Defender Security – Malware Scanner, Login Security & Firewall


Defender adds the best in WordPress plugin security to your website with just a few clicks, including malware scanner, firewall, and login security features. Stop brute force login atta

Total ratings


Defender adds the best in WordPress plugin security to your website with just a few clicks, including malware scanner, firewall, and login security features. Stop brute force login attacks, SQL injections, cross-site scripting XSS, and other WordPress vulnerabilities and hacks with Defender’s malware scanner, providing antivirus scans, IP blocking, firewall, activity log, security log, and two-factor authentication (2FA) login security.

No more complex security settings, Defender’s malware scanner, firewall, and login security features add all the hardening and security you need.

Security Recommendations

Defender’s one-click hardening recommendations instantly adds layers of protection and security to your site.

Block hackers at every level:

  • Malware scanner – scan WordPress core files for modifications and unexpected changes which may be caused by malware. Scan for malware and tighten up the security of your files
  • WordPress Security Firewall – block or allowlist IPs, implement IP blocking, and Geo IP blocking, user agent banning and protect against brute force attacks
  • Two-factor authentication (2FA) – Easily set up better security with 2FA to prevent most login attacks such as brute force, App verification, backup codes, lost device email, WooCommerce 2FA, and Web Authentication
  • Login masking – change the location of WordPress’s default login area to improve login security
  • Login lockout – failed login attempts lockout
  • User Agent Banning – Block bad bots and user agents from accessing your site
  • Security Headers – Add an extra layer of defense security and protect against common attacks like: XSS, code injection, and more
  • 404 Detection – automated block of bot IPs
  • Configs – Create your ideal Defender security settings and export / import saved configs to any other site
  • Geolocation IP lockout – block users based on location and country (IP blocking)
  • Disable trackbacks and pingbacks – spam prevention
  • Core and server update recommendations – stay on top of your system
  • Antivirus scan – scan for active security threats, viruses, and other malware
  • Disable file editor – if they get in, they won’t get far
  • Hide error reporting – don’t reveal your security issues
  • Update security keys – reset on-demand
  • Prevent information disclosure – why tell them what you have?
  • Prevent PHP execution – because it’s daaaangerous!
  • Resolve security recommendations and issues in bulk
  • Google reCAPTCHA – easy to add, stop fraud and abuse – including BuddyPress and WooCommerce.
  • Pwned Password Check – Protect against compromised passwords.
  • Force Password Reset – Force users with selected roles to reset passwords.

Learn The Ropes With These Hands-On Defender Security Tutorials

WordPress Security Scans

Defender’s malware scanner checks for suspicious code and malware. It also compares your WordPress install with the WP directory master copy, and reports any changes so you can restore the original file with a click.

Two-Factor Authentication (2FA)

Easily add an extra layer of protection to your WordPress sites with Defender’s two-factor authentication (2FA) features. Including: mobile app verification (Google Authenticator, Microsoft Authenticator, Authy), backup code generation, lost device emails, WooCommerce 2FA, Biometric Authentication (fingerprint/facial recognition), and Hardware Key Authentication (USB security keys). Easily prevent brute force attacks and login security vulnerabilities.

Login Protection

Brute force attacks are no match for Defender. Limit login attempts so hackers can’t guess passwords. Permanently ban IPs or trigger a timed lockout after a set number of failed login attempts. Use Geo IP blocking to ban users from specific countries or locations.

Firewall and IP Manager

Improve your website security with Defender’s IP manager and firewall. Manually block specific IPs, import a list of banned IPs, and set automated timed and permanent lockouts. Defender makes it easy to block and unblock specific locations quickly thanks to its advanced firewall (WAF) offering Geographical IP blocking.

User Agent Banning

Add user agents to the block or allowlist and stop bad bots from spamming and scraping your site. All major search engines and special network bots are allow-listed out of the box. Easy to set up, Defender’s user agent banning tool does all the security work, with no editing of the .htaccess file required.

Google reCAPTCHA Integration

Add reCAPTCHA to your login / registration pages, lost password forms, and post comments in a couple of steps to up security and help protect from fraud and abuse. Select reCAPTCHA type, language, location, and style to suit. As well as Google, Defender also supports the following reCAPTCHA types:

  • BuddyPress reCAPTCHA
  • WooCommerce reCAPTCHA

Login Screen Masking

Defender makes it easy to move your login screen to a custom URL. Not only does login screen masking improve security, but it also lets you white label your login user experience and improves branding.

Force Password Reset

Force all users with selected roles to reset their password at any time. Especially helpful if you suspect a possible data breach on your site.

Security Headers

Protect your site against common attacks, such as: XSS, code injection, cross site scripting, and more. Enable the following headers:

  • X-Frame-Options
  • X-XSS-Protection
  • X-Content-Type-Options
  • Strict Transport
  • Referrer Policy
  • Permissions-Policy

404 Limiter

Detect when bots are being used to scan your site for vulnerabilities and shut them down. The 404 limiter lets you stop the scan by detecting when a bot keeps visiting pages that do not exist, which can also save you from a giant strain on your site’s performance.

Notifications and Reports

Defender runs surveillance and sends security notifications with information that matters. All activity and notifications are recorded in the activity log to let you see at a glance the website security actions that have been taken by the Defender security plugin.

Reduce Setup Time With Saved Configs

Save your Defender configurations and reapply them to your other sites in just a few clicks. You can create and save an unlimited number of security configurations.

Pwned Password Check

Entered passwords are checked against public database breach records. If a password is identified as compromised, the user will be asked to change it.

Global IP Block/Allowlists

Create your IP block/allow list once, then apply and automatically sync it to all your other sites with just a single click. Save hours by not having to manually add IPs to each individual site. *Note: a [free WPMU DEV account] ( is required to access this feature.

What Do People Say About Defender?

“I found other pro security plugins a bit too fiddly for my taste…I’m delighted with Defender” – KeithADV

“Thank you for bringing back a free and easy to use 2-Factor Authentication after Clef! Defender helps keep me aware of my site’s security.” – awijasa

“Defender’s interface is very intuitive with warnings that are very helpful” – djohns

“Defender Recently blocked over 3000 attacks in one week without any noticeable impact on the website. WPMUDEV knocking it out of the park on this one.” – David Oswald

Secure Websites, More Trust, Better Profit

If you’re running a business website or eCommerce store, privacy, security, uptime and trust are essential.

The Defender security plugin is here to help you: it’s a one of a kind WordPress security plugin that makes web security easy for anyone, for free!

  • Malware scanner
  • Google two-factor authentication (2FA)
  • Web Authentication
  • Firewall setup and configuration
  • One-click site hardening and security tweaking
  • WordPress core file scanning and repair
  • Ongoing firewall protection
  • Google reCAPTCHA
  • Security headers
  • One-click configs
  • Login Screen Masking
  • Pwned Password Check
  • IP Blocklist manager and logging
  • Geo IP blocking
  • User agent banning
  • Unlimited file scans
  • Timed Lockout brute force login attack shield for login protection
  • 404 limiter for blocking vulnerability scans
  • IP lockout notifications and reports

All the above is free and will secure WordPress for you. If you need extra security for your WordPress site, you should get a WPMU DEV Membership.

Our Membership gives you access to Defender Pro – which features automated scanning, scheduled malware scans for Core, themes, plugins and other files, audit logs, firewall protection, Safe Repair, Blocklist monitoring – alongside Snapshot Pro cloud backups, the Hub with automated plugin, theme and core updates and safe-upgrade scans, all our premium WordPress plugins, 24/7 WordPress support and if your sites already been hacked our team of security experts will clean it up at no additional cost.

It’s an incredible deal, and you can find out more here.

About Us

WPMU DEV is a premium supplier of quality WordPress plugins and themes. For premium support with any WordPress-related issues you can join us here:

Don’t forget to stay up to date on everything WordPress from the Internet’s number one resource:

Hey, one more thing… we hope you enjoy our free offerings as much as we’ve loved making them for you!