friends run the WPMU DEV Blog, your source for the very best WordPress tutorials. If you need to be in the know about WordPress, check it out.

Thanks for looking at Defender, and I look forward to hardening your site and making it safer than ever.

Enjoy, The Defender

O nas

WPMU DEV is a premium supplier of quality WordPress plugins and themes. For premium support with any WordPress related issues you can join us here:

Don’t forget to stay up to date on everything WordPress from the Internet’s number one resource:

Hej, jeszcze jedno … mamy nadzieję, że podoba ci się nasza bezpłatna oferta, tak samo jak my uwielbiamy ją dla ciebie robić!

Zrzuty ekranów

  • Malware scans and one-click hardening recommendations.
  • Layered security recommendations let your harden your site with a few clicks.
  • Porównuje instalację WordPress z katalogiem i przywraca oryginalne pliki jednym kliknięciem.
  • Użyj weryfikacji dwuetapowej, aby chronić swoje konta za pomocą telefonu.
  • IP blocklisting, 404 limiter and Timed Lockout attack shield.


  1. Prześlij wtyczkę wp-defender do katalogu /wp-content/plugins/.
  2. Aktywuj wtyczkę poprzez menu 'Wtyczki' w WordPress.
  3. Skonfiguruj i zarządzaj przy użyciu elementu menu Defender na pulpicie nawigacyjnym WordPress.
  4. Gotowe!


Dlaczego powinienem wybrać Defender zamiast innych wtyczek bezpieczeństwa?

Defender is built to add all the best hardening and security recommendations used by the pros without having to become a security expert. This means you get all the most effective and proven protection methods other services provide with fewer settings, on-click hardening and faster setup.

Czy Defender to jedyny krok, który muszę podjąć, aby zabezpieczyć moją witrynę WordPress?

Hackers and bot attacks are not the only threat to your site. No matter what security plugin or service you use, always be prepared with a secure backup stored in a safe location away from your live site. Security does not protect from hosting outages, server errors and accidentally lost or damaged data. We recommend Snapshot. Defender with scheduled managed backups is the best way to keep your site safe.

Help! I was already hacked. What should I do?

WPMU DEV’s expert support will restore and clean up your site after it’s been hacked for free with a 30 day trial of Defender Pro. If you have a backup, we’ll minimize your downtime by activating the most recent clean version of your site. Our experts will then scan your site with Defender to find and fix known vulnerabilities, permanently remove the malicious code and set up his firewall of cyber muscle.


6 maja 2021
Thanks for making a free version. This is a great plugin, Highly recommended.
Przeczytaj 134 recenzje

Kontrybutorzy i deweloperzy

„Defender Security – Malware Scanner, Login Security & Firewall” jest oprogramowaniem open source. Poniższe osoby miały wkład w rozwój wtyczki.


Wtyczka “Defender Security – Malware Scanner, Login Security & Firewall” została przetłumaczona na 14 języków. Podziękuj tłumaczom za ich wkład.

Przetłumacz wtyczkę “Defender Security – Malware Scanner, Login Security & Firewall” na swój język.

Interesuje cię rozwój wtyczki?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Log zmian

2.4.10 ( 2021-04-05 )

  • New: Add WP CLI commands to reset mask login settings
  • Enhance: Update links to
  • Enhance: Prevent PHP Execution/Prevent Information Disclosure (show manual instructions on Apache tab)
  • Enhance: Bulk Unblock/Undo actions on Active Lockouts
  • Enhance: Adjust Malware scanning logic to reduce false-positive reports
  • Enhance: Malware Scanning – Disable delete button for a report, when a third-party plugin is active
  • Enhance: Change count-logic for total value of issues shown on a main widget and Defender’s menu
  • Enhance: Improve the behavior of the Active tag on configs feature
  • Enhance: Custom notification email for 'When Failed to scan' is not imported to Config
  • Enhance: Compatibility with WordPress 5.7
  • Enhance: Update minimum supported WordPress version
  • Enhance: New Manage Notifications button on notification widget
  • Enhance: In Notifications and Dashboard pages, replace „-” with text under Schedule
  • Fix: No error when restore core file fails
  • Fix: Cron issues for Audit and Firewall modules
  • Fix: Defender sending 404 Detection notifications when that type is turned off
  • Fix: Remove old deprecated code of recommendations in DB
  • Fix: Duplicate IP addresses on Active Lockouts
  • Fix: Display different frequency for different timezones
  • Fix: 404 Detection timeframe is not imported to Config
  • Fix: Showing banner without content on profile page
  • Fix: Active Lockouts pagination seems broken
  • Fix: Link Defender Settings redirects to Defender Dashboard page on WP plugin page

2.4.9 ( 2021-03-17 )

  • Fix: Stability fixes

2.4.8 ( 2021-03-12 )

  • Fix: Unescaped DB parameters

2.4.7 ( 2021-03-01 )

  • New: Sync Config from Defender with The Hub
  • Enhance: Making „Enable Tag” clickable in the notification widget
  • Enhance: Allow capital letters in Masked Login
  • Enhance: New WP CLI commands for file scanning, reset settings, and clear firewall data
  • Enhance: Reducing false-positive reports in malware scanning
  • Enhance: Check plugins and themes against the repository
  • Enhance: Adding pagination in Malware Scanning grid
  • Enhance: Update text for Suspicious Code scan type options
  • Enhance: Bulk configure – Add to reports/Remove from reports options
  • Enhance: Improve table performance
  • Enhance: Remove hero image when Branding is set to custom for activated Whitelabel
  • Fix: Storage logs not deleted
  • Fix: Update code preview in Malware Scanning
  • Fix: MaxMind DB Reader API version update
  • Fix: Keep empty IP for internal or private IPs
  • Fix: Failed login attempt with an empty banned username
  • Fix: Audit Log Export
  • Fix: Loopback request could not be completed
  • Fix: Subsites login area is blocked for network users
  • Fix: Mask login can be bypassed with wp-signup.php for single sites
  • Fix: Ability to use dash symbol at the start/end of New Login URL slug ( 2021-02-12 )

  • Fix: Security vulnerability for Two Factor Authentication

2.4.6 ( 2021-01-27 )

  • Security: Malware scan doesn’t detect Backdoor:PHP/WP-VCD
  • Security: Malware scanning issues with Avada theme
  • Enhance: PHP 8 compatibility
  • Enhance: Mobile UI improvement for IP lockout logs
  • Enhance: Remove menu icon with issue indicator when there are no Scan and Tweak issues
  • Enhance: Suspicious Code scan type is deactivated by default
  • Fix: Defender security headers not applied when Hummingbird caching is active
  • Fix: Revert button not working for certain recommendations
  • Fix: Remember Light mode/Dark mode selection for Malware Scanning code preview
  • Fix: Resend Invite option is not showing for added users (Add users/Invite by Email)
  • Fix: Read More link showing in blue color when High Contrast Mode is ON
  • Fix: Fix footer link URL
  • Fix: showing multiples times on the firewall logs page
  • Fix: Unsubscribe icon is not showing correctly on the notifications page
  • Fix: Console errors on various pages when WooCommerce is activated
  • Fix: Display error for enabled Mask Login and Site Health request
  • Fix: Mask Login Area restricted slugs
  • Fix: Showing all files in WP core as modified
  • Fix: Defender locking out users and detecting wrong user IP
  • Fix: 2FA can’t be forced with WooCommerce
  • Fix: Disable File Editor tweak reset
  • Fix: Issues on Flywheel hosting stability improvements
  • Fix: Admin email duplicates in Bulk notification modal
  • Fix: Multiple notifications still being sent after update to 2.4.4
  • Fix: Error when requesting API on the Audit logs page
  • Fix: Audit log does not log all plugins when activated/deactivated in batches

2.4.5 ( 2020-12-21 )

  • New: Add pagination option for IP lockout logs
  • Enhance: Display Blocklist Monitor in the config structure
  • Fix: Malware Scanning marks own files as suspicious
  • Fix: The IP shows as blocked
  • Fix: Display Notifications in the Hub
  • Fix: File Scan display issue in MS Edge
  • Fix: Hero Image overlaps in Preset Configs
  • Fix: Redirect Url UI needs improvement on Choose redirect page
  • Fix: Display MaxMind link

2.4.4 ( 2020-12-07 )

  • Enhance: Change text to 'Security Issue(s)' in the dashboard widget
  • Enhance: Compatibility with WordPress 5.6
  • Fix: Hub synchronization with Defender
  • Fix: Suspicious code found in WPMU DEV plugins
  • Fix: PHP warnings and notices for Firewall and Scan modules
  • Fix: wp_login_form() not working with Masked Login
  • Fix: Chinese URL shows two-digit hexadecimal numbers
  • Fix: IP’s text goes outside the box in Firewall Logs after bulk action
  • Fix: Deactivate button not working first time if there is nothing in Choose redirect page URL in Mask Login Area
  • Fix: Update text in Security Recommendations Report
  • Fix: Typo in Security Recommendations 'Prevent user enumeration', 'Update old security keys', 'Manage Login Duration'
  • Fix: While Activating/Deactivating Firewall module, it shows the same message notification
  • Fix: Enabling of Prevent Information Disclosure for Apache server

Changelog for previous versions.