Defender Security – Malware Scanner, Login Security & Firewall


Defender adds the best in WordPress security plugin to your website with just a few clicks. Stop brute force attacks, SQL injections, cross-site scripting XSS, and other WordPress vulnerabilities and hacks with Defender malware scans, antivirus scans, IP blocking, firewall, activity log, security log, and two-factor authentication login security.

No longer do you have to go through hideously complex settings and get a virtual PhD in security. Defender adds all the hardening and security tweaks you need.

Ulepszenia bezpieczeństwa

Defender rozpoczyna się od listy zabezpieczeń za pomocą jednego kliknięcia, które natychmiast dodadzą warstwy ochrony do witryny.

Blokuj hakerów na każdym poziomie:

  • Two-factor authentication – passwords and mobile app verification codes
  • Login masking – change the location of WordPress’s default login area
  • Login lockout – failed login attempts lockout
  • 404 Detection – automated block of bot IPs
  • Geolocation IP lockout – block users based on location and country (IP blocking)
  • WordPress Security Firewall – block or whitelist IPs
  • Disable trackbacks and pingbacks – spam prevention
  • Core and server update recommendations – stay on top of your system
  • Change default database prefix – they won’t find this
  • Disable file editor – if they get in, they won’t get far
  • Hide error reporting – don’t reveal your issues
  • Update security keys – reset on-demand
  • Prevent information disclosure – why tell them what you have
  • Prevent PHP execution – because it’s daaaangerous

Learn The Ropes With These Hands-On Defender Tutorials

WordPress Security Scans

Run free malware scans that check WordPress for suspicious code and malware. The Defender scan tool compares your WordPress install with the master copy in WP directory, reports changes and lets you restore the original file with a click.

Dwuetapowa weryfikacja Google

Now you can easily join the millions of users that make their accounts safer with Google 2-Step Verification. Activate two-factor authentication and protect your account with both your password and your phone.

Firewall and IP Manager

Keep your site safe with Defender’s IP manager and firewall. Manually block specific IPs, import a list of banned IPs and set automated timed and permanent lockouts. Defender makes it easy to block and unblock specific locations quickly thanks to its advanced firewall (WAF).

Ochrona logowania

Ataki Brute Force nie mogą się równać z wtyczką Defender. Ogranicz próby logowania, aby zatrzymać użytkowników próbujących odgadnąć hasła. Trwale zablokuj adresy IP lub uruchom blokadę czasową po określonej liczbie nieudanych prób logowania.

Maskowanie adresu logowania

Defender makes it easy to move your login screen to a custom URL. Not only does login screen masking improve security, but it also lets you white label your login user experience and improves branding.

Ogranicznik błędów 404

Defender detects when bots are being used to scan your site for vulnerabilities and shuts them down. The 404 limiter lets you stop the scan by detecting when a bot keeps visiting pages that do not exist, which can also save you from a giant strain on your site’s performance.

Powiadomienia i raporty

Defender prowadzi nadzór i wysyła powiadomienia z ważnymi informacjami.

What Do People Say About Defender?

“I found other pro security plugins a bit too fiddly for my taste…I’m delighted with Defender” – KeithADV

“Thank you for bringing back a free and easy to use 2-Factor Authentication after Clef! Defender helps keep me aware of my sites security.” – awijasa

“Defender’s interface is very intuitive with warnings that are very helpful” – djohns

“Defender Recently blocked over 3000 attacks in one week without any noticeable impact on the website. WPMUDEV knocking it out of the park on this one.” – David Oswald

Secure Websites, More Trust, Better Profit

Your visitors expect a super-safe extra secure website when deciding whether or not to make a purchase or submit information. If visitors don’t trust your site, they will leave without completing a transaction.

If you’re running a business website or eCommerce store privacy, security, uptime and trust are essential.

Defender is here to help you: it’s a one of a kind WordPress security plugin that makes web security easy for anyone, for free!

  • Dwuetapowa weryfikacja Google
  • Ulepszanie witryny i poprawianie bezpieczeństwa za pomocą jednego kliknięcia
  • Skanowanie i naprawa podstawowych plików WordPress
  • Maskowanie adresu logowania
  • Menedżer i rejestrowanie czarnej listy IP
  • Nieograniczone skanowanie plików
  • Timed Lockout brute force attack shield for login protection
  • Ogranicznik błędów 404 do blokowania skanowań luk w zabezpieczeniach
  • Powiadomienia i raporty o blokowaniu IP

Defender is built to make security simple: it makes your WordPress site harder to hack and it’s insanely easy to set up. Run a scan and implement recommended changes in one-click, for added security in mere minutes.

All the above is free and will secure WordPress for you. If you need extra security for your WordPress site, you should get WPMU DEV Membership.

Our Membership gives you access to Defender Pro – which features automated scanning, scheduled malware scans for Core, themes, plugins and other files, audit logs, Blacklist monitoring – alongside Snapshot Pro cloud backups, the Hub with automated plugin, theme and core updates and safe-upgrade scans, all our premium WordPress plugins, 24/7 WordPress support and if your sites already been hacked our team of security experts will clean it up at no additional cost.

It’s an incredible deal, and you can find out more here.

A Note From Defender

Hey! This is Defender, your trusted solution for WordPress security and hack prevention. I’m part of the WPMU DEV team, a superhero-suite of WordPress plugins, services, and support. Here are some of our other free plugins:

  • Smush – Image Compression and Optimization
  • Forminator – Form, Quiz, Poll and Survey Builder
  • Hummingbird – Page Speed Optimization
  • Hustle – Pop-ups, Slide-ins and Email Opt-ins
  • SmartCrawl – SEO checker, Analyzer and Optimizer

And if you need ALL our Pro plugins AND 24/7 WordPress support, get WPMU DEV membership! You can try it free for 30 days:

My superhero friends run the WPMU DEV Blog, your source for the very best WordPress tutorials. If you need to be in the know about WordPress, check it out.

Thanks for looking at Defender, and I look forward to hardening your site and making it safer than ever.

Enjoy, The Defender

O nas

WPMU DEV is a premium supplier of quality WordPress plugins and themes. For premium support with any WordPress related issues you can join us here:

Don’t forget to stay up to date on everything WordPress from the Internet’s number one resource:

Hej, jeszcze jedno … mamy nadzieję, że podoba ci się nasza bezpłatna oferta, tak samo jak my uwielbiamy ją dla ciebie robić!

Zrzuty ekranów

  • Malware scans and one-click hardening recomendations.
  • Dzięki poprawkom twoja witryna będzie bezpieczniejsza dzięki kilku kliknięciom.
  • Porównuje instalację WordPress z katalogiem i przywraca oryginalne pliki jednym kliknięciem.
  • Użyj weryfikacji dwuetapowej, aby chronić swoje konta za pomocą telefonu.
  • IP blacklisting, 404 limiter and Timed Lockout attack shield.


  1. Prześlij wtyczkę wp-defender do katalogu /wp-content/plugins/.
  2. Aktywuj wtyczkę poprzez menu 'Wtyczki' w WordPress.
  3. Skonfiguruj i zarządzaj przy użyciu elementu menu Defender na pulpicie nawigacyjnym WordPress.
  4. Gotowe!


Dlaczego powinienem wybrać Defender zamiast innych wtyczek bezpieczeństwa?

Defender został stworzony w celu dodania najlepszych usprawnień i poprawek bezpieczeństwa używanych przez profesjonalistów bez konieczności bycia ekspertem ds. Bezpieczeństwa. Oznacza to, że otrzymujesz wszystkie najbardziej skuteczne i sprawdzone metody ochrony, które oferują inne usługi, z mniejszą ilością ustawień i szybszą konfiguracją przy pomocy jednego kliknięcia.

Czy Defender to jedyny krok, który muszę podjąć, aby zabezpieczyć moją witrynę WordPress?

Hackers and bot attacks are not the only threat to your site. No matter what security plugin or service you use, always be prepared with a secure backup stored in a safe location away from your live site. Security does not protect from hosting outages, server errors and accidentally lost or damaged data. We recommend Snapshot. Defender with scheduled managed backups is the best way to keep your site safe.

Help! I was already hacked. What should I do?

WPMU DEV’s expert support will restore and clean up your site after it’s been hacked for free with a 30 day trial of Defender Pro. If you have a backup, we’ll minimize your downtime by activating the most recent clean version of your site. Our experts will then scan your site with Defender to find and fix known vulnerabilities, permanently remove the malicious code and set up his firewall of cyber muscle.


8 listopada 2020
It is super reliable and has powerful settings, yet easy to change. My website is a virtual store that receives many attempts at attacks and I have been very successful with Defender and I intend to migrate to the Pro version. Congratulations to the WPMU Dev team for the great work on the whole plugin! Thanks a lot!
8 listopada 2020
I downloaded & auto-installed this plugin from here. It offered me a trial, and after looking over what that involved, I decided I was interested and accepted the offer. It was supposed to do some kind of auto-setup, but that failed. It got my PayPal ID, but it never allowed me to set up any kind of account. I contacted support. Support told me to manually install the plugin. I replied back that I already had the plugin installed. I received no response after that, and since I was waiting for a reply that never came, it slipped my mind. Today I was charged for a subscription. I contacted support again about this. They told me that they could find no record of my PayPal transaction ID. They wanted me to give them my CREDIT CARD INFORMATION over an INSECURE CHAT WINDOW even though I made it clear that I USED PAYPAL. They also told me that they couldn't charge my PayPal unless I had made an account (which is a lie). Normally, I would just dispute this subscription with PayPal. But this slippery scammer has it set up so you can't dispute any transactions with them in PayPal. I don't know how they did it... it's the first time that PayPal has ever told me that this "type" of subscription can't be disputed. I'm seriously considering writing an article about this experience because it seems to me that this developer should've been called out on this kind of scammy behaviour a long time ago.
26 października 2020
Tem tudo! A autenticação de dois fatores é ótima! É uma pena não poder trocar o ícone quando o usuário bloqueado. Isso só tem na versão PRO.
26 października 2020
It looked promising but I never got frustrated with a plugin like this. On all my sites, I set Notifications to OFF but still got emails. Then I click on unsubscribe and it still is OFF but emails I got bombet with email for all my 20 Domains. Now I have to remove it from each of them. Never ever again!
23 października 2020
It broke my site. Many settings deeply disrupt the website structure. Be careful.I tried very hard to restore it.
20 października 2020
This does what it says but above all, what I really like about this versus the other security plugin is it has all those notifications which instructs me what to turn off and what to do. It's amazing.
Przeczytaj 71 recenzji

Kontrybutorzy i deweloperzy

„Defender Security – Malware Scanner, Login Security & Firewall” jest oprogramowaniem open source. Poniższe osoby miały wkład w rozwój wtyczki.


Wtyczka “Defender Security – Malware Scanner, Login Security & Firewall” została przetłumaczona na 14 języków. Podziękuj tłumaczom za ich wkład.

Przetłumacz wtyczkę “Defender Security – Malware Scanner, Login Security & Firewall” na swój język.

Interesuje cię rozwój wtyczki?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Log zmian


  • New: Add a separate Tutorials sub-menu and X-icon to remove it from the Dashboard
  • Improvement: Change mention of blacklist and whitelist to blocklist and allowlist on Defender pages
  • Improvement: Change Documentation links for Firewall and Malware Scanning
  • Improvement: Config Improvements
  • Fix: Display custom login forms if the Defender Masking URL is enabled
  • Fix: Receive email from Defender security tweaks daily
  • Fix: Activate 'Mask Login Area' through the Defender dashboard
  • Fix: Correct display of the Audit log for a new registered user – except for a Subscriber role – in MU
  • Fix: Masked login alters ajaxurl in MU in sites table page
  • Fix: Remove 'ambient-light-sensor', 'picture-in-picture', 'speaker' and 'vr' directives from Feature-Policy header
  • Fix: Compatibility with HUB
  • Other minor enhancements and fixes


  • New: Feature to save presets configurations of the Defender’s settings, and make them available to download and apply to your other sites.
  • New: Add tutorials section in the Defender dashboard.
  • Improvement: Allow to bulk delete suspicious files
  • Improvement: Improve the logic of how „Include sub-domains” option should be shown on the Strict Transport Security header
  • Fix: Prevent wp-signup.php to access when Mask Login is enabled.
  • Fix: 2FA login does not redirect correctly after login via the my-account page of Woocommerce
  • Remove: Change default database prefix, as this can be bypass.
  • Other minor enhancements and fixes


  • Improvement: Change the description for X-Content-Type-Options security header
  • Fix: The WAF widget and WAF page will be hidden when white label activated
  • Fix: Include Subdomain option for Strict Transport security header
  • Fix: Cron for Audit logs
  • Other minor enhancements and fixes


  • New: WPMU DEV’s Hosted Web Application Firewall (WAF) is a first layer of protection to block hackers and bot attacks before they ever reach your site. Websites hosted with WPMU DEV can now use this advanced WAF by enabling it via your site’s Security or Hosting tab in The Hub.
  • Improvement: Moved the security headers out of Security Tweaks and into their own section inside Advanced Tools.
  • Improvement: Relocated Two-Factor Authentication to it’s own menu item and area.
  • Improvement: Renamed a couple of modules to more accurately reflect what they do.
  • Fix – Minor bugs and improvements


  • Improvement: Add plugin configuration import/export option for Hub
  • Improvement: HSTS Maximum age of Strict Transport Security header added 30 days, 2 years
  • Improvement: Update copy for MaxMind license key
  • Fix: Separate email subjects of templates for scan notifications
  • Fix: Warning open_basedir restriction in effect
  • Fix: 2FA required even if the role is unchecked
  • Fix: Preview for Lockout Custom Message doesn’t work
  • Fix: Sending lockout emails even though they are disabled
  • Other minor enhancements and fixes


  • Fix: Audit Logging sometime triggers a fatal error on some setups.


  • Improvement: Frequency of Security Tweak notifications reduced to 7 days
  • Fix: GeoIP now compatible with new MaxMind policy
  • Fix: Mask login URL now allow URL with an extension
  • Fix: Lockout notification email now displays correct time unit
  • Fix: Get started screen appears only where required
  • Fix: Manage your email preferences & unsubscribe email link now works
  • Fix: Strict Transport Security Header now shows subdomain option on the root domain
  • Fix: On login lockout, Defender doesn’t block IP permanently
  • Fix: Mask login won’t block admin links from email
  • Other minor enhancements and fixes


  • Fix: Displaying Defender pages after activating the plugin.


  • Fix: Security tweaks self ping cause performance issues.


  • Improvement: Increased the frequency of Security Tweak notifications from daily to weekly.
  • Fix: Two-Factor activate/deactivate not working as expected.
  • Fix: Defender IP Lockouts was blocking Hub services.
  • Fix: Error when bulk deletes lockout logs, without selecting any.
  • Fix: Active Translation in General Settings was not using the language that had been set.
  • Fix: The first time you setup the Blacklist location, it doesn’t save.
  • Fix: Security Keys tweaks showing decimals in status.
  • Fix: Enforcing Security Header tweaks revert when you refresh the page.
  • Fix: Lockout duration in email notification now reflects the right setting instead of always in seconds.
  • Fix: Missing logs from the Audit logging screen.
  • Remove: WordPress REST API security tweak. This feature was causing many sites to break basic functionality so we’ve decided to remove it.
  • Other minor enhancements and fixes


  • Feature: New security tweaks: Security headers
  • Feature: New security tweak: Block WordPress Rest API
  • Feature: New security tweak: Prevent user enumeration
  • Feature: Ability to talk with HUB for syncing Defender settings.
  • Improvement: Add ability to ban by filename/extension
  • Improvement: Allow user to change the retention period of Audit Logs in Defender
  • Improvement: Add the ability for an admin to unblock a temporarily blocked IP.
  • Improvement: Add 'Your current time' to Reporting tabs
  • Fix: Email link still goes to wp-admin instead of masked one, if use Defender Mask Login
  • Fix: Css z-index issue with Quick setup modal
  • Fix: Use hostname instead of wp-defender in authenticator app
  • Fix: Minor grammar and UX improvements.


  • Fix: Add the correct css wrapper class to body


  • Fix: Mask Login cause issue when visiting /wp-admin/network/sites.php


  • Feature: Security tweaks will send reminder when no tweaks were actioned after activation
  • Improvement: Scanning will be more catchy, especially with code using eval function, however that can lead to more false positive, please consider to check with our support before delete the file.
  • Fix: Bring back the tooltips system
  • Fix: Audit filter links doesn’t reflect the right results if open in new tab
  • Fix: Filtering issue type in scanning now show correct results.
  • Fix: Scanning notification keep sending when the setting turn to „off”
  • Fix: User IP in IP Lockout->Blacklist now show the correct IP.
  • Fix: Bring back the subject customization field in Scanning email config.
  • Fix: Manage Login Duration wont make user to login twice anymore.
  • Fix: Audit filtering by user now working properly
  • Fix: We change the Audit logging items' color from red to more neutral.
  • Fix: Ad Widget won’t be show in vulnerability list by accident anymore
  • Fix: Bottom bulk selector in Scanning page now work properly
  • Fix: Deprecate warning from the function strpos() in php 7.3
  • Fix: Sync issues with HUB will be more consistent.
  • Fix: Mask login doesn’t work properly if WordPress get installed in a sub-folder
  • Fix: Conflict with Avada theme which making scanning stuck
  • Fix: Gracefully handle error when php dom extension does not install
  • Fix: Prevent factory reset revert database prefix into wp_ even though it was not set by Defender.
  • Fix: Prevent slashes added in email template
  • Fix: Minor grammar and UX improvements.


  • Feature: Defender Pro now supports the WPMU DEV Dashboard’s white label feature.
  • Feature: You can now perform a factory reset of Defender’s settings via the Settings screen, as well as control what happens to data when the plugin is uninstalled.
  • Improvement: Defender File Scanning no longer identifies robots.txt as a potentially harmful file.
  • Improvement: We’ve turned off autocomplete on the two-factor authentication field so that previous codes don’t show up.
  • Fix: Fixed a conflict with Defender where the 404 lockout feature would lock out users who tried to access old Hummingbird cache files.
  • Fix: You can now view date ranges greater than 7 days for IP Lockout logs
  • Fix: Minor grammar and UX improvements.

  • Fix: Two-Factor Authentication QR code not being displayed on new device registration.


  • Fix: Prevent Information Disclosure corrupts htaccess code


  • New: Geo-based IP blocking. Completely block incoming traffic from specific countries to gain full control over who can and can’t access your site.
  • New: Upgraded design components and improved user experience across the board.
  • Fix: Corrupt .htaccess rules generated by Defender weren’t able to be re-applied when adding them a second time.
  • Fix: Users can no longer get past login masking when using double slashes.
  • Fix: Javascript errors prevented adding recipients to notifications and editing templates.
  • Fix: Blacklist monitoring could not be enabled on some sites.
  • Fix: Parse error on installations running PHP 5.3.
  • Improvement: Removed activation redirection and tooltips on first activation.
  • Other minor enhancements and fixes


  • Fix: permanent ban on 404 lockouts now sends correct email.
  • Fix: IP lockout logs not showing correct results/order on different pages.
  • Fix: IP lockout logs showing wrong badge for 404 lockouts.
  • Fix: 2FA not working properly when using Sensei plugin.
  • Other minor enhancements and fixes.


  • New: added tweak “Disable XML-RPC”
  • Improvement: Two factor authentication can now be force enabled by role.
  • Improvement: Masking URL description.
  • Fix: Compatibility with Appointments+ login when Mask Login is enabled.
  • Fix: /login/ will be blocked instead of redirecting to right login URL
  • Fix: new site registration email login URL will now show right Login URL instead of the original one when Mask URL is enabled.
  • Fix: Accessibility issue when activating 2FA.
  • Changes: Show Admin Pointer on initial Defender activation, and removing the redirect behavior.
  • Other minor enhancements and fixes


  • Fix: Mask Login Area description text is misleading
  • Fix: wp-admin link of sub-sites in networks link to wrong admin URL
  • Fix: Prevent Information Disclosure & Prevent PHP Execution show false error message when first applied
  • Fix: Dashboard reporting section mis-alignment
  • Other minor enhancements and fixes


  • New: Ability to edit default two-factor authentication email notifications
  • New: Added Privacy Policy in privacy guideline page
  • Improvements for lockout logs interface
  • Improvement: Smarter report default time.
  • Fix: Defender auto redirect issue when bulk activating plugins
  • Fix: saving 404 redirect URL issue
  • Fix: Some layouts are shifted on mobile devices
  • Other minor enhancements and fixes


  • New: Hide the default WordPress login URLs with the new Mask Login Area feature, giving you enhanced protection from hackers and bots.
  • New: Ability to force two-factor authentication for all users.
  • Fix: Fixed a bug where file scanning would detect wp-config.php as suspicious.
  • Fix: Fixed an issue where the lockout pages could be cached by external cache engines.


  • Fix: Defender now can recognize and verify Bing Bot for whitelisting
  • Fix: Lockout page now will use site title instead of the text 'WP Defender'
  • Other minor enhancements and fixes


  • Fix: Conflict with Jetpack where Defender 2FA module would not detect if Jetpack 2FA was disabled.
  • Fix: Visitor would get a 404 lockout if landing on a page with many dead links.
  • Improvement: When an user is deleted, audit logging now display the user’s login instead of only UID.
  • Other minor enhancements/fixes


  • Fix: Two-factor authentication can be bypassed by user with no role.
  • Improvement: Enhanced two-factor authentication protection across multisites.


  • Improvement: Improvement: IPv6 support for both whitelisting and blacklisting, requires IPv6 support on the server.
  • Improvement: Better UI/UX for Two-factor authentication.
  • Fix: Security tweak „Prevent PHP Execution” and „Protect Information” now support Apache 2.4 htaccess rules.
  • Other minor enhancements/fixes


  • Added: widget for 2 factors authentication
  • Fix: Defender does not detect the right IP when CloudFlare is being used
  • Fix: Conflict with TM Photo Gallery Plugin
  • Other minor enhancements/fixes

  • Fix: notification message.


  • New: Now you can enable 2 factors authentication with Defender and Google Authenticator app, support for iOS and Android
  • New: We can define how long the „Remember me” can take affect, via a new Security Tweak, called „Manage Login Duration”
  • Improvement: IP Lockout logs now have separate tables, better for performance.
  • Fix: Ignore a file in Scanning section sometimes coming back after couple of scans.
  • Other minor enhancements/fixes


  • New: CSV export for Audit Logging.
  • Improvement: Email reports now have unsubscribe link, and link to Reports where email reports can be turned off.
  • Fix: Typo in Audit email.
  • Other minor enhancements/fixes


  • Improvement: Improved IP Lockout performance.
  • Fix: „Update old security keys” doesn’t move to resolved list after processed
  • Fix: When emptying IP Lockout logs cause timeout error.
  • Fix: Typos in some places
  • Other minor enhancements/fixes

  • This is a quick hotfix release to tame a few notifications that showed up when they weren’t supposed to. Joy.


  • New: First edition for WordPress directory


  • New: You can now add exceptions for specific PHP files in the PHP Execution Security Tweak.
  • Improvement: Filtering all log types now uses URLs instead of ajax only, meaning you can link to a filtered log easily.
  • Improvement: Various user experience updates across the plugin interface to make using Defender even easier.
  • Fix: Lockout Logs now display from newest to oldest.
  • Fix: Lockout Logs pagination now works correctly.
  • Fix: Inconsistencies in the IP Lockouts stats across the plugin.
  • Fix: Sending Audit Logging reports to multiple recipients would address all recipients as the first user’s name.
  • Fix: Grammar and typos in some modals and error messages.
  • Fix: If Defender finds a vulnerability in WordPress’s core, the text would indicate running an update would fix the issue though no update was actually available yet.


  • Improvement: The plugin interface will now stretch to utilize extra screen space on larger screens.
  • Fix: Audit Logging was getting its days mixed up in the summary area. You’ll now see the correct day of the week.
  • Fix: We squashed a bug that was causing files scans to sometimes report false positive files after WordPress core upgrades.
  • Fix: A conflict with Jetpack was causing scans to stall, which we have now fixed up.
  • Fix: In some cases File Scanning reports wouldn’t actually stop sending if you disabled them. It now obeys commands.
  • Fix: Google’s bot was being blocked by IP Lockouts but now it’s free to crawl and index as it pleases.
  • Fix: We removed redundant “cancel” buttons on settings pages. You probably won’t even notice!
  • Fix: We’ve added live stats so now there’s no need to wait around in anticipation while running files scan actions.
  • Fix: Stats weren’t displaying the right numbers after actioning security tweaks, but it’s all good now.
  • Fix: Pagination on the Audit Logging logs page now works like you would expect it to.
  • Fix: Files detected in File Scanning now have metrics with their file sizes.
  • Fix: We’ve fixed styling issues with toggles.
  • Fix: We removed the” Resolve bulk update” option from File Scanning. It wasn’t really a valid action.
  • Fix: Incomplete icons in the Dashboard reports area have been updated.
  • Fix: We’ve removed redirection from the dashboard to the File Scanning page are after preforming a file scan so now you shouldn’t feel lost.
  • Fix: Lots of other small stuff, like minor cosmetic and grammar fixes.


  • Fixed: Compatibility issue with Getting Started Wizard
  • Fixed: Scanning was sometimes slow or getting stuck


  • New: Meet the brand new Defender! This release focuses on making security for WordPress a better place. We’ve given the UI a refresh and updated the UX, so configuring your security settings is a walk in the park.
  • Fixed: A ton of bug fixes & improvements. Yep, vague description! But why bore you with the small stuff when you could be spending time bolstering your site’s security?


  • Added: Endpoint API so HUB can work with Defender natively through WPMU DEV Dashboard plugin
  • Other minor enhancements/fixes


  • Added: New Hardening Rule (PHP version)
  • Improvement: Audit Logging now allows date range selection.
  • Improvement: IP Lockouts now allow IP ranges in whitelist/blacklist.
  • Improvement: IP Lockouts now can import/export whitelist/backlist.
  • Fixed: IP Lockouts email notification text on permanent IP ban.

  • Fixed: Fatal error when PHP extension sockets is not enabled


  • Improvement: Audit logging now detects file changes in WordPress core.
  • Fixed: Updating via WordPress core now syncs better with the Hub.
  • Fixed: Some compatibility fixes for PHP 5.2.


  • Improvement: Audit Logging now ajax based.
  • Fixed: minor bug fixes & some UI/UX improvements


  • Improvement: Switched the User dropdown in Audit Logging to load results via AJAX to increase initial load performance.
  • Improvement: Scan results now pre-load information so that you can action fixes faster.
  • Fixed: Removed cronjob events from being tracked in Audit Logging.
  • Fixed: The Audit Logging filter box now stays visible if no results are returned.
  • Fixed: Other small bug fixes and improvements.


  • Added: A warning indicator in WP Admin sidebar to let you know how many security issues are outstanding.
  • Added: The ability to choose to only receive email reports when there are issues with your website.
  • Fixed: Minor bug fixes & improvements


  • New feature: Audit logging
  • New plugin icon
  • Vulnerability plugins/theme scan result can be ignored
  • Some other minor enhancements/fixes


  • Improve Core Integrity Scan.
  • Improve caching method


  • Improved: Scan schedule.
  • Fix: issue with W3 Total Cache Object Cache


  • Fix: Defender data doesn’t sync with HUB correctly
  • Fix: Email report doesn’t send properly
  • Some other minor enhancements/fixes


  • Added: Option to choose reminder period for Hardener rule „Update old security keys”
  • Improved: Compatibility with Windows server
  • Improved: Optimized resource usage when scanning
  • Fix: issue with memcached
  • Other minor enhancements/fixes


  • Improve scan engine, reduce false positives
  • Improve uninstallation method
  • Add the ability to ignore hardener rules.
  • Improve the performance impact on the site.
  • Fix scans sticking at 100% in some cases
  • Fix compatibility issues with IIS
  • Some other minor enhancements/fixes


  • Optimize scanning
  • Preventing performance issue with some hosts
  • Fix false blacklist detection in local environment
  • Some other minor enhancements/fixes


  • Applied ajax inline updates for plugins/themes
  • One click Prevent PHP execution
  • One click Prevent Information Disclosure
  • Add detail page for core integrity issue, and automate resolution
  • Fix scan stability with limited memory
  • Some other minor enhancements/fixes


  • Scanning can auto detect if user is active on scanning page to work based on ajax, or leave to enable background scan
  • Improve condition checking for Prevent Information Disclosure module
  • Improve condition checking for Prevent PHP execution module


  • First release