Advanced threat detection, prevention & multilayered security
Scheduled malware scanning
Comprehensive audit logging
Safe Repair for suspicious files
Hosted WAF integration
Global IP blocklist & monitor
Advanced threat detection, prevention & multilayered security
Unconditional 30-day money back guarantee. No questions asked.
Bonus Your Defender Pro license includes all WPMU DEV Pro plugins at no extra cost
Features
2FA
Enable dual-layered security with biometric and 2FA locks
Firewall
Create your own dynamic firewall with IP logging
Recommendations
Scan for and implement security recommendations
-
Scheduled malware scanningPro
-
Detect & manage vulnerabilities, powered by PatchstackPro
-
Comprehensive audit loggingPro
-
Safe Repair for suspicious filesPro
-
Malware ScanningPro
-
Hosted WAF integrationPro
-
Scheduled Security ReportsPro
-
White labelPro
-
Google blocklist monitoringPro
-
Global IP blocklist & monitor
-
Login protection
-
Security tweaks and recommendations
-
Security Headers
-
Two-factor authentication
-
IP lockout device
-
Google reCAPTCHA
-
Core and plugin code checker
-
Login masking
-
Restore and repair changed files
-
Email Notifications
-
404 Lockouts
-
Manual IP allowlist and blocklist
-
Config, save current settings, and apply any time
-
Resolve security recommendations and issues in bulk
-
Pwned Password Check
-
Force Password Reset
-
User Agent Banning
-
Google reCAPTCHA for WooCommerce
-
Geolocation blocking (block based on location)
-
Lockout logs
-
Backup Codes 2FA auth
-
Fallback Email 2FA auth
-
Automatic security keys regeneration
-
Managing user login duration
-
Biometric Authentication
-
2FA integrations: Google Authenticator, Microsoft Authenticator, Authy, and more
Compatible with
ResourcesSee more on our Blog
Tutorial
How to Get the Most Out of Defender Security
The complete Defender security guide. Learn how to protect your site 24/7 against the worst cyber threats.
Tutorial
How to Find and Delete Suspicious Code
Learn how Defender’s vast suite of security features can help banish and keep suspicious code at bay.
News
Defender Now Supports Google reCAPTCHA
Google reCAPTCHA ensures humans enter your site instead of automated spammers that can wreak havoc. See how it works.
Changelog
June 27, 2024 - version 4.7.4
- Fix: Hide Expert Services when Whitelabel is enabled
June 27, 2024 - version 4.7.3
- Fix: Broken Access Control vulnerability on the Configs page
June 18, 2024 - version 4.7.2
- Enhance: Option to reset Locations on the IP Banning page
- Enhance: Removed unnecessary login filters on Mask Login to enhance security
- Enhance: Show loading icon with message when clicking pagination buttons on Firewall logs
- Enhance: Change the final text for the WP CLI command to remove log files older than a week
- Enhance: Added malware signature to detect fake Core Fork plugin enhancing site security
- Enhance: Email design improvement for 2FA code
- Enhance: Show loading icon only for the current button
- Enhance: Updated malware signatures to detect different infected files improving overall security
- Enhance: Add WP CLI to clear the MaxMind license key
- Fix: Custom logo overlaps on Malware Scanning progress bar
- Fix: Update CalotesDBMapper::save() to handle integers correctly
- Fix: Google reCAPTCHA bypassed using auto-fill on the Login page
- Fix: Google reCAPTCHA v2 invisible not working with the Ship to a different address option in the WooCommerce plugin
- Fix: Suspicious files are not detected in the plugin folder when Scan plugin files are enabled
- Fix: Notification displayed twice on the Notifications page in the free version
- Fix: Mask Login URL isn't working when it is a Plain permalink structure
- Fix: WordPress sends an error email with the Mask_Login::filter_site_url method
- Fix: Update Support links
- Fix: UI Improvements
- Fix: Bulk delete issues fail when files have non-edit permissions
- Fix: Calendar displayed in blue when High contrast mode is enabled
- Fix: Ban/unban IP from Firewall Logs not reflected on the IP Banning Tab
- Fix: Mask URL is not working on the default WP recovery email when a site goes down
May 1, 2024 - version 4.7.1
- Enhance: UI enhancements in the Malware Scanning screen
April 22, 2024 - version 4.7
- Enhance: Create a dropdown for Trusted Proxy Preset
- Enhance: Add .well-known to scan allowlist
- Fix: Undefined array key 'path' after update
- Fix: Fix Validation gets bypassed in Google reCAPTCHA
- Fix: Add malware signature
- Fix: Unlock time overlaps with the Defender logo in the footer
March 18, 2024 - version 4.6
- New: Introducing the "Unlock Me" feature to unblock admin on lockout
- Fix: False positive with BuddyBoss plugin on Malware scan
- Fix: Undefined variable in two-fa.php
February 26, 2024 - version 4.5.1
- Enhance: Improve IP detection with auto-detection for Cloudflare and notices for proxy configurations
- Enhance: Compatibility with WordPress 6.5
- Enhance: Replace the old Twitter logo with the new logo in emails
January 24, 2024 - version 4.5
- Enhance: Compatibility with PHP 8.3
- Enhance: Improve white-labeled emails
- Enhance: Redesign Quarantine page
- Fix: Scanning Issues when suspicious files are in the plugins folder and don't have plugin headers
- Fix: Remove redundant table creation conditional guard clause
- Fix: Rules for Defender > 2FA > Woocommerce are not overwritten over time
- Fix: Scan flagging "All in one security" files as suspicious
- Fix: Defender Google reCAPTCHA does not work with WooCommerce Gutenberg Checkout block
- Fix: Masked Login not working after registration
January 22, 2024 - version 4.4.2
- Enhance: Recommended IP Detection method with improved accuracy, site security, and harder-to-bypass IP banning
December 19, 2023 - version 4.4.1
- Enhance: UI Enhancements
December 11, 2023 - version 4.4
- Enhance: Adjust the size of the summary box logo
- Enhance: Update the Twitter name and logo
- Enhance: Update SUI to the latest version
- Fix: Update malware signatures
- Fix: PHP warning after activating Defender Security Headers
- Fix: Remove Translation Link when the Whitelabel Hide Links option is enabled
December 5, 2023 - version 4.3.1
- Improvement: Minor code improvements and fixes
November 27, 2023 - version 4.3
- Enhance: Whitelist IP addresses
- Enhance: Display the status of Global IP in config details
- Enhance: Check for plugin tables created without the default upgrade.php file
- Enhance: Add URI Parameter to the 'wd_404_lockout' hook
- Fix: Update malware signatures
- Fix: Failed login with 2FA on Masked Login page
- Fix: PHP v8.1 warning for Defender Masked Login
- Fix: PHP v8.1 warning for setcookie()
- Fix: Issue when applying custom config
October 19, 2023 - version 4.2.1
- Fix: Deprecation error in the log
- Fix: Data opt-in modal visibility conditions
October 16, 2023 - version 4.2
- Enhance: Compatibility with WordPress 6.4
- Enhance: Improve Mask Login hooks to avoid bypassing
- Enhance: Add relevant icons to suspicious file accordion
- Enhance: 'Save Changes' button in security headers is not disabled when clicked
- Enhance: UI Enhancements
- Fix: Secure log data handling
- Fix: Global IP data sync error on new sites
- Fix: Mask login fails to recognize Subdirectory/Subdomain and Post/Page slugs
September 11, 2023 - version 4.1
- New: Safe Repair for Suspicious files
- Enhance: Require PHP 7.4 as the minimum supported version
- Enhance: Allow to quarantine readme.txt files
- Enhance: Enable "Move to quarantine" by default when deleting or repairing a file
- Enhance: Improve the Quarantine directory accessibility logic
- Enhance: Update Quarantine page copy
- Enhance: Add new toggle state "Push permanently blocklisted IPs" to config structure
- Enhance: Add banned IP to the Global IP blocklist on the firewall logs page
- Enhance: Remove Beta info about 2FA
- Enhance: GeoLite2 DB URL is not working
- Enhance: PHP v8.1 warnings for the "PHP QR Code" package
- Enhance: Update the primary color in the email notifications
- Enhance: Change the "Settings" link to "Dashboard" on plugins page
- Enhance: UI Enhancements
- Fix: False positives on Windows server
- Fix: Bypass masked URL and view the masked URL slug using Gravity Forms gf_page-argument
- Fix: Compatibility issues with the Polylang plugin
- Fix: Fix scrolling on Global IP section
- Fix: Quarantined file time sent to HUB is not in GMT/UTC-based timestamp
- Fix: Replace the deprecated FILTER_SANITIZE_STRING in PHP v8.1+
- Fix: Forminator shortcode not rendered in Gutenberg block when Defender is activated
- Fix: Cannot recheck Prevent PHP Execution
- Fix: IP Allowlist/Blocklist do not accept more than one IP on Windows server
- Fix: Mismatch in the "Free Membership text" on the Defender dashboard page
- Fix: Geo-blocking does not work on a multisite subsite
- Fix: Hide WPMU DEV URLs when Whitelabel is enabled and not listed users
- Fix: Compatibility issues with the Amelia Pro plugin
August 24, 2023 - version 4.0.2
- Fix: Adjust table creation based on storage engines
August 9, 2023 - version 4.0.1
- Fix: Quarantine table creation on upgrade from free to pro
July 25, 2023 - version 4
- New: Safe Repair
- Enhance: Compatibility with WordPress 6.3
- Enhance: Replaced hero image with new product logo
June 19, 2023 - version 3.12
- Enhance: Update global IP cron schedule to hourly
- Enhance: Improve malware scan core
- Enhance: Extend conditions for crawler request validation
- Enhance: Replace trial prompts in Defender free
- Fix: User agent is blocked when the blocklist is empty
- Fix: Issues when deleting vulnerable plugins or themes
- Fix: Released temporary IP addresses are shown in the Active Lockouts list
- Fix: Detect malware in core-builder and core-engine plugins
- Fix: Defender Reset option does not clean the malware results items
- Fix: New hook to avoid the connection block for Manage WP when 2FA is enabled
- Fix: Defender mask URL breaking the default language switch on the login page
- Fix: Issues activating the mask login feature when a post/page and mask login slug are the same
- Fix: Having login and registration forms on the same page causes a conflict with Google reCAPTCHA
- Fix: Delete action shows up even after the deletion of the default security config
- Fix: Issues in deleting the default security config
- Fix: Google reCAPTCHA is not deactivated if Woocommerce is enabled without forms selection
- Fix: User search for recipient does not work in notifications bulk configure
- Fix: An error message is shown by default in the notification modal
- Fix: Grammar and spelling errors
- Fix: Typo on result lines on the Audit Logging page
- Fix: Add comments for all translation strings with placeholders
- Fix: Typo in "Change default admin user account" security recommendation
- Fix: Typo in "Update PHP to latest version" security recommendation
June 12, 2023 - version 3.11.1
- Enhance: Performance improvements
May 15, 2023 - version 3.11
- New: Autosync Local Blocklists with the Hub Global IP
- Enhance: Compatibility with PHP 8.2
- Enhance: Improve 'Hide error reporting' recommendation
- Enhance: Improve 'Prevent PHP Execution' and 'Prevent Information Disclosure' recommendations on Windows server
- Enhance: WP-CLI commands for Google reCAPTCHA
- Enhance: Remove unused plugin core methods
- Fix: Error when adding a '<' tag in Invite by email Recipients name in all notifications
- Fix: Not possible to create config with Defender free version if it is not connected to the Hub
- Fix: Display Undefined message when session expired on Malware Scanning page
- Fix: Audit Logging > Events logs results are not consistent with different WordPress time settings
- Fix: Username filters display incorrect results on Audit Logging page
- Fix: Incorrect message is displayed to user when we enter a '<' tag in banned username and other textarea lockout fields
- Fix: Button status (color and text) are not changed when Ban Bulk applies on the Firewall Logs page
- Fix: When session expired and try to login with 2FA TOTP then email and password are empty
April 10, 2023 - version 3.10.1
- Fix: Unparsed HTML in email notification templates
April 3, 2023 - version 3.10
- Enhance: Improve Maxmind country selection flow
- Enhance: Security improvements in plugin email templates
- Enhance: Remove declare( strict_types = 1 ); directive to reduce error cases
- Enhance: Replace old Grunt packages
- Enhance: Improve Defender admin menu icon
- Enhance: Rephrase the Fallback email description
- Enhance: Create hash by reading the file in chunks to save memory
- Enhance: Update SUI to the latest version
- Fix: Security Key regeneration cron doesn't take the wp-config.php file's modification date into account
- Fix: Google reCAPTCHA prevents creating a new member-user with WC Memberships plugin
- Fix: Google reCAPTCHA error when using the Ultimate Member reCAPTCHA extension with Login enabled
- Fix: Defender conflicts with Eventlist plugin at checkout step
March 14, 2023 - version 3.9.1
- Enhance: Compatibility with WordPress 6.2
- Enhance: Security improvements
February 20, 2023 - version 3.9
- Enhance: Remove Hummingbird log from Audit Logging
- Enhance: Add YARA rule to detect malware
- Enhance: Improve IP columns
- Enhance: Minify DateRangePicker JS and CSS files
- Enhance: Display additional vulnerability data on Malware Scanning page
- Fix: Defender continuously reports WP core vulnerability even after ignore
- Fix: File change detection for plugins and WP core not working on Windows
- Fix: Google reCAPTCHA error when using ProfilePress plugin with Lost Password enabled
- Fix: Google reCAPTCHA is preventing the submission of the WooCommerce review form
- Fix: Country flag broken on Defender's Dashboard page if Emojis Remove option selected in Hummingbird
February 9, 2023 - version 3.8.2
- Fix: Issue with saved configurations from the Hub
January 19, 2023 - version 3.8.1
- Fix: Issue with "Prevent user enumeration" recommendation and WP_Sitemaps_Provider and Stop oEmbed calls
January 16, 2023 - version 3.8
- New: Display vulnerabilities in WP Core on Malware Scanning
- Enhance: New filter to allow specific URLs in Mask Login
- Enhance: Display theme vulnerabilities on Malware Scanning
- Enhance: New cron to remove old lockout records
- Enhance: Improved Firewall Log Buttons on Mobile View
- Fix: Issues with Reset Password link on new user creation
- Fix: Translations are not named properly on wp.org
- Fix: Defender Audit Logging not catching Core updates from HUB
- Fix: Issues with Country detection API
- Fix: Incorrect information on Defender's config profile
- Fix: Defender can't find the infected file in WPMU DEV Dashboard
- Fix: Update YARA rules for different malware in plugins and themes
- Fix: Defender adding IP on both Permanent and Temporary banning lists
- Fix: Files being reported as modified even when identical
- Fix: Regex issue when "Prevent user enumeration" is active
- Fix: Minor grammar and UX Improvements
- Fix: Shared component SUI select vue directive throws JS error
- Fix: Update text in "Prevent Information Disclosure" recommendation
December 14, 2022 - version 3.7
- New: Firewall widget displaying a list of the countries with the highest number of blocked IPs
- Enhance: Block IP when UA is banned
- Enhance: Display IP value in the Firewall log header
- Enhance: Save TOTP secret key to DB only after code verification
- Enhance: Add max number of lockout records
- Enhance: Add timestamp for all lockout records
- Enhance: Firewall Log improvements
- Enhance: User role check
- Fix: Settings saved notice not dismissed automatically
- Fix: Two files from Avada builder 3.8 are reported as suspicious
- Fix: Broken CVSS score details of previously ignored issue
December 5, 2022 - version 3.6
- New: Global IP Allowlist/Blocklist
November 21, 2022 - version 3.5
- Enhance: Two-Factor conflict between Defender and WordFence
- Enhance: Notification configuration settings
- Enhance: Notice for viewing two-factor user information on multisite
- Enhance: Code color for PHP Execution and Information Disclosure
- Enhance: Update SUI to the latest version
- Fix: Banned usernames for WP version older than 5.4
- Fix: Date range calendar on Audit and Firewall logs
- Fix: Remove 'Name & Description' option for the Default Security config
- Fix: NaN showing on Recommendations screen
- Fix: Audit date filter not working for predefined data ranges
- Fix: Redirect URL for the Mask Login feature throwing an error
November 1, 2022 - version 3.4
- New: Disable Google reCAPTCHA for logged-in users
- Enhance: Check HTML Entity for Audit Logs
- Enhance: Web Authentication notice on 2FA page
- Enhance: Show CVSS score in plugin vulnerability details
- Enhance: Compatibility with WordPress 6.1
- Enhance: IP detection
- Fix: Web Authentication during plugin upgrade
- Fix: Banned usernames for existing users
- Fix: Outdated manual rules for Prevent Information Disclosure
- Fix: User detail doesn't match the login/logout audit logs
- Fix: Defender 2FA conflicts with other plugins on Users page
- Fix: Displaying users when bulk updating notifications
- Fix: Masked Login not updating on My sites menu
- Fix: Conflict with OptimizePress
October 20, 2022 - version 3.3.3
- Enhance: 2FA flow for secret keys
September 29, 2022 - version 3.3.2
- Fix: Encrypt 2FA secret keys
September 21, 2022 - version 3.3.1
- Enhance: 2FA security improvements
- Enhance: IP detection
- Enhance: Replace Google fonts with Bunny fonts for GDPR compliance
- Enhance: Membership detection
- Fix: Defender User Agent banning
September 5, 2022 - version 3.3
- New: Google reCAPTCHA integration with BuddyPress plugin
- New: Google reCAPTCHA for WooCommerce Checkout
- Enhance: Add new Delete Lockouts button
- Enhance: Prevent brute force attack though 2fa
- Enhance: Wildcard for User Agent
- Enhance: Add new checkbox for User Agent Lockout to Firewall notification
- Enhance: Disable Delete button for active theme
- Enhance: Vulnerability when scanned using OWASP tools
- Fix: WebAuthn not working automatically on Subsites when it is enabled in Network for Multisite
- Fix: WebAuthn devices unregistered from user profile if salt keys are updated
- Fix: Audit log not capturing event on few themes during login or logout
- Fix: Google reCAPTCHA triggers on Rest API and prevents adding new user for WooCommerce
August 4, 2022 - version 3.2
- New: WooCommerce integration with 2FA
- New: Disable 2FA for a specific user
- New: Use URL for image in 2FA > Custom Graphic
- Enhance: Unsubscribe links in email notifications
- Enhance: White label email notifications
- Enhance: White label 2FA backup codes file
- Enhance: 2FA summary section
- Enhance: Configure 2FA for Super Admin users on multisite
- Enhance: Check HTML Entity for 2FA > App Title
- Enhance: Description for 2FA > User Roles option
- Enhance: Hide Cancel-tooltip while scanning
- Enhance: Include string comments for translators
- Fix: 2FA throwing a blank page
- Fix: Password Reset Link for user fails when Google reCAPTCHA location is set for Lost Password
- Fix: Wrong Malware scan reports when there are identical plugin slugs at wp.org
- Fix: Google reCAPTCHA verification fails if the form is submitted after 2 minutes - token expiration issue
July 20, 2022 - version 3.1.2
- Fix: WAF status not showing correctly
- Fix: Notification scheduler error
- Fix: Plugin support link error
July 5, 2022 - version 3.1.1
- Fix: Notifications module error
July 4, 2022 - version 3.1
- New: YubiKey Authentication
- Enhance: Distinguish Pro and Free plugins with the same slug
- Enhance: Mobile styling for 2FA form
- Enhance: Replace the Support link with a variable
- Enhance: Update the default allowlist of IP addresses
- Enhance: Upgrade vendor packages
- Fix: Wrong confirmation message on Firewall logs screen
- Fix: Defender notification recipients aren't associated with users
- Fix: Configs not applied from the Hub
- Fix: Scan HUB synchronization
- Fix: Notification bulk action is not working
- Fix: Pwned Password updated with simple password on Profile page
- Fix: Storing the MaxMind DB file path relatively instead of a full path
June 14, 2022 - version 3.0.1
- Fix: Beehive Pro plugin flagged issues
June 6, 2022 - version 3
- New: Biometric Authentication
- New: Giveaway Opt-in for Free version
- Enhance: PHP version upgrade
- Enhance: Compatibility with WordPress 6.0
- Enhance: WP-CLI command to show Scan details
- Enhance: Update SUI to the latest version
- Fix: Audit events logged not showing after applying some date range
May 11, 2022 - version 2.8.3
- Enhance: PHP upgrade notice
- Fix: Defender country_iso_code column missing from Lockout table
- Fix: Defender sets all country iso codes as NULL
April 8, 2022 - version 2.8.2
- Fix: All site visitors are blocked
April 7, 2022 - version 2.8.1
- Enhance: Hide write permissions error notices for Tweaks while applying config
- Enhance: Update the default Auth method on the Users page
- Enhance: Singular or plural translation in email templates
- Enhance: Login Protection and 404 Detection Section Update
- Enhance: Show country flags for country-based lockouts
- Fix: Update Firewall's 404 Detection blocklist and allowlist information notice
- Fix: Firewall not working when Country is added to whitelist
- Fix: Updating plugins with known vulnerabilities
- Fix: No passcode when Fallback Email is not the default method
- Fix: 404 Exclusions Inconsistent Logging
- Fix: 2FA token issue
- Fix: Undefined array key "HTTP_HOST"
- Fix: Duplicate key name 'country_iso_code'
- Fix: Welcome modal when white-label enabled
- Fix: Jquery issue on Def's 2FA TOTP page
March 7, 2022 - version 2.8
- New: Backup codes
- Enhance: Text version of 2FA code
- Enhance: Add Update Old Security Keys settings to config
- Enhance: Automatically check for MaxMind database updates
- Enhance: WP-CLI command to delete Defender logs
- Enhance: Delete security tweak settings during uninstallation
- Fix: IP Lockout issue
- Fix: Malware Scanning PHP 8.1 error
- Fix: Native domain mapping doesn't work with login masking
- Fix: Firewall log export doesn't include all entries
- Fix: Duplicate configs
- Fix: Geo DB downloaded to WP-Admin directory
- Fix: Branda conflict – Update User listed twice in logs
- Fix: Notifications user search missing some users
- Fix: When Defender login masking is active, SmartCrawl report URL are broken
- Fix: User filter dropdown count not updating dynamically
- Fix: SSO not working with login masking on multisite
February 2, 2022 - version 2.7.1
- New: Create new endpoints to toggle reCAPTCHA, 2FA modules from Hub
- Enhance: Update SUI to latest version
- Enhance: Refactor Firewall logs
- Enhance: Update admin menu icon
- Enhance: Remove deprecated hooks
- Enhance: Unsubscribe link doesn't work for not logged in users
- Fix: Fatal error on plugin activation with PHP 8.1
- Fix: Display error on Dashboard and Tools pages for huge post data
- Fix: Configure reCAPTCHA without WooCommerce options
- Fix: Invite By Email doesn't check if recipient already added
- Fix: Email text overflows on Notification page
- Fix: Defender downgrade fails
January 18, 2022 - version 2.7
- New: Redesigned emails
- New: Highlight new features in Welcome modal
- Enhance: Malware Scheduling redesign
- Enhance: Optimize MySQL queries for Firewall module
- Enhance: WP-CLI command for User Agent Banning
- Enhance: Improve Audit Logging with user login status
- Enhance: Log rotation proof of concept
- Enhance: Tab styles on Notifications > Recipients
- Enhance: Geoblocking notifications
- Enhance: False positive in Advanced Ads plugin code
- Enhance: Defender Tutorials
- Enhance: WordPress 5.9 compatibility
- Enhance: Include plugin/theme name and version in Audit log
- Enhance: Improve Audit Logging for Hub requested plugin/theme updates
- Enhance: Prevent user enumeration requests
- Enhance: Get WP version when core update is dismissed
- Fix: Cloudflare IPs locked out
- Fix: Multisite Defender logs not cleared after 30 days
- Fix: Pwned Passwords bypassed with incorrect 2FA code
- Fix: Night theme not applied to Suspicious File preview
- Fix: PHP warnings after update
- Fix: Invisible reCAPTCHA UI Issue
November 29, 2021 - version 2.6.5
- Enhance: Add User Agent Banning to Configs
- Enhance: Add User Agent ban status to Log filters
- Enhance: Prevent PHP Execution exceptions
- Enhance: Modify API logic to work with The Hub
- Enhance: Proper validation message for Firewall IP list
- Enhance: Remove outdated scheduled actions
- Enhance: New WP-CLI commands for scheduled actions
- Enhance: PHP 8.1 compatibility
- Enhance: Hide vulnerability warnings after plugin update
- Enhance: Log improvements
- Enhance: False positive improvements
- Fix: Blank dialogue modal shown after login
- Fix: Staff user role blocked when accessing via WPMU DEV Dashboard
- Fix: Malware Scanning progress 'undefined' when session expires
- Fix: Login without completing reCAPTCHA conditions
- Fix: Unable to upload CSV file on MU site
- Fix: Error during malware scanning
- Fix: Typo in Security Recommendations
November 15, 2021 - version 2.6.4
- Fix: Allow admin-post.php on Mask Login Area
November 3, 2021 - version 2.6.3
- Enhance: White labeling support
November 1, 2021 - version 2.6.2
- New: Plugin vulnerability warnings
- New: Import & export User Agent list
- New: Highlight new features in Welcome modal
- Enhance: Update SUI to latest version
- Enhance: Update Upsell buttons
- Enhance: Dashboard widget changes
- Enhance: Update IP Banning Import-Export icon and note
- Enhance: Replace Login Protection 'Deactivate' icon
- Fix: Some malicious files not flagged
- Fix: Malicious plugin not detected
- Fix: Defender continually creating scheduled actions
- Fix: Audit Logging creating duplicate post entries
- Fix: Audit Logging creating user record on multisite
- Fix: Mask URL not working correctly on WordPress installed in subdirectory
- Fix: reCAPTCHA error thrown on theme login modal
October 18, 2021 - version 2.6.1
- New: Google reCAPTCHA integration with WooCommerce plugin
- New: "What's New" modal hidden on fresh installs
- Enhance: Upgrade required minimum PHP version
- Enhance: Unlock active lockouts using WP CLI
- Enhance: Show more detailed log with Audit Logging
- Enhance: Audit Logging on subsites
- Enhance: Rename Feature Policy header to Permission Policy header
- Enhance: "Send notifications when Defender couldn't scan the files" not working
- Enhance: Set a time limit to cancel malware scanning
- Enhance: Mobile view improvements
- Enhance: Add log entry when signing in with 2FA
- Enhance: Change "Basic config" to "Basic Config"
- Enhance: Save a post as Draft and see 3 entries created in Audit log on multisite
- Enhance: Add "Activate" button instead of "Continue" when activating the Notification
- Enhance: Hide malware scan filter when there is no issue
- Enhance: Remove Academy link
- Fix: Audit log duplicates when updating menu items
- Fix: Max countdown showing 24 hours instead of 72 hours
- Fix: Conflict with WooCommerce Payments
- Fix: Typo in User Agent Banning Allowlist UI
- Fix: Issue with 2FA flow
- Fix: Getting PHP Notice / warming on malware scanning
- Fix: Google reCAPTCHA for comments doesn't work with HB Lazy Load
- Fix: Redirect to optimal URL on 2FA OTP success in custom login page
- Fix: Incorrect Google reCAPTCHA error Code for multisite user registration
- Fix: PHP version shows null inside the recommendation
- Fix: Aren't able to explore Recommendations on our hosting
September 20, 2021 - version 2.6
- New: User Agent banning
- New: "What's New" modal hidden on fresh installs
- Enhance: Update Firewall filters and widgets to include User Agent lockouts
- Enhance: Add Countdown timer on the lockout screen
- Enhance Update IP Banning Blocklist/Allowlist UI
- Enhance: Update misaligned pagination on Firewall Logs page
- Fix: GEOIP.PHP issue in Defender Pro
- Fix: Update Malware Scanning loopback request params to same as WP core
- Fix: Can't login using WooCommerce's login/registration forms when Defender reCAPTCHA is enabled
- Fix: PHP version recommendation
- Fix: Integrate Defender password features with activated 2FA feature
- Fix: Issue with activated Mask Login Area and 2FA features
- Fix: Malware Scanning reports not sent on MU sites
August 25, 2021 - version 2.5.7
- Fix: Firewall Locations ban issue
August 23, 2021 - version 2.5.6
- New: reCAPTCHA for comments
- Enhance: 404 lockout – CSS, JS and MAP files excluded
- Enhance: Hide "Powered by Defender" line when Whitelabel is enabled
- Enhance: Hide "What's New Modal" when Whitelabel is enabled
- Enhance: Integrated Force Password Reset feature with Forminator
- Enhance: Option to automatically regenerate security keys
- Enhance: Recipient user list can be sorted and filtered by user role
- Fix: Login Protection and 404 Detection deactivated by itself
- Fix: Google reCAPTCHA v3 Locations issue
- Fix: Problem while navigating malware issues in Defender Pro
- Fix: Defender Pro sends the same reports twice
- Fix: Security Header Referrer description
- Fix: Updating from 2.3.2 to 2.4.4 resets security key recommendation to 60 days
- Fix: Updating from 2.3.2 to 2.4.4 removes previous malware scanning data
- Fix: Notification recipients – 'load more' interaction not visible when adding users
July 26, 2021 - version 2.5.5
- New: Pwned Passwords settings added to Configs
- New: "What's New" modal hidden on fresh installs
- Enhance: "Clear Temporary IP Block List" option added to Configs
- Enhance: Asset Optimization to increase loading speed in the backend
- Enhance: Malware scanning rules improvements
- Enhance: File scan not detecting code inside wp-config.php
- Enhance: Updated white label method from the WPMU DEV Dashboard
- Enhance: Updated footer text on Preset Configs page
- Fix: Forced Password Reset not applied if user of one subsite tries to login to another subsite
- Fix: Displayed number of actioned recommendations in incorrect
- Fix: Free Defender version sending Pro version notifications
- Fix: Callbacks to avoid slow log
- Fix: Browser console error when changing default admin username
- Fix: Fix list of auxiliary WP-CLI commands
- Fix: Language translation not updating on multisite
- Fix: 2FA can be forced for user roles when inactive for that role
- Fix: Password reset doesn't work for Flywheel sites if Defender Pro is active
- Fix: Pwned Passwords security flaw
- Fix: Plugin updates via WPMU DEV Dashboard missing from Event Logs
- Fix: File scan reporting empty non-WP directories
- Fix: File scan missing files that start with a dot
- Fix: Defender sending mail reports to [email protected] instead of [email protected]
- Fix: 2FA > Active Users > View users link should open in new tab
- Fix: Issues viewing Dashboard and Notifications pages on Mobile
- Fix: Console error on Mask Login page
- Fix: Change reCaptcha to reCAPTCHA
June 28, 2021 - version 2.5.4
- New: Google reCAPTCHA for WordPress login/register/password reset pages
- New: Highlight new features in welcome modal
- Enhance: Compatibility with WordPress 5.8
- Enhance: Update WP-CLI scan options
- Enhance: Tools dashboard widget
- Fix: Locations feature not working on Flywheel hosting
- Fix: Warnings with PHP version 7.4
- Fix: Password reset page showing if users from any subsite try to save pwned password
- Fix: Guest User under Malware Scanning Notification
- Fix: Various issues with notifications in Defender
- Fix: Can't update email when mask login enabled
- Fix: Minor typo in Dashboard modal
- Fix: Issue Details section not showing code
- Fix: Hide notice on Configs page
June 7, 2021 - version 2.5.3
- Fix: Check password's hash before forwarding to Pwned Password API
June 1, 2021 - version 2.5.2
- New: Force password reset for all registered users
- New: Highlight new features in welcome modal
- New: WP CLI support for Force Bulk Password reset
- Enhance: Integration with Smush - exclude Smush-optimized images from Malware Scanning reports
- Enhance: Add Pwned Passwords and Password Reset widgets to Defender Dashboard page
- Enhance: Change Doc link from advanced-tools to tools
- Enhance: Fix success notification inconsistencies
- Enhance: Add License at the footer of Pwned Passwords
- Enhance: Change 'Please try again!' error message for known vulnerabilities
- Fix: Clean Lockouts option
- Fix: Blank vulnerability report with some plugins
- Fix: Masked login are bypassed with double slash
- Fix: Search details are not showing on IP Banning modal page
- Fix: Defender translations
- Fix: Unable to schedule Posts
- Fix: Issues with Mask Login Area and user creation
- Fix: Typo in Prevent Information Disclosure and Prevent PHP Execution
- Fix: 2FA active state notification should change only after saving settings
May 19, 2021 - version 2.5.1
- Fix: Fatal error after an update from older versions
May 6, 2021 - version 2.5
- New: Check passwords against Pwned database
- New: Highlight new features in welcome modal
- Enhance: Automatically remove old logs after 30 days
- Enhance: Malware scanning security enhancements
- Enhance: Detect suspicious code with 'WPTemplatesOptions'
- Enhance: Detect suspicious code in themes
- Enhance: Some suspicious code threats missed by Defender
- Enhance: Better descriptions for Malware scanning reports
- Enhance: Set 'Scan plugin files' option unchecked by default
- Enhance: Remove 'Scan theme files' option from File change detection
- Enhance: Remove 'Allow From' option from X-Frame-Options header
- Enhance: Platform compatibility with Defender
- Enhance: Rename Advanced Tools to Tools
- Enhance: Documentation links tracking
- Fix: Malware scanning stuck on analyzing theme
- Fix: Translation files not applied
- Fix: Reset not removing all data
- Fix: Send data in persistent date format to Hub
- Fix: Resetting or Uninstalling does not completely remove Defender settings
- Fix: Check all files from scan Issues and Ignored tabs for bulk actions
- Fix: Scrolling Up issue in Active lockouts
- Fix: Update SUI to the latest version
- Fix: Revert button in Prevent User Enumeration recommendation
April 5, 2021 - version 2.4.10
- New: Add WP CLI commands to reset mask login settings
- Enhance: Update links to wpmudev.com
- Enhance: Prevent PHP Execution/Prevent Information Disclosure (show manual instructions on Apache tab)
- Enhance: Bulk Unblock/Undo actions on Active Lockouts
- Enhance: Adjust Malware scanning logic to reduce false-positive reports
- Enhance: Malware Scanning - Disable delete button for a report, when a third-party plugin is active
- Enhance: Change count-logic for total value of issues shown on a main widget and Defender's menu
- Enhance: Improve the behavior of the Active tag on configs feature
- Enhance: Custom notification email for 'When Failed to scan' is not imported to Config
- Enhance: Compatibility with WordPress 5.7
- Enhance: Update minimum supported WordPress version
- Enhance: New Manage Notifications button on notification widget
- Enhance: In Notifications and Dashboard pages, replace "-" with text under Schedule
- Fix: No error when restore core file fails
- Fix: Cron issues for Audit and Firewall modules
- Fix: Defender sending 404 Detection notifications when that type is turned off
- Fix: Remove old deprecated code of recommendations in DB
- Fix: Duplicate IP addresses on Active Lockouts
- Fix: Display different frequency for different timezones
- Fix: 404 Detection timeframe is not imported to Config
- Fix: Showing banner without content on profile page
- Fix: Active Lockouts pagination seems broken
- Fix: Link Defender Settings redirects to Defender Dashboard page on WP plugin page
March 17, 2021 - version 2.4.9
- Fix: Stability fixes
March 12, 2021 - version 2.4.8
- Fix: Unescaped DB parameters
March 1, 2021 - version 2.4.7
- New: Sync Config from Defender with The Hub
- Enhance: Making "Enable Tag" clickable in the notification widget
- Enhance: Allow capital letters in Masked Login
- Enhance: New WP CLI commands for file scanning, reset settings, and clear firewall data
- Enhance: Reducing false-positive reports in malware scanning
- Enhance: Check plugins and themes against the WP.org repository
- Enhance: Adding pagination in Malware Scanning grid
- Enhance: Update text for Suspicious Code scan type options
- Enhance: Bulk configure - Add to reports/Remove from reports options
- Enhance: Improve table performance
- Enhance: Remove hero image when Branding is set to custom for activated Whitelabel
- Fix: Storage logs not deleted
- Fix: Update code preview in Malware Scanning
- Fix: MaxMind DB Reader API version update
- Fix: Keep empty IP for internal or private IPs
- Fix: Failed login attempt with an empty banned username
- Fix: Audit Log Export
- Fix: Loopback request could not be completed
- Fix: Subsites login area is blocked for network users
- Fix: Mask login can be bypassed with wp-signup.php for single sites
- Fix: Ability to use dash symbol at the start/end of New Login URL slug
February 12, 2021 - version 2.4.6.1
- Fix: Security vulnerability for Two Factor Authentication
January 27, 2021 - version 2.4.6
- Security: Malware scan doesn't detect Backdoor:PHP/WP-VCD
- Security: Malware scanning issues with Avada theme
- Enhance: PHP 8 compatibility
- Enhance: Mobile UI improvement for IP lockout logs
- Enhance: Remove menu icon with issue indicator when there are no Scan and Tweak issues
- Enhance: Suspicious Code scan type is deactivated by default
- Fix: Defender security headers not applied when Hummingbird caching is active
- Fix: Revert button not working for certain recommendations
- Fix: Remember Light mode/Dark mode selection for Malware Scanning code preview
- Fix: Resend Invite option is not showing for added users (Add users/Invite by Email)
- Fix: Read More link showing in blue color when High Contrast Mode is ON
- Fix: Fix footer link URL
- Fix: 127.0.0.1 showing multiples times on the firewall logs page
- Fix: Unsubscribe icon is not showing correctly on the notifications page
- Fix: Console errors on various pages when WooCommerce is activated
- Fix: Display error for enabled Mask Login and Site Health request
- Fix: Mask Login Area restricted slugs
- Fix: Showing all files in WP core as modified
- Fix: Defender locking out users and detecting wrong user IP
- Fix: 2FA can't be forced with WooCommerce
- Fix: Disable File Editor tweak reset
- Fix: Issues on Flywheel hosting stability improvements
- Fix: Admin email duplicates in Bulk notification modal
- Fix: Multiple notifications still being sent after update to 2.4.4
- Fix: Error when requesting API on the Audit logs page
- Fix: Audit log does not log all plugins when activated/deactivated in batches
December 21, 2020 - version 2.4.5
- New: Add pagination option for IP lockout logs
- Enhance: Display Blocklist Monitor in the config structure
- Fix: Malware Scanning marks own files as suspicious
- Fix: The IP 127.0.0.1 shows as blocked
- Fix: Display Notifications in the Hub
- Fix: File Scan display issue in MS Edge
- Fix: Hero Image overlaps in Preset Configs
- Fix: Redirect Url UI needs improvement on Choose redirect page
- Fix: Display MaxMind link
December 7, 2020 - version 2.4.4
- Enhance: Change text to 'Security Issue(s)' in the dashboard widget
- Enhance: Compatibility with WordPress 5.6
- Fix: Hub synchronization with Defender
- Fix: Suspicious code found in WPMU DEV plugins
- Fix: PHP warnings and notices for Firewall and Scan modules
- Fix: wp_login_form() not working with Masked Login
- Fix: Chinese URL shows two-digit hexadecimal numbers
- Fix: IP's text goes outside the box in Firewall Logs after bulk action
- Fix: Deactivate button not working first time if there is nothing in Choose redirect page URL in Mask Login Area
- Fix: Update text in Security Recommendations Report
- Fix: Typo in Security Recommendations 'Prevent user enumeration', 'Update old security keys', 'Manage Login Duration'
- Fix: While Activating/Deactivating Firewall module, it shows the same message notification
- Fix: Enabling of Prevent Information Disclosure for Apache server
November 27, 2020 - version 2.4.3
- Fix: Masked Login Area not working in some cases
- Fix: Hub redirect to 404 page when Masked Login Area enabled
November 25, 2020 - version 2.4.2
- Fix: Fatal version on WordPress 5.2 and earlier
November 24, 2020 - version 2.4
- New: Notifications section - centralized manager for all notifications and reports
- New: Onboarding which will replace the old quick setup and enable everything that is recommended
- New: New: Bulk behavior for Security Recommendations - resolve/ignore almost everything with a single click
- New: Improving Security Recommendations UI/UX
- New: 2FA with Authy and Microsoft Authenticator
- New: Highlight new features in welcome modal
- Enhance: Better UI/UX and performance for Malware Scanning
- Fix: The Audit Logging widget on the dashboard doesn’t show the correct report status
- Fix: The custom message in Login Lockout doesn’t apply when an IP is banned by using a banned username
- Fix: Conflict with WP Fastest Cache makes revert buttons show incorrectly
- Fix: Warning with PHP 7.2.x
- Fix: The username search in Audit Logging doesn’t work
September 14, 2020 - version 2.3.2
- New: Add a separate Tutorials sub-menu and X-icon to remove it from the Dashboard
- Improvement: Change mention of blacklist and whitelist to blocklist and allowlist on Defender pages
- Improvement: Change Documentation links for Firewall and Malware Scanning
- Improvement: Config Improvements
- Fix: Display custom login forms if the Defender Masking URL is enabled
- Fix: Receive email from Defender security tweaks daily
- Fix: Activate 'Mask Login Area' through the Defender dashboard
- Fix: Correct display of the Audit log for a new registered user with other than Subscriber role in MU
- Fix: Masked login alters ajaxurl in MU in sites table page
- Fix: Remove 'ambient-light-sensor', 'picture-in-picture', 'speaker' and 'vr' directives from Feature-Policy header
- Other minor enhancements and fixes
August 10, 2020 - version 2.3.1
- New: Feature to save presets configurations of the Defender's settings, and make them available to download and apply to your other sites.
- New: Add tutorials section in the Defender dashboard.
- Improvement: Allow to bulk delete suspicious files
- Improvement: Improve the logic of how "Include sub-domains" option should be shown on the Strict Transport Security header
- Fix: Prevent wp-signup.php to access when Mask Login is enabled.
- Fix: 2FA login does not redirect correctly after login via the my-account page of Woocommerce
- Remove: Change default database prefix, as this can be bypass.
- Other minor enhancements and fixes
May 18, 2020 - version 2.3
- Improvement: Change the description for X-Content-Type-Options security header
- Fix: The WAF widget and WAF page will be hidden when white label activated
- Fix: Include Subdomain option for Strict Transport security header
- Fix: Cron for Audit logs
- Other minor enhancements and fixes
May 4, 2020 - version 2.2.9
- New: WPMU DEV’s Hosted Web Application Firewall (WAF) is a first layer of protection to block hackers and bot attacks before they ever reach your site. Websites hosted with WPMU DEV can now use this advanced WAF by enabling it via your site’s Security or Hosting tab in The Hub.
- Improvement: Moved the security headers out of Security Tweaks and into their own section inside Advanced Tools.
- Improvement: Relocated Two-Factor Authentication to it’s own menu item and area.
- Improvement: Renamed a couple of modules to more accurately reflect what they do.
- Fix - Minor bugs and improvements
April 28, 2020 - version 2.2.8
- Improvement: Add plugin configuration import/export option for Hub
- Improvement: HSTS Maximum age of Strict Transport Security header added 30 days, 2 years
- Improvement: Update copy for MaxMind license key
- Fix: Separate email subjects of templates for scan notifications
- Fix: Warning open_basedir restriction in effect
- Fix: 2FA required even if the role is unchecked
- Fix: Preview for Lockout Custom Message doesn't work
- Fix: Sending lockout emails even though they are disabled
- Other minor enhancements and fixes
March 9, 2020 - version 2.2.7
- Fix: Audit Logging sometime triggers a fatal error on some setups.
February 17, 2020 - version 2.2.6
- Improvement: Frequency of Security Tweak notifications reduced to 7 days
- Fix: GeoIP now compatible with new MaxMind policy
- Fix: Mask login URL now allow URL with an extension
- Fix: Lockout notification email now displays correct time unit
- Fix: Get started screen appears only where required
- Fix: Manage your email preferences & unsubscribe email link now works
- Fix: Strict Transport Security Header now shows subdomain option on the root domain
- Fix: On login lockout, Defender doesn't block IP permanently
- Fix: Mask login won't block admin links from email
- Other minor enhancements and fixes
January 27, 2020 - version 2.2.5
- Fix: Displaying Defender pages after activating the plugin.
January 16, 2020 - version 2.2.4
- Fix: Security tweaks self ping cause performance issues.
November 28, 2019 - version 2.2.3
- Improvement: Increased the frequency of Security Tweak notifications from daily to weekly.
- Fix: Two-Factor activate/deactivate not working as expected.
- Fix: Defender IP Lockouts was blocking Hub services.
- Fix: Error when bulk deletes lockout logs, without selecting any.
- Fix: Active Translation in General Settings was not using the language that had been set.
- Fix: The first time you setup the Blacklist location, it doesn't save.
- Fix: Security Keys tweaks showing decimals in status.
- Fix: Enforcing Security Header tweaks revert when you refresh the page.
- Fix: Lockout duration in email notification now reflects the right setting instead of always in seconds.
- Fix: Missing logs from the Audit logging screen.
- Remove: WordPress REST API security tweak. This feature was causing many sites to break basic functionality so we've decided to remove it.
- Other minor enhancements and fixes
October 14, 2019 - version 2.2.2
- Feature: New security tweaks: Security headers.
- Feature: New security tweak: Block WordPress Rest API.
- Feature: New security tweak: Prevent user enumeration.
- Feature: Ability to talk with HUB for syncing Defender settings.
- Improvement: Add ability to ban by filename/extension.
- Improvement: Allow user to change the retention period of Audit Logs in Defender.
- Improvement: Add the ability for an admin to unblock a temporarily blocked IP.
- Improvement: Add 'Your current time' to Reporting tabs.
- Fix: Email link still goes to wp-admin instead of masked one, if use Defender Mask Login.
- Fix: Css z-index issue with Quick setup modal.
- Fix: Use hostname instead of wp-defender in authenticator app.
- ?Fix: Minor grammar and UX improvements.
- Fix: Upgrading from the older version disables the settings in the mask-login.
July 2, 2019 - version 2.1.4
- Fix: Mask Login cause issue when visiting /wp-admin/network/sites.php
June 18, 2019 - version 2.1.3
- Feature: Security tweaks will send reminder when no tweaks were actioned after activation
- Improvement: Scanning will be more catchy, especially with code using eval function, however that can lead to more false positive, please consider to check with our support before delete the file.
- Fix: Bring back the tooltips system
- Fix: Audit filter links doesn't reflect the right results if open in new tab
- Fix: Filtering issue type in scanning now show correct results.
- Fix: Scanning notification keep sending when the setting turn to "off"
- Fix: User IP in IP Lockout->Blacklist now show the correct IP.
- Fix: Bring back the subject customization field in Scanning email config.
- Fix: Manage Login Duration wont make user to login twice anymore.
- Fix: Audit filtering by user now working properly
- Fix: We change the Audit logging items' color from red to more neutral.
- Fix: Ad Widget won't be show in vulnerability list by accident anymore
- Fix: Bottom bulk selector in Scanning page now work properly
- Fix: Deprecate warning from the function strpos() in php 7.3
- Fix: Sync issues with HUB will be more consistent.
- Fix: Mask login doesn't work properly if Wordpress get installed in a sub-folder
- Fix: Conflict with Avada theme which making scanning stuck
- Fix: Gracefully handle error when php dom extension does not install
- Fix: Prevent factory reset revert database prefix into wp_ even though it was not set by Defender.
- Fix: Prevent slashes added in email template
- ?Fix: Minor grammar and UX improvements.
April 10, 2019 - version 2.1.2
- Feature: Defender Pro now supports the WPMU DEV Dashboard’s white label feature.
- Feature: You can now perform a factory reset of Defender’s settings via the Settings screen, as well as control what happens to data when the plugin is uninstalled.
- Improvement: Defender File Scanning no longer identifies robots.txt as a potentially harmful file.
- Improvement: We’ve turned off autocomplete on the two-factor authentication field so that previous codes don’t show up.
- Fix: Fixed a conflict with Defender where the 404 lockout feature would lock out users who tried to access old Hummingbird cache files.
- Fix: You can now view date ranges greater than 7 days for IP Lockout logs
- ?Fix: Minor grammar and UX improvements.
March 20, 2019 - version 2.1.1.1
- Fix: Two-Factor Authentication QR code not being displayed on new device registration.
February 18, 2019 - version 2.1.1
- Fix: Prevent Information Disclosure corrupts htaccess code
February 18, 2019 - version 2.1
- New: Geo-based IP blocking. Completely block incoming traffic from specific countries to gain full control over who can and can’t access your site.
- New: Upgraded design components and improved user experience across the board.
- Fix: Corrupt .htaccess rules generated by Defender weren’t able to be re-applied when adding them a second time.
- Fix: Users can no longer get past login masking when using double slashes.
- Fix: Javascript errors prevented adding recipients to notifications and editing templates.
- Fix: Blacklist monitoring could not be enabled on some sites.
- Fix: Parse error on installations running PHP 5.3.
- Improvement: Removed activation redirection and tooltips on first activation.
- Other minor enhancements and fixes
October 18, 2018 - version 2.0.1
- Fix: permanent ban on 404 lockouts now sends correct email.
- Fix: IP lockout logs not showing correct results/order on different pages.
- Fix: IP lockout logs showing wrong badge for 404 lockouts.
- Fix: 2FA not working properly when using Sensei plugin.
- Other minor enhancements and fixes.
September 4, 2018 - version 2
- New: added tweak “Disable XML-RPC”
- Improvement: Two factor authentication can now be force enabled by role.
- Improvement: Masking URL description.
- Fix: Compatibility with Appointments+ login when Mask Login is enabled.
- Fix: /login/ will be blocked instead of redirecting to right login URL
- Fix: new site registration email login URL will now show right Login URL instead of the original one when Mask URL is enabled.
- Fix: Accessibility issue when activating 2FA.
- Changes: Show Admin Pointer on initial Defender activation, and removing the redirect behavior.
- Other minor enhancements and fixes
July 9, 2018 - version 1.9.1
- Fix: Mask Login Area description text is misleading
- Fix: wp-admin link of sub-sites in networks link to wrong admin URL
- Fix: Prevent Information Disclosure & Prevent PHP Execution show false error message when first applied
- Fix: Dashboard reporting section mis-alignment
- Other minor enhancements and fixes
May 24, 2018 - version 1.9
- New: Ability to edit default two-factor authentication email notifications
- New: Added Privacy Policy in privacy guideline page
- Improvements for lockout logs interface
- Improvement: Smarter report default time.
- Fix: Defender auto redirect issue when bulk activating plugins
- Fix: saving 404 redirect URL issue
- Fix: Some layouts are shifted on mobile devices
- Other minor enhancements and fixes
April 10, 2018 - version 1.8
- New: Hide the default WordPress login URLs with the new Mask Login Area feature, giving you enhanced protection from hackers and bots.
- New: Ability to force two-factor authentication for all users.
- Fix: Fixed a bug where file scanning would detect wp-config.php as suspicious.
- Fix: Fixed an issue where the lockout pages could be cached by external cache engines.
March 19, 2018 - version 1.7.6
- Fix: Defender now can recognize and verify Bing Bot for whitelisting
- Fix: Lockout page now will use site title instead of the text 'WP Defender'
- Other minor enhancements and fixes
February 7, 2018 - version 1.7.5
- Fix: Report status missing in Hub Security tab
- Fix: Some themes/plugins shown as a vulnerability but no info available
- Other minor enhancements and fixes
January 16, 2018 - version 1.7.4.2
- Fix: Remove debug data
- Fix: Issue with Hub
December 4, 2017 - version 1.7.4.1
- Added: Endpoint API so HUB can work with Defender natively through WPMU DEV Dashboard plugin
November 21, 2017 - version 1.7.4
- Fix: Conflict with Jetpack where Defender 2FA module would not detect if Jetpack 2FA was disabled.
- Fix: Visitor would get a 404 lockout if landing on a page with many dead links.
- Improvement: When an user is deleted, audit logging now display the user's login instead of only UID.
- Other minor enhancements/fixes
October 14, 2017 - version 1.7.3
- Fix: Two-factor authentication can be bypassed by user with no role.
- Improvement: Enhanced two-factor authentication protection across multisites.
October 9, 2017 - version 1.7.2
- Improvement: Improvement: IPv6 support for both whitelisting and blacklisting, requires IPv6 support on the server.
- Improvement: Better UI/UX for Two-factor authentication.
- Fix: Security tweak "Prevent PHP Execution" and "Protect Information" now support Apache 2.4 htaccess rules.
- Other minor enhancements/fixes
September 27, 2017 - version 1.7.1
- Improvement: Audit logging logs will be stored up to 1 year, query range can be set up to 3 months
- Improvement: Option to set a cooldown period for lockout notifications.
- Added: widget for 2 factors authentication
- Fix: Defender does not detect the right IP when CloudFlare is being used
- Fix: Conflict with TM Photo Gallery Plugin
- Other minor enhancements/fixes
August 15, 2017 - version 1.7
- New: Now you can enable 2 factors authentication with Defender and Google Authenticator app, support for iOS and Android
- New: We can define how long the "Remember me" can take affect, via a new Security Tweak, called "Manage Login Duration"
- Improvement: IP Lockout logs now have separate tables, better for performance.
- Fix: Ignore a file in Scanning section sometimes coming back after couple of scans.
- Other minor enhancements/fixes
July 6, 2017 - version 1.6.2
- New: CSV export for Audit Logging.
- Improvement: Email reports now have unsubscribe link, and link to Reports where email reports can be turned off.
- Fix: Typo in Audit email.
- Other minor enhancements/fixes
June 21, 2017 - version 1.6.1
- Improvement: Improved IP Lockout performance.
- Fix: Audit logging detects wrong WordPress version when upgrade
- Fix: "Update old security keys" doesn't move to resolved list after processed
- Fix: When emptying IP Lockout logs cause timeout error.
- Fix: Typos in some places
- Other minor enhancements/fixes
June 5, 2017 - version 1.6
- Improvement: Allow users to select and apply rules to other server type in Prevent PHP Execution and Prevent Information Disclosure.
- Fix: Sometimes HUB status doesn't sync with WordPress site.
- Other minor enhancements/fixes
May 17, 2017 - version 1.5
- New: You can now add exceptions for specific PHP files in the PHP Execution Security Tweak.
- Improvement: Filtering all log types now uses URLs instead of ajax only, meaning you can link to a filtered log easily.
- Improvement: Various user experience updates across the plugin interface to make using Defender even easier.
- Fix: Lockout Logs now display from newest to oldest.
- Fix: Lockout Logs pagination now works correctly.
- Fix: Inconsistencies in the IP Lockouts stats across the plugin.
- Fix: Sending Audit Logging reports to multiple recipients would address all recipients as the first user's name.
- Fix: Grammar and typos in some modals and error messages.
- Fix: If Defender finds a vulnerability in WordPress's core, the text would indicate running an update would fix the issue though no update was actually available yet.
May 3, 2017 - version 1.4.2
- Improvement: The plugin interface will now stretch to utilize extra screen space on larger screens.
- Fix: Audit Logging was getting its days mixed up in the summary area. You’ll now see the correct day of the week.
- Fix: We squashed a bug that was causing files scans to sometimes report false positive files after WordPress core upgrades.
- Fix: A conflict with Jetpack was causing scans to stall, which we have now fixed up.
- Fix: In some cases File Scanning reports wouldn't actually stop sending if you disabled them. It now obeys commands.
- Fix: Google's bot was being blocked by IP Lockouts but now it's free to crawl and index as it pleases.
- Fix: We removed redundant “cancel” buttons on settings pages. You probably won’t even notice!
- Fix: We’ve added live stats so now there’s no need to wait around in anticipation while running files scan actions.
- Fix: Stats weren’t displaying the right numbers after actioning security tweaks, but it’s all good now.
- Fix: Pagination on the Audit Logging logs page now works like you would expect it to.
- Fix: Files detected in File Scanning now have metrics with their file sizes.
- Fix: We’ve fixed styling issues with toggles.
- Fix: We removed the” Resolve bulk update” option from File Scanning. It wasn’t really a valid action.
- Fix: Incomplete icons in the Dashboard reports area have been updated.
- Fix: We’ve removed redirection from the dashboard to the File Scanning page are after preforming a file scan so now you shouldn’t feel lost.
- Fix: Lots of other small stuff, like minor cosmetic and grammar fixes.
April 21, 2017 - version 1.4.1
- Fix: Compatibility issue with Getting Started Wizard
- Fix: Scanning was sometimes slow or getting stuck
April 18, 2017 - version 1.4
- New: Meet the brand new Defender! This release focuses on making security for WordPress a better place. We’ve given the UI a refresh and updated the UX, so configuring your security settings is a walk in the park.
- Fix: A ton of bug fixes & improvements. Yep, vague description! But why bore you with the small stuff when you could be spending time bolstering your site’s security?
March 13, 2017 - version 1.3
- Added: Endpoint API so HUB can work with Defender natively through WPMU DEV Dashboard plugin
- Other minor enhancements/fixes
February 27, 2017 - version 1.2
- Added: New Hardening Rule (PHP version)
- Improvement: Audit Logging now allows date range selection.
- Improvement: IP Lockouts now allow IP ranges in whitelist/blacklist.
- Improvement: IP Lockouts now can import/export whitelist/backlist.
- Fixed: IP Lockouts email notification text on permanent IP ban.
February 21, 2017 - version 1.1.6.1
- Fixed: Cache issue causing multiple requests to API endpoint when scanning suspicious files.
February 14, 2017 - version 1.1.6
- Fixed: Collapse Menu button shows bigger font and in all caps
- Fixed: Missing strings in translation (.pot) file
- Fixed: Audit logging reports not using correct timezone.
- Fixed: DB prefix replacing all instances of “wp” if it's used multiple times (ie wp_mytable_wp_subtext)
- Fixed: Auto ban users who log in with the “admin" username not working.
- Some other minor enhancements/fixes
January 11, 2017 - version 1.1.5
- Added: IP Lockouts. Defender can now protect your login area from brute force attacks, monitor 404 errors and automatically lockout any unwanted behavior. It can also permanently ban specific IP addresses and receive email notifications when lockouts occur.
- Fixed: Minor bug fixes and improvements.
October 31, 2016 - version 1.1.4.1
- Fixed: Fatal error when PHP extension sockets is not enabled
October 31, 2016 - version 1.1.4
- Improvement: Audit logging now detects file changes in WordPress core.
- Fixed: Updating via WordPress core now syncs better with the Hub.
- Fixed: Some compatibility fixes for PHP 5.2.
September 20, 2016 - version 1.1.3
- Improvement: Audit Logging now ajax based.
- Fixed: minor bug fixes & some UI/UX improvements
August 24, 2016 - version 1.1.2
- Improvement: Switched the User dropdown in Audit Logging to load results via AJAX to increase initial load performance.
- Improvement: Scan results now pre-load information so that you can action fixes faster.
- Fixed: Removed cronjob events from being tracked in Audit Logging.
- Fixed: The Audit Logging filter box now stays visible if no results are returned.
- Fixed: Other small bug fixes and improvements.
August 8, 2016 - version 1.1.1
- Added: A warning indicator in WP Admin sidebar to let you know how many security issues are outstanding.
- Added: The ability to choose to only receive email reports when there are issues with your website.
- Fixed: Minor bug fixes & improvements
July 25, 2016 - version 1.1
- New feature: Audit logging
- New plugin icon
- Vulnerability plugins/theme scan result can be ignored
- Some other minor enhancements/fixes
May 21, 2016 - version 1.0.8
- Improve Core Integrity Scan.
- Improve caching method
May 17, 2016 - version 1.0.7
- Improved: Scan schedule.
- Fix: issue with W3 Total Cache Object Cache
May 13, 2016 - version 1.0.6
- Fix: Defender data doesn't sync with HUB correctly
- Fix: Email report doesn't send properly
- Some other minor enhancements/fixes
April 28, 2016 - version 1.0.5
- Added: Option to choose reminder period for Hardener rule "Update old security keys"
- Improved: Compatibility with Windows server
- Improved: Optimized resource usage when scanning
- Fix: issue with memcached
- Other minor enhancements/fixes
April 6, 2016 - version 1.0.4
- Improve scan engine, reduce false positives
- Improve uninstallation method
- Add the ability to ignore hardener rules.
- Improve the performance impact on the site.
- Fix scans sticking at 100% in some cases
- Fix compatibility issues with IIS
- Some other minor enhancements/fixes
March 22, 2016 - version 1.0.3
- Optimize scanning
- Preventing performance issue with some hosts
- Fix false blacklist detection in local environment
- Some other minor enhancements/fixes
March 15, 2016 - version 1.0.2
- Applied ajax inline updates for plugins/themes
- One click Prevent PHP execution
- One click Prevent Information Disclosure
- Add detail page for core integrity issue, and automate resolution
- Fix scan stability with limited memory
- Some other minor enhancements/fixes
March 4, 2016 - version 1.0.1
- Scanning can auto detect if user is active on scanning page to work based on ajax, or leave to enable background scan
- Improve condition checking for Prevent Information Disclosure module
- Improve condition checking for Prevent PHP execution module
March 1, 2016 - version 1
- Initial release!