Descrição

Defender adds the best in WordPress plugin security to your website with just a few clicks. Stop brute force login attacks, SQL injections, cross-site scripting XSS, and other WordPress vulnerabilities and hacks with Defender’s malware scanner, antivirus scans, IP blocking, firewall, activity log, security log, and two-factor authentication (2FA) login security.

No longer do you have to go through hideously complex security settings and get a virtual PhD in security. Defender adds all the hardening and security recommendations you need.

Security Recommendations

Defender starts with a list of one-click hardening techniques that will instantly add layers of protection and security to your site.

Bloqueia hackers em todos os level:

Two-factor authentication (2FA) – App verification, backup codes, lost device email, WooCommerce 2FA, and Web Authentication
Login masking – change the location of WordPress’s default login area
Login lockout – failed login attempts lockout
Malware scanner – scan WordPress core files for modifications and unexpected changes
Security Headers – Add an extra layer of defense security and protect against common attacks like: XSS, code injection, and more
404 Detection – automated block of bot IPs
Configs – Create your ideal Defender security settings and export / import saved configs to any other site
Geolocation IP lockout – block users based on location and country (IP blocking)
WordPress Security Firewall – block or allowlist IPs
Disable trackbacks and pingbacks – spam prevention
Core and server update recommendations – stay on top of your system
Antivirus scan – scan for active security threats and viruses
Disable file editor – if they get in, they won’t get far
Hide error reporting – don’t reveal your security issues
Update security keys – reset on-demand
Prevent information disclosure – why tell them what you have
Prevent PHP execution – because it’s daaaangerous
Resolve security recommendations and issues in bulk
Google reCAPTCHA – easy to add, stop fraud and abuse – including BuddyPress and WooCommerce.
Pwned Password Check – Protect against compromised passwords.
Force Password Reset – Force users with selected roles to reset passwords.
User Agent Banning – Block bad bots and user agents from accessing your site.

Learn The Ropes With These Hands-On Defender Security Tutorials

WordPress Security Scans

Defender’s free malware scanner checks WordPress for suspicious code and malware. The Defender scan tool compares your WordPress install with the master copy in WP directory, reports changes and lets you restore the original file with a click.

Two-Factor Authentication (2FA)

Easily add an extra layer of protection to your WordPress sites with Defender’s range of two-factor authentication (2FA) features. Including: mobile app verification (Google Authenticator, Microsoft Authenticator, Authy), backup code generation, lost device emails, WooCommerce 2FA, Biometric Authentication (fingerprint/facial recognition), and Hardware Key Authentication (USB security keys).

Google reCAPTCHA Integration

Add reCAPTCHA to your login / registration pages, lost password forms, and post comments in a couple of steps to up security and help protect from fraud and abuse. Select reCAPTCHA type, language, location, and style to suit. As well as Google, Defender also supports the following reCAPTCHA types:

BuddyPress reCAPTCHA
WooCommerce reCAPTCHA

Firewall and IP Manager

Keep your site safe with Defender’s IP manager and firewall. Manually block specific IPs, import a list of banned IPs and set automated timed and permanent lockouts. Defender makes it easy to block and unblock specific locations quickly thanks to its advanced firewall (WAF).

Proteção de acesso

Brute force login attacks are no match for Defender. Limit login attempts to stop users trying to guess passwords. Permanently ban IPs or trigger a timed lockout after a set number of failed login attempts.

Mascarar tela de acesso

Defender makes it easy to move your login screen to a custom URL. Not only does login screen masking improve security, but it also lets you white label your login user experience and improves branding.

Force Password Reset

Password Reset enables you to force all users with selected roles to reset their password at any time. Especially helpful if you suspect a possible data breach on your site.

User Agent Banning

Add user agents to the block or allowlist and stop bad bots from spamming and scraping your site. All major search engines and special network bots are allow-listed out of the box. Easy to set up, Defender does all the security work, no editing of the .htaccess file required.

Security Headers

Security headers protect your site against the most likely types of attacks, such as: XSS, code injection, cross site scripting, and more. You can enable the following headers:

X-Frame-Options
X-XSS-Protection
X-Content-Type-Options
Strict Transport
Referrer Policy
Permissions-Policy

Limitador 404

Defender detects when bots are being used to scan your site for vulnerabilities and shuts them down. The 404 limiter lets you stop the scan by detecting when a bot keeps visiting pages that do not exist, which can also save you from a giant strain on your site’s performance.

Notificação e Relatórios

Defender runs surveillance and sends security notifications with information that matters.

Reduce Setup Time With Saved Configs

The configs module allows you to save your Defender configurations and reapply them to your other sites in just a few clicks. You can create and save an unlimited number of security configurations.

Pwned Password Check

Protect your site against password leak attacks. Entered passwords are checked against public database breach records. If a password is identified as compromised, the user will be asked to change it.

Global IP Block/Allowlists

This is a game-changer if you manage multiple sites. Create your IP block/allowlist once, then apply and automatically sync to all your other sites with a click. You’ll save hours by not having to manually add IPs to each individual site. *Note: a WPMU DEV membership is required to access this feature. Our new and 100% free plan is the best place to start.

What Do People Say About Defender?

★★★★★
“I found other pro security plugins a bit too fiddly for my taste…I’m delighted with Defender” – KeithADV

★★★★★
“Thank you for bringing back a free and easy to use 2-Factor Authentication after Clef! Defender helps keep me aware of my sites security.” – awijasa

★★★★★
“Defender’s interface is very intuitive with warnings that are very helpful” – djohns

★★★★★
“Defender Recently blocked over 3000 attacks in one week without any noticeable impact on the website. WPMUDEV knocking it out of the park on this one.” – David Oswald

Secure Websites, More Trust, Better Profit

Your visitors expect a super-safe extra secure website when deciding whether or not to make a purchase or submit information. If visitors don’t trust your site, they will leave without completing a transaction.

If you’re running a business website or eCommerce store privacy, security, uptime and trust are essential.

Defender is here to help you: it’s a one of a kind WordPress security plugin that makes web security easy for anyone, for free!

Google two-factor authentication (2FA)
Web Authentication
Endurecimento de sites e ajustes de segurança com um clique
Escaneamento e reparação de arquivos básicos do WordPress
Malware scan
Ongoing firewall protection
Google reCAPTCHA
Security headers
One-click configs
Mascarar tela de acesso
Pwned Password Check
IP Blocklist manager and logging
Exames ilímitados
Timed Lockout brute force login attack shield for login protection
Limitador 404 para bloquear varreduras de vulnerabilidade
Notificação e Relatórios de bloqueio de IP

Defender is built to make security simple: it makes your WordPress site harder to hack and it’s insanely easy to set up. Run a security scan and implement recommended changes in one-click, for added security in mere minutes.

All the above is free and will secure WordPress for you. If you need extra security for your WordPress site, you should get WPMU DEV Membership.

Our Membership gives you access to Defender Pro – which features automated scanning, scheduled malware scans for Core, themes, plugins and other files, audit logs, firewall protection, Blocklist monitoring – alongside Snapshot Pro cloud backups, the Hub with automated plugin, theme and core updates and safe-upgrade scans, all our premium WordPress plugins, 24/7 WordPress support and if your sites already been hacked our team of security experts will clean it up at no additional cost.

It’s an incredible deal, and you can find out more here.

A Note From Defender

Hey! This is Defender, your trusted solution for WordPress security and hack prevention. I’m part of the WPMU DEV team, a superhero-suite of WordPress plugins, services, and support. Here are some of our other free plugins:

Smush – Image Compression and Optimization
Forminator – Form, Quiz, Poll and Survey Builder
Hummingbird – Page Speed Optimization
Hustle – Pop-ups, Slide-ins and Email Opt-ins
SmartCrawl – SEO checker, Analyzer and Optimizer

And if you need ALL our Pro plugins AND 24/7 WordPress support, get WPMU DEV membership! You can try it free for 30 days: wpmudev.com

My superhero friends run the WPMU DEV Blog, your source for the very best WordPress tutorials. If you need to be in the know about WordPress, check it out.

Thanks for looking at Defender, and I look forward to hardening your site and making it safer than ever.

Enjoy, The Defender

Sobre Nós

WPMU DEV is a premium supplier of quality WordPress plugins and themes. For premium support with any WordPress related issues you can join us here:
https://wpmudev.com/

Don’t forget to stay up to date on everything WordPress from the Internet’s number one resource:
WPMU DEV Blog

Hey, Mais uma coisa… nós esperamos você curta nossas ofertas grátis quanto nós amamos fazê-los para você!

Imagens de tela

Malware scans and one-click hardening recommendations.
Layered security recommendations let your harden your site with a few clicks.
Compares your WordPress install with the directory and restore original files with a click.
Use 2-Step Verification to protect your accounts with your phone.
IP blocklisting, 404 limiter and Timed Lockout attack shield.

Instalação

Envie o plugin wp-defender para seu diretório /wp-content/plugins/.
Ative o plugin através de ‘Plugins’ no menu do WordPress.
Configure e gerencie usando o item defender no menu do painel de controle do WordPress.
Concluído!

FAQ

Por que eu deveria escolher Defender em vez de outro plugin de segurança?

Defender is built to add all the best hardening and security recommendations used by the pros without having to become a security expert. This means you get all the most effective and proven protection methods other services provide with fewer settings, on-click hardening and faster setup.

O Defender é a única coisa que eu preciso dar para proteger meu site WordPress?

Hackers and bot attacks are not the only threat to your site. No matter what security plugin or service you use, always be prepared with a secure backup stored in a safe location away from your live site. Security does not protect from hosting outages, server errors and accidentally lost or damaged data. We recommend Snapshot. Defender with scheduled managed backups is the best way to keep your site safe.

Does Defender protect against harmful bots?

Yes! Defender’s Firewall gives you robust site protection and security by allowing you to block bad bot IPs.

Can I use Defender with other security plugins?

You can. Just make sure not to enable the same security features in the third-party plugin, that you also have enabled in Defender, as this might cause conflicts.

Is Defender compatible with WordPress Multisite?

Yes! The plugin is fully compatible with a multisite installation. It can be network enabled and managed from the network admin.

Does Defender offer spam protection?

A high percentage of Trackbacks and Pingbacks are spam. Defender allows you to easily disable both, giving you added security and protection.

Will my site be protected from DDoS attacks?

Yes. Defender’s IP banning, IP lockouts, and 404 detections can identify DDoS attacks and block bad IPs.

I’ve locked myself out of my admin panel, what can I do?

Add the code below to your theme’s function.php file, which you’ll find in the main directory of an active theme. Replace “YOUR IP HERE” with your IP address. Use a site like whatsmyip to get your IP.

add_filter( 'ip_lockout_default_whitelist_ip', function ( $ips ) {
  $ip    = 'YOUR IP HERE';
  $ips[] = $ip;
  return $ips;
} );

Help! I was already hacked. What should I do?

WPMU DEV’s expert support can advise you on how to clean up your site if it’s been hacked. Create a new thread in our support forum, or start a free 7 day trial of Defender Pro to get access to 24/7 live support.

I have another question, where’s the best place to get help?

Please open a new thread in Defender’s support forum. Our support team is always happy to help!

Avaliações

tjf85 26 setembro, 2023 1 resposta

Excellent for checking IP activity and Malware. A great addition. I have made over 500 websites and love Defender.

kadircebel 4 setembro, 2023 1 resposta

It's okay for now. Thanks for this plugin.

sizaconnect 28 agosto, 2023 1 resposta

Excellent security plugin for all type of websites.

RT1959 16 agosto, 2023 1 resposta

I installed this plugin and I did a scan. I was totally surprised at the security issues on my website. I followed the advice in the menu directory and all of my malicious code injection issues were solved.

gabrieluno 8 agosto, 2023 1 resposta

Simple to use, super well optimized, and with the main security features. I recommend it.

Bhisittha 11 julho, 2023 1 resposta

All functions work fine, smooth and easy to use. Thank you all WPMU DEV team.

Leia todas as 266 avaliações

Colaboradores e desenvolvedores

“Defender Security – Malware Scanner, Login Security & Firewall” é um software com código aberto. As seguintes pessoas contribuíram para este plugin.

WPMU DEV - Your All-in-One WordPress Platform

“Defender Security – Malware Scanner, Login Security & Firewall” foi traduzido para 14 localizações. Agradecemos aos tradutores por suas contribuições.

Traduzir “Defender Security – Malware Scanner, Login Security & Firewall” para o seu idioma.

Interessado no desenvolvimento?

Navegue pelo código, dê uma olhada no repositório SVN ou assine o registro de desenvolvimento via RSS.

Registro de alterações

4.1.0 ( 2023-09-11 )

New: Safe Repair for Suspicious files
Enhance: Require PHP 7.4 as the minimum supported version
Enhance: Allow to quarantine readme.txt files
Enhance: Enable “Move to quarantine” by default when deleting or repairing a file
Enhance: Improve the Quarantine directory accessibility logic
Enhance: Update Quarantine page copy
Enhance: Add new toggle state “Push permanently blocklisted IPs” to config structure
Enhance: Add banned IP to the Global IP blocklist on the firewall logs page
Enhance: Remove Beta info about 2FA
Enhance: GeoLite2 DB URL is not working
Enhance: PHP v8.1 warnings for the “PHP QR Code” package
Enhance: Update the primary color in the email notifications
Enhance: Change the “Settings” link to “Dashboard” on plugins page
Enhance: UI Enhancements
Fix: False positives on Windows server
Fix: Bypass masked URL and view the masked URL slug using Gravity Forms gf_page-argument
Fix: Compatibility issues with the Polylang plugin
Fix: Fix scrolling on Global IP section
Fix: Quarantined file time sent to HUB is not in GMT/UTC-based timestamp
Fix: Replace the deprecated FILTER_SANITIZE_STRING in PHP v8.1+
Fix: Forminator shortcode not rendered in Gutenberg block when Defender is activated
Fix: Cannot recheck Prevent PHP Execution
Fix: IP Allowlist/Blocklist do not accept more than one IP on Windows server
Fix: Mismatch in the “Free Membership text” on the Defender dashboard page
Fix: Geo-blocking does not work on a multisite subsite
Fix: Hide WPMU DEV URLs when Whitelabel is enabled and not listed users
Fix: Compatibility issues with the Amelia Pro plugin

4.0.2 ( 2023-08-24 )

Fix : Adjust table creation based on storage engines

4.0.1 ( 2023-08-08 )

Fix: Quarantine table creation on upgrade from free to pro

4.0.0 ( 2023-07-25 )

New: Safe Repair
Enhance: Compatibility with WordPress 6.3
Enhance: Replaced hero image with new product logo

3.12.0 ( 2023-06-19 )

Enhance: Update global IP cron schedule to hourly
Enhance: Improve malware scan core
Enhance: Extend conditions for crawler request validation
Enhance: Replace trial prompts in Defender free
Fix: User agent is blocked when the blocklist is empty
Fix: Issues when deleting vulnerable plugins or themes
Fix: Released temporary IP addresses are shown in the Active Lockouts list
Fix: Detect malware in core-builder and core-engine plugins
Fix: Defender Reset option does not clean the malware results items
Fix: New hook to avoid the connection block for Manage WP when 2FA is enabled
Fix: Defender mask URL breaking the default language switch on the login page
Fix: Issues activating the mask login feature when a post/page and mask login slug are the same
Fix: Having login and registration forms on the same page causes a conflict with Google reCAPTCHA
Fix: Delete action shows up even after the deletion of the default security config
Fix: Issues in deleting the default security config
Fix: Google reCAPTCHA is not deactivated if Woocommerce is enabled without forms selection
Fix: User search for recipient does not work in notifications bulk configure
Fix: An error message is shown by default in the notification modal
Fix: Grammar and spelling errors
Fix: Typo on result lines on the Audit Logging page
Fix: Add comments for all translation strings with placeholders
Fix: Typo in “Change default admin user account” security recommendation
Fix: Typo in “Update PHP to latest version” security recommendation

3.11.1 ( 2023-06-12 )

Enhance: Performance improvements

3.11.0 ( 2023-05-15 )

New: Autosync Local Blocklists with the Hub Global IP
Enhance: Compatibility with PHP 8.2
Enhance: Improve ‘Hide error reporting’ recommendation
Enhance: Improve ‘Prevent PHP Execution’ and ‘Prevent Information Disclosure’ recommendations on Windows server
Enhance: WP-CLI commands for Google reCAPTCHA
Enhance: Remove unused plugin core methods
Fix: Error when adding a ‘<‘ tag in Invite by email Recipients name in all notifications
Fix: Not possible to create config with Defender free version if it is not connected to the Hub
Fix: Display Undefined message when session expired on Malware Scanning page
Fix: Audit Logging > Events logs results are not consistent with different WordPress time settings
Fix: Username filters display incorrect results on Audit Logging page
Fix: Incorrect message is displayed to user when we enter a ‘<‘ tag in banned username and other textarea lockout fields
Fix: Button status (color and text) are not changed when Ban Bulk applies on the Firewall Logs page
Fix: When session expired and try to login with 2FA TOTP then email and password are empty

Changelog for previous versions.