Easy-to-implement and reliable WordPress security with Defender Pro.
Hackers, brute forcers, and malicious bots are no match for Defender's mighty WordPress security shields and cloaking technology. Arm your sites with:
- Scheduled security scans
- Login protection and masking
- Audit Logging
- Two-factor authentication
- Blocklist monitoring
- Vulnerability reports
- Changed file restore and repair
Changelog
- Fix: Firewall Locations ban issue
August 23, 2021 - version 2.5.6
- New: reCAPTCHA for comments
- Enhance: 404 lockout – CSS, JS and MAP files excluded
- Enhance: Hide "Powered by Defender" line when Whitelabel is enabled
- Enhance: Hide "What's New Modal" when Whitelabel is enabled
- Enhance: Integrated Force Password Reset feature with Forminator
- Enhance: Option to automatically regenerate security keys
- Enhance: Recipient user list can be sorted and filtered by user role
- Fix: Login Protection and 404 Detection deactivated by itself
- Fix: Google reCAPTCHA v3 Locations issue
- Fix: Problem while navigating malware issues in Defender Pro
- Fix: Defender Pro sends the same reports twice
- Fix: Security Header Referrer description
- Fix: Updating from 2.3.2 to 2.4.4 resets security key recommendation to 60 days
- Fix: Updating from 2.3.2 to 2.4.4 removes previous malware scanning data
- Fix: Notification recipients – 'load more' interaction not visible when adding users
July 26, 2021 - version 2.5.5
- New: Pwned Passwords settings added to Configs
- New: "What's New" modal hidden on fresh installs
- Enhance: "Clear Temporary IP Block List" option added to Configs
- Enhance: Asset Optimization to increase loading speed in the backend
- Enhance: Malware scanning rules improvements
- Enhance: File scan not detecting code inside wp-config.php
- Enhance: Updated white label method from the WPMU DEV Dashboard
- Enhance: Updated footer text on Preset Configs page
- Fix: Forced Password Reset not applied if user of one subsite tries to login to another subsite
- Fix: Displayed number of actioned recommendations in incorrect
- Fix: Free Defender version sending Pro version notifications
- Fix: Callbacks to avoid slow log
- Fix: Browser console error when changing default admin username
- Fix: Fix list of auxiliary WP-CLI commands
- Fix: Language translation not updating on multisite
- Fix: 2FA can be forced for user roles when inactive for that role
- Fix: Password reset doesn't work for Flywheel sites if Defender Pro is active
- Fix: Pwned Passwords security flaw
- Fix: Plugin updates via WPMU DEV Dashboard missing from Event Logs
- Fix: File scan reporting empty non-WP directories
- Fix: File scan missing files that start with a dot
- Fix: Defender sending mail reports to [email protected] instead of [email protected]
- Fix: 2FA > Active Users > View users link should open in new tab
- Fix: Issues viewing Dashboard and Notifications pages on Mobile
- Fix: Console error on Mask Login page
- Fix: Change reCaptcha to reCAPTCHA
June 28, 2021 - version 2.5.4
- New: Google reCAPTCHA for WordPress login/register/password reset pages
- New: Highlight new features in welcome modal
- Enhance: Compatibility with WordPress 5.8
- Enhance: Update WP-CLI scan options
- Enhance: Tools dashboard widget
- Fix: Locations feature not working on Flywheel hosting
- Fix: Warnings with PHP version 7.4
- Fix: Password reset page showing if users from any subsite try to save pwned password
- Fix: Guest User under Malware Scanning Notification
- Fix: Various issues with notifications in Defender
- Fix: Can't update email when mask login enabled
- Fix: Minor typo in Dashboard modal
- Fix: Issue Details section not showing code
- Fix: Hide notice on Configs page
June 7, 2021 - version 2.5.3
- Fix: Check password's hash before forwarding to Pwned Password API
June 1, 2021 - version 2.5.2
- New: Force password reset for all registered users
- New: Highlight new features in welcome modal
- New: WP CLI support for Force Bulk Password reset
- Enhance: Integration with Smush - exclude Smush-optimized images from Malware Scanning reports
- Enhance: Add Pwned Passwords and Password Reset widgets to Defender Dashboard page
- Enhance: Change Doc link from advanced-tools to tools
- Enhance: Fix success notification inconsistencies
- Enhance: Add License at the footer of Pwned Passwords
- Enhance: Change 'Please try again!' error message for known vulnerabilities
- Fix: Clean Lockouts option
- Fix: Blank vulnerability report with some plugins
- Fix: Masked login are bypassed with double slash
- Fix: Search details are not showing on IP Banning modal page
- Fix: Defender translations
- Fix: Unable to schedule Posts
- Fix: Issues with Mask Login Area and user creation
- Fix: Typo in Prevent Information Disclosure and Prevent PHP Execution
- Fix: 2FA active state notification should change only after saving settings
May 19, 2021 - version 2.5.1
- Fix: Fatal error after an update from older versions
May 6, 2021 - version 2.5
- New: Check passwords against Pwned database
- New: Highlight new features in welcome modal
- Enhance: Automatically remove old logs after 30 days
- Enhance: Malware scanning security enhancements
- Enhance: Detect suspicious code with 'WPTemplatesOptions'
- Enhance: Detect suspicious code in themes
- Enhance: Some suspicious code threats missed by Defender
- Enhance: Better descriptions for Malware scanning reports
- Enhance: Set 'Scan plugin files' option unchecked by default
- Enhance: Remove 'Scan theme files' option from File change detection
- Enhance: Remove 'Allow From' option from X-Frame-Options header
- Enhance: Platform compatibility with Defender
- Enhance: Rename Advanced Tools to Tools
- Enhance: Documentation links tracking
- Fix: Malware scanning stuck on analyzing theme
- Fix: Translation files not applied
- Fix: Reset not removing all data
- Fix: Send data in persistent date format to Hub
- Fix: Resetting or Uninstalling does not completely remove Defender settings
- Fix: Check all files from scan Issues and Ignored tabs for bulk actions
- Fix: Scrolling Up issue in Active lockouts
- Fix: Update SUI to the latest version
- Fix: Revert button in Prevent User Enumeration recommendation
April 5, 2021 - version 2.4.10
- New: Add WP CLI commands to reset mask login settings
- Enhance: Update links to wpmudev.com
- Enhance: Prevent PHP Execution/Prevent Information Disclosure (show manual instructions on Apache tab)
- Enhance: Bulk Unblock/Undo actions on Active Lockouts
- Enhance: Adjust Malware scanning logic to reduce false-positive reports
- Enhance: Malware Scanning - Disable delete button for a report, when a third-party plugin is active
- Enhance: Change count-logic for total value of issues shown on a main widget and Defender's menu
- Enhance: Improve the behavior of the Active tag on configs feature
- Enhance: Custom notification email for 'When Failed to scan' is not imported to Config
- Enhance: Compatibility with WordPress 5.7
- Enhance: Update minimum supported WordPress version
- Enhance: New Manage Notifications button on notification widget
- Enhance: In Notifications and Dashboard pages, replace "-" with text under Schedule
- Fix: No error when restore core file fails
- Fix: Cron issues for Audit and Firewall modules
- Fix: Defender sending 404 Detection notifications when that type is turned off
- Fix: Remove old deprecated code of recommendations in DB
- Fix: Duplicate IP addresses on Active Lockouts
- Fix: Display different frequency for different timezones
- Fix: 404 Detection timeframe is not imported to Config
- Fix: Showing banner without content on profile page
- Fix: Active Lockouts pagination seems broken
- Fix: Link Defender Settings redirects to Defender Dashboard page on WP plugin page
March 17, 2021 - version 2.4.9
- Fix: Stability fixes
March 12, 2021 - version 2.4.8
- Fix: Unescaped DB parameters
March 1, 2021 - version 2.4.7
- New: Sync Config from Defender with The Hub
- Enhance: Making "Enable Tag" clickable in the notification widget
- Enhance: Allow capital letters in Masked Login
- Enhance: New WP CLI commands for file scanning, reset settings, and clear firewall data
- Enhance: Reducing false-positive reports in malware scanning
- Enhance: Check plugins and themes against the WP.org repository
- Enhance: Adding pagination in Malware Scanning grid
- Enhance: Update text for Suspicious Code scan type options
- Enhance: Bulk configure - Add to reports/Remove from reports options
- Enhance: Improve table performance
- Enhance: Remove hero image when Branding is set to custom for activated Whitelabel
- Fix: Storage logs not deleted
- Fix: Update code preview in Malware Scanning
- Fix: MaxMind DB Reader API version update
- Fix: Keep empty IP for internal or private IPs
- Fix: Failed login attempt with an empty banned username
- Fix: Audit Log Export
- Fix: Loopback request could not be completed
- Fix: Subsites login area is blocked for network users
- Fix: Mask login can be bypassed with wp-signup.php for single sites
- Fix: Ability to use dash symbol at the start/end of New Login URL slug
February 12, 2021 - version 2.4.6.1
- Fix: Security vulnerability for Two Factor Authentication
January 27, 2021 - version 2.4.6
- Security: Malware scan doesn't detect Backdoor:PHP/WP-VCD
- Security: Malware scanning issues with Avada theme
- Enhance: PHP 8 compatibility
- Enhance: Mobile UI improvement for IP lockout logs
- Enhance: Remove menu icon with issue indicator when there are no Scan and Tweak issues
- Enhance: Suspicious Code scan type is deactivated by default
- Fix: Defender security headers not applied when Hummingbird caching is active
- Fix: Revert button not working for certain recommendations
- Fix: Remember Light mode/Dark mode selection for Malware Scanning code preview
- Fix: Resend Invite option is not showing for added users (Add users/Invite by Email)
- Fix: Read More link showing in blue color when High Contrast Mode is ON
- Fix: Fix footer link URL
- Fix: 127.0.0.1 showing multiples times on the firewall logs page
- Fix: Unsubscribe icon is not showing correctly on the notifications page
- Fix: Console errors on various pages when WooCommerce is activated
- Fix: Display error for enabled Mask Login and Site Health request
- Fix: Mask Login Area restricted slugs
- Fix: Showing all files in WP core as modified
- Fix: Defender locking out users and detecting wrong user IP
- Fix: 2FA can't be forced with WooCommerce
- Fix: Disable File Editor tweak reset
- Fix: Issues on Flywheel hosting stability improvements
- Fix: Admin email duplicates in Bulk notification modal
- Fix: Multiple notifications still being sent after update to 2.4.4
- Fix: Error when requesting API on the Audit logs page
- Fix: Audit log does not log all plugins when activated/deactivated in batches
December 21, 2020 - version 2.4.5
- New: Add pagination option for IP lockout logs
- Enhance: Display Blocklist Monitor in the config structure
- Fix: Malware Scanning marks own files as suspicious
- Fix: The IP 127.0.0.1 shows as blocked
- Fix: Display Notifications in the Hub
- Fix: File Scan display issue in MS Edge
- Fix: Hero Image overlaps in Preset Configs
- Fix: Redirect Url UI needs improvement on Choose redirect page
- Fix: Display MaxMind link
December 7, 2020 - version 2.4.4
- Enhance: Change text to 'Security Issue(s)' in the dashboard widget
- Enhance: Compatibility with WordPress 5.6
- Fix: Hub synchronization with Defender
- Fix: Suspicious code found in WPMU DEV plugins
- Fix: PHP warnings and notices for Firewall and Scan modules
- Fix: wp_login_form() not working with Masked Login
- Fix: Chinese URL shows two-digit hexadecimal numbers
- Fix: IP's text goes outside the box in Firewall Logs after bulk action
- Fix: Deactivate button not working first time if there is nothing in Choose redirect page URL in Mask Login Area
- Fix: Update text in Security Recommendations Report
- Fix: Typo in Security Recommendations 'Prevent user enumeration', 'Update old security keys', 'Manage Login Duration'
- Fix: While Activating/Deactivating Firewall module, it shows the same message notification
- Fix: Enabling of Prevent Information Disclosure for Apache server
November 27, 2020 - version 2.4.3
- Fix: Masked Login Area not working in some cases
- Fix: Hub redirect to 404 page when Masked Login Area enabled
November 25, 2020 - version 2.4.2
- Fix: Fatal version on WordPress 5.2 and earlier
November 24, 2020 - version 2.4
- New: Notifications section - centralized manager for all notifications and reports
- New: Onboarding which will replace the old quick setup and enable everything that is recommended
- New: New: Bulk behavior for Security Recommendations - resolve/ignore almost everything with a single click
- New: Improving Security Recommendations UI/UX
- New: 2FA with Authy and Microsoft Authenticator
- New: Highlight new features in welcome modal
- Enhance: Better UI/UX and performance for Malware Scanning
- Fix: The Audit Logging widget on the dashboard doesn’t show the correct report status
- Fix: The custom message in Login Lockout doesn’t apply when an IP is banned by using a banned username
- Fix: Conflict with WP Fastest Cache makes revert buttons show incorrectly
- Fix: Warning with PHP 7.2.x
- Fix: The username search in Audit Logging doesn’t work
September 14, 2020 - version 2.3.2
- New: Add a separate Tutorials sub-menu and X-icon to remove it from the Dashboard
- Improvement: Change mention of blacklist and whitelist to blocklist and allowlist on Defender pages
- Improvement: Change Documentation links for Firewall and Malware Scanning
- Improvement: Config Improvements
- Fix: Display custom login forms if the Defender Masking URL is enabled
- Fix: Receive email from Defender security tweaks daily
- Fix: Activate 'Mask Login Area' through the Defender dashboard
- Fix: Correct display of the Audit log for a new registered user with other than Subscriber role in MU
- Fix: Masked login alters ajaxurl in MU in sites table page
- Fix: Remove 'ambient-light-sensor', 'picture-in-picture', 'speaker' and 'vr' directives from Feature-Policy header
- Other minor enhancements and fixes
August 10, 2020 - version 2.3.1
- New: Feature to save presets configurations of the Defender's settings, and make them available to download and apply to your other sites.
- New: Add tutorials section in the Defender dashboard.
- Improvement: Allow to bulk delete suspicious files
- Improvement: Improve the logic of how "Include sub-domains" option should be shown on the Strict Transport Security header
- Fix: Prevent wp-signup.php to access when Mask Login is enabled.
- Fix: 2FA login does not redirect correctly after login via the my-account page of Woocommerce
- Remove: Change default database prefix, as this can be bypass.
- Other minor enhancements and fixes
May 18, 2020 - version 2.3
- Improvement: Change the description for X-Content-Type-Options security header
- Fix: The WAF widget and WAF page will be hidden when white label activated
- Fix: Include Subdomain option for Strict Transport security header
- Fix: Cron for Audit logs
- Other minor enhancements and fixes
May 4, 2020 - version 2.2.9
- New: WPMU DEV’s Hosted Web Application Firewall (WAF) is a first layer of protection to block hackers and bot attacks before they ever reach your site. Websites hosted with WPMU DEV can now use this advanced WAF by enabling it via your site’s Security or Hosting tab in The Hub.
- Improvement: Moved the security headers out of Security Tweaks and into their own section inside Advanced Tools.
- Improvement: Relocated Two-Factor Authentication to it’s own menu item and area.
- Improvement: Renamed a couple of modules to more accurately reflect what they do.
- Fix - Minor bugs and improvements
April 28, 2020 - version 2.2.8
- Improvement: Add plugin configuration import/export option for Hub
- Improvement: HSTS Maximum age of Strict Transport Security header added 30 days, 2 years
- Improvement: Update copy for MaxMind license key
- Fix: Separate email subjects of templates for scan notifications
- Fix: Warning open_basedir restriction in effect
- Fix: 2FA required even if the role is unchecked
- Fix: Preview for Lockout Custom Message doesn't work
- Fix: Sending lockout emails even though they are disabled
- Other minor enhancements and fixes
March 9, 2020 - version 2.2.7
- Fix: Audit Logging sometime triggers a fatal error on some setups.
February 17, 2020 - version 2.2.6
- Improvement: Frequency of Security Tweak notifications reduced to 7 days
- Fix: GeoIP now compatible with new MaxMind policy
- Fix: Mask login URL now allow URL with an extension
- Fix: Lockout notification email now displays correct time unit
- Fix: Get started screen appears only where required
- Fix: Manage your email preferences & unsubscribe email link now works
- Fix: Strict Transport Security Header now shows subdomain option on the root domain
- Fix: On login lockout, Defender doesn't block IP permanently
- Fix: Mask login won't block admin links from email
- Other minor enhancements and fixes
January 27, 2020 - version 2.2.5
- Fix: Displaying Defender pages after activating the plugin.
January 16, 2020 - version 2.2.4
- Fix: Security tweaks self ping cause performance issues.
November 28, 2019 - version 2.2.3
- Improvement: Increased the frequency of Security Tweak notifications from daily to weekly.
- Fix: Two-Factor activate/deactivate not working as expected.
- Fix: Defender IP Lockouts was blocking Hub services.
- Fix: Error when bulk deletes lockout logs, without selecting any.
- Fix: Active Translation in General Settings was not using the language that had been set.
- Fix: The first time you setup the Blacklist location, it doesn't save.
- Fix: Security Keys tweaks showing decimals in status.
- Fix: Enforcing Security Header tweaks revert when you refresh the page.
- Fix: Lockout duration in email notification now reflects the right setting instead of always in seconds.
- Fix: Missing logs from the Audit logging screen.
- Remove: WordPress REST API security tweak. This feature was causing many sites to break basic functionality so we've decided to remove it.
- Other minor enhancements and fixes
October 14, 2019 - version 2.2.2
- Feature: New security tweaks: Security headers.
- Feature: New security tweak: Block WordPress Rest API.
- Feature: New security tweak: Prevent user enumeration.
- Feature: Ability to talk with HUB for syncing Defender settings.
- Improvement: Add ability to ban by filename/extension.
- Improvement: Allow user to change the retention period of Audit Logs in Defender.
- Improvement: Add the ability for an admin to unblock a temporarily blocked IP.
- Improvement: Add 'Your current time' to Reporting tabs.
- Fix: Email link still goes to wp-admin instead of masked one, if use Defender Mask Login.
- Fix: Css z-index issue with Quick setup modal.
- Fix: Use hostname instead of wp-defender in authenticator app.
- Fix: Minor grammar and UX improvements.
- Fix: Upgrading from the older version disables the settings in the mask-login.
July 2, 2019 - version 2.1.4
- Fix: Mask Login cause issue when visiting /wp-admin/network/sites.php
June 18, 2019 - version 2.1.3
- Feature: Security tweaks will send reminder when no tweaks were actioned after activation
- Improvement: Scanning will be more catchy, especially with code using eval function, however that can lead to more false positive, please consider to check with our support before delete the file.
- Fix: Bring back the tooltips system
- Fix: Audit filter links doesn't reflect the right results if open in new tab
- Fix: Filtering issue type in scanning now show correct results.
- Fix: Scanning notification keep sending when the setting turn to "off"
- Fix: User IP in IP Lockout->Blacklist now show the correct IP.
- Fix: Bring back the subject customization field in Scanning email config.
- Fix: Manage Login Duration wont make user to login twice anymore.
- Fix: Audit filtering by user now working properly
- Fix: We change the Audit logging items' color from red to more neutral.
- Fix: Ad Widget won't be show in vulnerability list by accident anymore
- Fix: Bottom bulk selector in Scanning page now work properly
- Fix: Deprecate warning from the function strpos() in php 7.3
- Fix: Sync issues with HUB will be more consistent.
- Fix: Mask login doesn't work properly if Wordpress get installed in a sub-folder
- Fix: Conflict with Avada theme which making scanning stuck
- Fix: Gracefully handle error when php dom extension does not install
- Fix: Prevent factory reset revert database prefix into wp_ even though it was not set by Defender.
- Fix: Prevent slashes added in email template
- Fix: Minor grammar and UX improvements.
April 10, 2019 - version 2.1.2
- Feature: Defender Pro now supports the WPMU DEV Dashboard’s white label feature.
- Feature: You can now perform a factory reset of Defender’s settings via the Settings screen, as well as control what happens to data when the plugin is uninstalled.
- Improvement: Defender File Scanning no longer identifies robots.txt as a potentially harmful file.
- Improvement: We’ve turned off autocomplete on the two-factor authentication field so that previous codes don’t show up.
- Fix: Fixed a conflict with Defender where the 404 lockout feature would lock out users who tried to access old Hummingbird cache files.
- Fix: You can now view date ranges greater than 7 days for IP Lockout logs
- Fix: Minor grammar and UX improvements.
March 20, 2019 - version 2.1.1.1
- Fix: Two-Factor Authentication QR code not being displayed on new device registration.
February 18, 2019 - version 2.1.1
- Fix: Prevent Information Disclosure corrupts htaccess code
February 18, 2019 - version 2.1
- New: Geo-based IP blocking. Completely block incoming traffic from specific countries to gain full control over who can and can’t access your site.
- New: Upgraded design components and improved user experience across the board.
- Fix: Corrupt .htaccess rules generated by Defender weren’t able to be re-applied when adding them a second time.
- Fix: Users can no longer get past login masking when using double slashes.
- Fix: Javascript errors prevented adding recipients to notifications and editing templates.
- Fix: Blacklist monitoring could not be enabled on some sites.
- Fix: Parse error on installations running PHP 5.3.
- Improvement: Removed activation redirection and tooltips on first activation.
- Other minor enhancements and fixes
October 18, 2018 - version 2.0.1
- Fix: permanent ban on 404 lockouts now sends correct email.
- Fix: IP lockout logs not showing correct results/order on different pages.
- Fix: IP lockout logs showing wrong badge for 404 lockouts.
- Fix: 2FA not working properly when using Sensei plugin.
- Other minor enhancements and fixes.
September 4, 2018 - version 2
- New: added tweak “Disable XML-RPC”
- Improvement: Two factor authentication can now be force enabled by role.
- Improvement: Masking URL description.
- Fix: Compatibility with Appointments+ login when Mask Login is enabled.
- Fix: /login/ will be blocked instead of redirecting to right login URL
- Fix: new site registration email login URL will now show right Login URL instead of the original one when Mask URL is enabled.
- Fix: Accessibility issue when activating 2FA.
- Changes: Show Admin Pointer on initial Defender activation, and removing the redirect behavior.
- Other minor enhancements and fixes
July 9, 2018 - version 1.9.1
- Fix: Mask Login Area description text is misleading
- Fix: wp-admin link of sub-sites in networks link to wrong admin URL
- Fix: Prevent Information Disclosure & Prevent PHP Execution show false error message when first applied
- Fix: Dashboard reporting section mis-alignment
- Other minor enhancements and fixes
May 24, 2018 - version 1.9
- New: Ability to edit default two-factor authentication email notifications
- New: Added Privacy Policy in privacy guideline page
- Improvements for lockout logs interface
- Improvement: Smarter report default time.
- Fix: Defender auto redirect issue when bulk activating plugins
- Fix: saving 404 redirect URL issue
- Fix: Some layouts are shifted on mobile devices
- Other minor enhancements and fixes
April 10, 2018 - version 1.8
- New: Hide the default WordPress login URLs with the new Mask Login Area feature, giving you enhanced protection from hackers and bots.
- New: Ability to force two-factor authentication for all users.
- Fix: Fixed a bug where file scanning would detect wp-config.php as suspicious.
- Fix: Fixed an issue where the lockout pages could be cached by external cache engines.
March 19, 2018 - version 1.7.6
- Fix: Defender now can recognize and verify Bing Bot for whitelisting
- Fix: Lockout page now will use site title instead of the text 'WP Defender'
- Other minor enhancements and fixes
February 7, 2018 - version 1.7.5
- Fix: Report status missing in Hub Security tab
- Fix: Some themes/plugins shown as a vulnerability but no info available
- Other minor enhancements and fixes
January 16, 2018 - version 1.7.4.2
- Fix: Remove debug data
- Fix: Issue with Hub
December 4, 2017 - version 1.7.4.1
- Added: Endpoint API so HUB can work with Defender natively through WPMU DEV Dashboard plugin
November 21, 2017 - version 1.7.4
- Fix: Conflict with Jetpack where Defender 2FA module would not detect if Jetpack 2FA was disabled.
- Fix: Visitor would get a 404 lockout if landing on a page with many dead links.
- Improvement: When an user is deleted, audit logging now display the user's login instead of only UID.
- Other minor enhancements/fixes
October 14, 2017 - version 1.7.3
- Fix: Two-factor authentication can be bypassed by user with no role.
- Improvement: Enhanced two-factor authentication protection across multisites.
October 9, 2017 - version 1.7.2
- Improvement: Improvement: IPv6 support for both whitelisting and blacklisting, requires IPv6 support on the server.
- Improvement: Better UI/UX for Two-factor authentication.
- Fix: Security tweak "Prevent PHP Execution" and "Protect Information" now support Apache 2.4 htaccess rules.
- Other minor enhancements/fixes
September 27, 2017 - version 1.7.1
- Improvement: Audit logging logs will be stored up to 1 year, query range can be set up to 3 months
- Improvement: Option to set a cooldown period for lockout notifications.
- Added: widget for 2 factors authentication
- Fix: Defender does not detect the right IP when CloudFlare is being used
- Fix: Conflict with TM Photo Gallery Plugin
- Other minor enhancements/fixes
August 15, 2017 - version 1.7
- New: Now you can enable 2 factors authentication with Defender and Google Authenticator app, support for iOS and Android
- New: We can define how long the "Remember me" can take affect, via a new Security Tweak, called "Manage Login Duration"
- Improvement: IP Lockout logs now have separate tables, better for performance.
- Fix: Ignore a file in Scanning section sometimes coming back after couple of scans.
- Other minor enhancements/fixes
July 6, 2017 - version 1.6.2
- New: CSV export for Audit Logging.
- Improvement: Email reports now have unsubscribe link, and link to Reports where email reports can be turned off.
- Fix: Typo in Audit email.
- Other minor enhancements/fixes
June 21, 2017 - version 1.6.1
- Improvement: Improved IP Lockout performance.
- Fix: Audit logging detects wrong WordPress version when upgrade
- Fix: "Update old security keys" doesn't move to resolved list after processed
- Fix: When emptying IP Lockout logs cause timeout error.
- Fix: Typos in some places
- Other minor enhancements/fixes
June 5, 2017 - version 1.6
- Improvement: Allow users to select and apply rules to other server type in Prevent PHP Execution and Prevent Information Disclosure.
- Fix: Sometimes HUB status doesn't sync with WordPress site.
- Other minor enhancements/fixes
May 17, 2017 - version 1.5
- New: You can now add exceptions for specific PHP files in the PHP Execution Security Tweak.
- Improvement: Filtering all log types now uses URLs instead of ajax only, meaning you can link to a filtered log easily.
- Improvement: Various user experience updates across the plugin interface to make using Defender even easier.
- Fix: Lockout Logs now display from newest to oldest.
- Fix: Lockout Logs pagination now works correctly.
- Fix: Inconsistencies in the IP Lockouts stats across the plugin.
- Fix: Sending Audit Logging reports to multiple recipients would address all recipients as the first user's name.
- Fix: Grammar and typos in some modals and error messages.
- Fix: If Defender finds a vulnerability in WordPress's core, the text would indicate running an update would fix the issue though no update was actually available yet.
May 3, 2017 - version 1.4.2
- Improvement: The plugin interface will now stretch to utilize extra screen space on larger screens.
- Fix: Audit Logging was getting its days mixed up in the summary area. You’ll now see the correct day of the week.
- Fix: We squashed a bug that was causing files scans to sometimes report false positive files after WordPress core upgrades.
- Fix: A conflict with Jetpack was causing scans to stall, which we have now fixed up.
- Fix: In some cases File Scanning reports wouldn't actually stop sending if you disabled them. It now obeys commands.
- Fix: Google's bot was being blocked by IP Lockouts but now it's free to crawl and index as it pleases.
- Fix: We removed redundant “cancel” buttons on settings pages. You probably won’t even notice!
- Fix: We’ve added live stats so now there’s no need to wait around in anticipation while running files scan actions.
- Fix: Stats weren’t displaying the right numbers after actioning security tweaks, but it’s all good now.
- Fix: Pagination on the Audit Logging logs page now works like you would expect it to.
- Fix: Files detected in File Scanning now have metrics with their file sizes.
- Fix: We’ve fixed styling issues with toggles.
- Fix: We removed the” Resolve bulk update” option from File Scanning. It wasn’t really a valid action.
- Fix: Incomplete icons in the Dashboard reports area have been updated.
- Fix: We’ve removed redirection from the dashboard to the File Scanning page are after preforming a file scan so now you shouldn’t feel lost.
- Fix: Lots of other small stuff, like minor cosmetic and grammar fixes.
April 21, 2017 - version 1.4.1
- Fix: Compatibility issue with Getting Started Wizard
- Fix: Scanning was sometimes slow or getting stuck
April 18, 2017 - version 1.4
- New: Meet the brand new Defender! This release focuses on making security for WordPress a better place. We’ve given the UI a refresh and updated the UX, so configuring your security settings is a walk in the park.
- Fix: A ton of bug fixes & improvements. Yep, vague description! But why bore you with the small stuff when you could be spending time bolstering your site’s security?
March 13, 2017 - version 1.3
- Added: Endpoint API so HUB can work with Defender natively through WPMU DEV Dashboard plugin
- Other minor enhancements/fixes
February 27, 2017 - version 1.2
- Added: New Hardening Rule (PHP version)
- Improvement: Audit Logging now allows date range selection.
- Improvement: IP Lockouts now allow IP ranges in whitelist/blacklist.
- Improvement: IP Lockouts now can import/export whitelist/backlist.
- Fixed: IP Lockouts email notification text on permanent IP ban.
February 21, 2017 - version 1.1.6.1
- Fixed: Cache issue causing multiple requests to API endpoint when scanning suspicious files.
February 14, 2017 - version 1.1.6
- Fixed: Collapse Menu button shows bigger font and in all caps
- Fixed: Missing strings in translation (.pot) file
- Fixed: Audit logging reports not using correct timezone.
- Fixed: DB prefix replacing all instances of “wp” if it's used multiple times (ie wp_mytable_wp_subtext)
- Fixed: Auto ban users who log in with the “admin" username not working.
- Some other minor enhancements/fixes
January 11, 2017 - version 1.1.5
- Added: IP Lockouts. Defender can now protect your login area from brute force attacks, monitor 404 errors and automatically lockout any unwanted behavior. It can also permanently ban specific IP addresses and receive email notifications when lockouts occur.
- Fixed: Minor bug fixes and improvements.
October 31, 2016 - version 1.1.4.1
- Fixed: Fatal error when PHP extension sockets is not enabled
October 31, 2016 - version 1.1.4
- Improvement: Audit logging now detects file changes in WordPress core.
- Fixed: Updating via WordPress core now syncs better with the Hub.
- Fixed: Some compatibility fixes for PHP 5.2.
September 20, 2016 - version 1.1.3
- Improvement: Audit Logging now ajax based.
- Fixed: minor bug fixes & some UI/UX improvements
August 24, 2016 - version 1.1.2
- Improvement: Switched the User dropdown in Audit Logging to load results via AJAX to increase initial load performance.
- Improvement: Scan results now pre-load information so that you can action fixes faster.
- Fixed: Removed cronjob events from being tracked in Audit Logging.
- Fixed: The Audit Logging filter box now stays visible if no results are returned.
- Fixed: Other small bug fixes and improvements.
August 8, 2016 - version 1.1.1
- Added: A warning indicator in WP Admin sidebar to let you know how many security issues are outstanding.
- Added: The ability to choose to only receive email reports when there are issues with your website.
- Fixed: Minor bug fixes & improvements
July 25, 2016 - version 1.1
- New feature: Audit logging
- New plugin icon
- Vulnerability plugins/theme scan result can be ignored
- Some other minor enhancements/fixes
May 21, 2016 - version 1.0.8
- Improve Core Integrity Scan.
- Improve caching method
May 17, 2016 - version 1.0.7
- Improved: Scan schedule.
- Fix: issue with W3 Total Cache Object Cache
May 13, 2016 - version 1.0.6
- Fix: Defender data doesn't sync with HUB correctly
- Fix: Email report doesn't send properly
- Some other minor enhancements/fixes
April 28, 2016 - version 1.0.5
- Added: Option to choose reminder period for Hardener rule "Update old security keys"
- Improved: Compatibility with Windows server
- Improved: Optimized resource usage when scanning
- Fix: issue with memcached
- Other minor enhancements/fixes
April 6, 2016 - version 1.0.4
- Improve scan engine, reduce false positives
- Improve uninstallation method
- Add the ability to ignore hardener rules.
- Improve the performance impact on the site.
- Fix scans sticking at 100% in some cases
- Fix compatibility issues with IIS
- Some other minor enhancements/fixes
March 22, 2016 - version 1.0.3
- Optimize scanning
- Preventing performance issue with some hosts
- Fix false blacklist detection in local environment
- Some other minor enhancements/fixes
March 15, 2016 - version 1.0.2
- Applied ajax inline updates for plugins/themes
- One click Prevent PHP execution
- One click Prevent Information Disclosure
- Add detail page for core integrity issue, and automate resolution
- Fix scan stability with limited memory
- Some other minor enhancements/fixes
March 4, 2016 - version 1.0.1
- Scanning can auto detect if user is active on scanning page to work based on ajax, or leave to enable background scan
- Improve condition checking for Prevent Information Disclosure module
- Improve condition checking for Prevent PHP execution module
March 1, 2016 - version 1
- Initial release!
Start your free trial
Choose the right plan for you and begin your free trial.
![](https://webcf.waybackmachine.org/web/20210901170709im_/https://wpmudev.com/wp-content/themes/wpmudev-2015-1/assets/img/projects/Arrow.png?v=2)
Trusted by 935,647 happy members
More than 97% of customers are happy with WPMU DEV’s service, and it’s a great time to join them. Find out why with a 7-day free trial today!
![Photo of testimonial giver](https://webcf.waybackmachine.org/web/20210901170709im_/https://wpmudev.com/wp-content/uploads/2016/03/testimonial3.jpeg)
![Photo of testimonial giver](https://webcf.waybackmachine.org/web/20210901170709im_/https://wpmudev.com/wp-content/uploads/2016/03/testimonial1.png)
![Photo of testimonial giver](https://webcf.waybackmachine.org/web/20210901170709im_/https://wpmudev.com/wp-content/uploads/2016/03/testimonial2.png)
![Photo of testimonial giver](https://webcf.waybackmachine.org/web/20210901170709im_/https://wpmudev.com/wp-content/uploads/2016/03/testimonial4.png)
Defender Pro Features
Get started blocking the bad guys with the help of these Defender Pro features:
Defender Pro Tutorials
Read our practical Defender Pro tutorials and learn how to make the most of his cyber-security abilities.
Learn how Defender’s vast suite of security features can help banish and keep suspicious code at bay.
Read articleStop troublemakers before they reach your WP site. Learn how to set up a firewall, block IP addresses, and more.
Read articleThe complete Defender security guide. Learn how to protect your site 24/7 against the worst cyber threats.
Read articleSecure and harden your site against malicious attacks with Defender Pro. Get started today.
Frequently Asked Questions
WPMU DEV’s expert support can restore and clean up your site after it’s been hacked for free. If you have a backup, we’ll minimize your downtime by activating the most recent clean version of your site. Our experts will then scan your site with Defender to find and fix known vulnerabilities, permanently remove the malicious code, and set up this firewall of cyber muscle.
You indeed can! Not that we think you’ll need to ;). You may use other security plugins along with Defender. Just make sure the same features are not enabled in both plugins at the same time.
Hackers and bot attacks are not the only threat to your site. No matter what security plugin or service you use, always be prepared with a secure backup stored in a safe location away from your live site. Security does not protect from hosting outages, server errors, and accidentally lost or damaged data. We recommend Snapshot. Defender, along with scheduled managed backups is the best way to keep your site safe.
- Automated security scans
- Scheduled security scans
- Vulnerability reports
- Login protection
- Security tweaks
- Safety recommendations
- Security Headers
- Audit log
- Two-factor authentication
- Google blocklist monitoring
- IP lockout device
- Google reCAPTCHA
- Core, plugin, and theme code checker
- Login masking
- Restore and repair changed files
- Email Notifications
- 404 Lockouts
- Manual IP allowlist and blocklist
- Config, save current settings, and apply any time
- White label
- 2FA integrations: Google Authenticator, Microsoft Authenticator, Authy
- Resolve security recommendations and issues in bulk
- Pwned Password Check
- Force Password Reset
If you’re loving the service and want to stick around after the trial, we’ll use the card you have on file for payment processing… you wouldn’t want to lose the services after all. But equally if you want to cancel at any time then just visit ‘My Account’ – it’s super easy.
If it renews and you intended to cancel, no problem! We totally understand. Just contact us within 30 days of your first payment and we will provide a refund, no questions asked – except we’ll likely ask how we can improve to keep you around next time. ;)
There is no lock-in at all and it’s easy to cancel anytime via your account page, no need to speak to anyone, no stress.
Yes! If you want to use our full suite of plugins and site management services, including live support for anything WordPress related, then you can upgrade to our full membership.
Start a live chat and we’ll be happy to answer any additional questions!
Contact us and we’ll be happy to answer any additional questions!