WP-Safety

Defender Security – Malware Scanner, Login Security & Firewall Security & Risk Analysis

wordpress.org/plugins/defender-security

WordPress security plugin with malware scanner, IP blocking, audit logs, antivirus scans, firewall, 2FA, brute force login security, and more.

90K active installs v5.10.0 PHP 8.0.0+ WP 6.4+ Updated Mar 3, 2026
firewalllogin-securitymalwaremalware-scannersecurity
96
A · Safe
CVEs total7
Unpatched0
Last CVEJun 28, 2024
Plugin page Download
Safety Verdict

Is Defender Security – Malware Scanner, Login Security & Firewall Safe to Use in 2026?

Generally Safe

Score 96/100

Defender Security – Malware Scanner, Login Security & Firewall has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Jun 28, 2024Updated 1mo ago
Risk Assessment

The Defender Security plugin (v5.10.0) presents a mixed security posture. While it demonstrates some good practices, such as a majority of SQL queries utilizing prepared statements and a significant number of output escaping checks, there are notable areas of concern. The plugin has a substantial attack surface, with a large number of AJAX handlers (20 total) and a concerning proportion of these (16) lacking authentication checks. This opens up a significant vector for potential unauthorized actions if these handlers are not properly secured at the WordPress core level. The taint analysis shows no critical or high severity flows, which is a positive sign, but the limited scope of analysis (only 2 flows) might not be exhaustive.

The vulnerability history is a more significant red flag. With a total of 7 known CVEs, including one high severity and six medium severity vulnerabilities, it indicates a pattern of past security weaknesses. The common vulnerability types, such as Missing Authorization and Exposure of Sensitive Information, directly correlate with the static analysis findings of numerous unprotected AJAX handlers. Although there are no currently unpatched vulnerabilities, the historical trend suggests a need for continued vigilance and robust security practices within the plugin's development lifecycle. The last vulnerability being as recent as June 2024 also points to ongoing security challenges. Overall, while the plugin has some foundational security measures in place, the large unprotected attack surface and its history of significant vulnerabilities necessitate a cautious approach.

Key Concerns

  • Unprotected AJAX handlers
  • High number of past medium vulnerabilities
  • Past high severity vulnerability
  • Some SQL queries without prepared statements
  • Lower percentage of properly escaped outputs
  • Bundled library (Select2) may be outdated
Vulnerabilities
7

Defender Security – Malware Scanner, Login Security & Firewall Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2022
2022
3 CVEs in 2023
2023
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
6

7 total CVEs

CVE-2024-37444medium · 5.3Missing Authorization

Defender Security <= 4.7.2 - Missing Authorization

Jun 28, 2024 Patched in 4.7.3 (5d)
CVE-2024-25595medium · 6.5Protection Mechanism Failure

Defender Security <= 4.4.1 - IP Address Spoofing

Feb 12, 2024 Patched in 4.4.2 (3d)
CVE-2023-51490medium · 5.3Insertion of Sensitive Information into Log File

Defender Security <= 4.1.0 - Sensitive Information Exposure via Log File

Dec 27, 2023 Patched in 4.2.0 (27d)
CVE-2023-47189medium · 5.3Protection Mechanism Failure

Defender Security <= 4.2.0 - Masked Login Area Security Feature Bypass

Nov 3, 2023 Patched in 4.2.1 (81d)
CVE-2023-5089medium · 5.3Protection Mechanism Failure

Defender Security <= 4.0.2 - Hide Login Page Feature Protection Bypass

Sep 6, 2023 Patched in 4.1.0 (139d)
CVE-2022-44581high · 7.5Exposure of Sensitive Information to an Unauthorized Actor

Defender Security <= 3.3.2 - Sensitive Information Disclosure

Nov 23, 2022 Patched in 3.3.3 (426d)
CVE-2021-4425medium · 4.3Cross-Site Request Forgery (CSRF)

Defender Security <= 2.4.6 - Cross-Site Request Forgery Bypass

Mar 1, 2021 Patched in 2.4.6.1 (1058d)
Code Analysis
Analyzed Mar 16, 2026

Defender Security – Malware Scanner, Login Security & Firewall Code Analysis

Dangerous Functions
0
Raw SQL Queries
33
104 prepared
Unescaped Output
240
435 escaped
Nonce Checks
12
Capability Checks
15
File Operations
30
External Requests
26
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

76% prepared137 total queries

Output Escaping

64% escaped675 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
process_action (extra\free-dashboard\classes\class-handler.php:263)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
16 unprotected

Defender Security – Malware Scanner, Login Security & Firewall Attack Surface

Entry Points21
Unprotected16

AJAX Handlers 20

authwp_ajax_wpmudev_notices_actionextra\free-dashboard\classes\class-handler.php:127
authwp_ajax_defender_ip_detection_notice_dismisssrc\class-admin.php:40
authwp_ajax_defender_ip_detection_switch_to_xffsrc\class-admin.php:41
authwp_ajax_defender_track_deactivatesrc\class-admin.php:42
authwp_ajax_defender_process_scansrc\controller\class-scan.php:97
noprivwp_ajax_defender_process_scansrc\controller\class-scan.php:98
authwp_ajax_wpdef_logoutsrc\controller\class-session-protection.php:49
authwp_ajax_defender_webauthn_create_challengesrc\controller\class-webauthn.php:54
authwp_ajax_defender_webauthn_verify_challengesrc\controller\class-webauthn.php:55
authwp_ajax_defender_webauthn_remove_authenticatorsrc\controller\class-webauthn.php:57
authwp_ajax_defender_webauthn_rename_authenticatorsrc\controller\class-webauthn.php:59
authwp_ajax_defender_webauthn_get_optionsrc\controller\class-webauthn.php:61
noprivwp_ajax_defender_webauthn_get_optionsrc\controller\class-webauthn.php:62
authwp_ajax_defender_webauthn_verify_responsesrc\controller\class-webauthn.php:69
noprivwp_ajax_defender_webauthn_verify_responsesrc\controller\class-webauthn.php:70
noprivwp_ajax_defender_webauthn_create_challengesrc\controller\class-webauthn.php:73
noprivwp_ajax_defender_webauthn_verify_challengesrc\controller\class-webauthn.php:74
noprivwp_ajax_defender_webauthn_remove_authenticatorsrc\controller\class-webauthn.php:75
noprivwp_ajax_defender_webauthn_rename_authenticatorsrc\controller\class-webauthn.php:82
authwp_ajax_defender_webauthn_disable_user_handle_match_failed_noticesrc\controller\class-webauthn.php:92

Shortcodes 1

[wp_defender_2fa_user_settings] src\controller\class-two-factor.php:173
WordPress Hooks 254
actionwpmudev_register_noticesextra\free-dashboard\classes\class-handler.php:124
actionload-index.phpextra\free-dashboard\classes\class-handler.php:130
actionall_admin_noticesextra\free-dashboard\classes\class-handler.php:204
actionall_admin_noticesextra\free-dashboard\classes\class-handler.php:217
actionwpmudev_notices_after_notice_actionextra\free-dashboard\classes\notices\class-giveaway.php:70
actionwpmudev_scheduled_jobsextra\hub-connector\inc\class-actions.php:50
actionafter_switch_themeextra\hub-connector\inc\class-actions.php:52
actionactivated_pluginextra\hub-connector\inc\class-actions.php:56
actiondeactivated_pluginextra\hub-connector\inc\class-actions.php:57
actiondeleted_pluginextra\hub-connector\inc\class-actions.php:58
actiondeleted_themeextra\hub-connector\inc\class-actions.php:59
actionupgrader_process_completeextra\hub-connector\inc\class-actions.php:60
actionshutdownextra\hub-connector\inc\class-actions.php:63
filteradmin_body_classextra\hub-connector\inc\class-admin.php:48
actionwpmudev_hub_connector_uiextra\hub-connector\inc\class-admin.php:50
actionadmin_initextra\hub-connector\inc\class-admin.php:52
filterextra_plugin_headersextra\hub-connector\inc\class-admin.php:54
filterwpmudev_hub_connector_localize_varsextra\hub-connector\inc\class-admin.php:639
actioninitextra\hub-connector\inc\class-remote.php:60
actionrest_api_initextra\hub-connector\inc\class-rest.php:37
filterupgrader_package_optionsextra\hub-connector\inc\class-upgrader.php:212
actionadmin_enqueue_scriptsextra\plugins-cross-sell-page\app\submenus\class-cross-sell.php:113
filteradmin_body_classextra\plugins-cross-sell-page\app\submenus\class-cross-sell.php:115
actionadmin_menuextra\plugins-cross-sell-page\app\submenus\class-cross-sell.php:121
actionnetwork_admin_menuextra\plugins-cross-sell-page\app\submenus\class-cross-sell.php:124
filteradmin_footer_textextra\plugins-cross-sell-page\app\submenus\class-cross-sell.php:144
filterupdate_footerextra\plugins-cross-sell-page\app\submenus\class-cross-sell.php:147
filteradmin_footer_textextra\plugins-cross-sell-page\app\submenus\class-cross-sell.php:150
actionadmin_headextra\plugins-cross-sell-page\app\submenus\class-cross-sell.php:306
actionadmin_enqueue_scriptsextra\plugins-cross-sell-page\app\submenus\class-cross-sell.php:688
actionrest_api_initextra\plugins-cross-sell-page\core\class-rest-api.php:105
filterwpmudev_hub_connector_localize_text_varsframework\base\class-controller.php:95
actionplugins_loadedsrc\class-actionscheduler-setup.php:31
actionwp_initialize_sitesrc\class-actionscheduler-setup.php:32
actionaction_scheduler/created_tablesrc\class-actionscheduler-setup.php:67
actionadmin_headsrc\class-admin.php:43
actionadmin_footer-plugins.phpsrc\class-admin.php:46
filterplugin_row_metasrc\class-admin.php:65
actionwpdef_fixed_scan_issuesrc\class-admin.php:73
actionadmin_headsrc\class-admin.php:79
actionnetwork_admin_noticessrc\class-admin.php:93
actionadmin_noticessrc\class-admin.php:95
actionwp_footersrc\component\class-captcha.php:274
actionlogin_footersrc\component\class-captcha.php:276
actionwp_login_failedsrc\component\class-login-lockout.php:75
actionwp_login_failedsrc\component\class-login-lockout.php:77
filterauthenticatesrc\component\class-login-lockout.php:80
actionwp_loginsrc\component\class-login-lockout.php:81
actionwd_2fa_lockoutsrc\component\class-login-lockout.php:82
filtersmartcrawl_robots_txt_contentsrc\component\class-malicious-bot.php:132
filterrobots_txtsrc\component\class-malicious-bot.php:179
actionshutdownsrc\component\class-network-cron-manager.php:62
actioninitsrc\component\class-notfound-lockout.php:49
actiontemplate_redirectsrc\component\class-notfound-lockout.php:151
actionadmin_print_styles-plugins.phpsrc\component\class-scan.php:709
filterpassword_hintsrc\component\class-strong-password.php:231
filterwpmu_users_columnssrc\component\class-two-fa.php:756
actionnetwork_admin_noticessrc\component\class-two-fa.php:757
filterms_user_row_actionssrc\component\class-two-fa.php:758
filtermanage_users_columnssrc\component\class-two-fa.php:760
actionadmin_noticessrc\component\class-two-fa.php:761
filteruser_row_actionssrc\component\class-two-fa.php:762
filtermanage_users_custom_columnsrc\component\class-two-fa.php:764
filterms_shortcode_ajax_loginsrc\component\class-two-fa.php:765
actionwpdef_confirm_antibot_toggle_on_hostingsrc\component\ip\class-antibot-global-firewall.php:102
actionwp_loadedsrc\component\ip\class-antibot-global-firewall.php:103
actionsend_headerssrc\component\security-headers\class-sh-content-type-options.php:76
actionsend_headerssrc\component\security-headers\class-sh-feature-policy.php:73
actionsend_headerssrc\component\security-headers\class-sh-referrer-policy.php:69
actionsend_headerssrc\component\security-headers\class-sh-strict-transport.php:242
actionsend_headerssrc\component\security-headers\class-sh-x-frame.php:93
actionsend_headerssrc\component\security-headers\class-sh-xss-protection.php:86
filterxmlrpc_enabledsrc\component\security-tweaks\class-disable-xml-rpc.php:98
filterwp_xmlrpc_server_classsrc\component\security-tweaks\class-disable-xml-rpc.php:100
filterxmlrpc_methodssrc\component\security-tweaks\class-disable-xml-rpc.php:102
filterauth_cookie_expirationsrc\component\security-tweaks\class-login-duration.php:101
filteroembed_response_datasrc\component\security-tweaks\class-prevent-enum-users.php:82
filterwp_sitemaps_users_pre_url_listsrc\component\security-tweaks\class-prevent-enum-users.php:83
filterwp_sitemaps_add_providersrc\component\security-tweaks\class-prevent-enum-users.php:84
filterrest_authentication_errorssrc\component\security-tweaks\class-prevent-enum-users.php:85
filterredirect_canonicalsrc\component\security-tweaks\class-prevent-enum-users.php:94
actionadmin_noticessrc\component\two-factor\providers\class-backup-codes.php:81
actiondefender_enqueue_assetssrc\controller\class-advanced-tools.php:39
actiondefender_enqueue_assetssrc\controller\class-antibot-global-firewall.php:69
actionwpmudev_hub_connector_first_sync_completedsrc\controller\class-antibot-global-firewall.php:75
actioninitsrc\controller\class-antibot-global-firewall.php:98
actioninitsrc\controller\class-antibot-global-firewall.php:100
actioninitsrc\controller\class-antibot-global-firewall.php:101
actiondefender_enqueue_assetssrc\controller\class-audit-logging.php:74
actionshutdownsrc\controller\class-audit-logging.php:81
actiondefender_enqueue_assetssrc\controller\class-blacklist.php:63
actionwd_blacklist_this_ipsrc\controller\class-blacklist.php:66
filterwp_defender_advanced_tools_datasrc\controller\class-captcha.php:81
filterscript_loader_tagsrc\controller\class-captcha.php:87
filtercfturnstile_widget_disablesrc\controller\class-captcha.php:109
filtereasy_cloudflare_turnstile_render_listsrc\controller\class-captcha.php:110
filtereasy_cloudflare_turnstile_verify_listsrc\controller\class-captcha.php:111
actionlogin_enqueue_scriptssrc\controller\class-captcha.php:112
filterauthenticatesrc\controller\class-captcha.php:123
actionlogin_formsrc\controller\class-captcha.php:124
filterwp_authenticate_usersrc\controller\class-captcha.php:125
actionregister_formsrc\controller\class-captcha.php:130
filterregistration_errorssrc\controller\class-captcha.php:131
actionsignup_extra_fieldssrc\controller\class-captcha.php:140
actionsignup_blogformsrc\controller\class-captcha.php:141
filterwpmu_validate_user_signupsrc\controller\class-captcha.php:142
actionlostpassword_formsrc\controller\class-captcha.php:154
actionlostpassword_postsrc\controller\class-captcha.php:156
filtercomment_form_defaultssrc\controller\class-captcha.php:162
actionpre_comment_on_postsrc\controller\class-captcha.php:163
actionwp_footersrc\controller\class-captcha.php:166
actionwoocommerce_login_formsrc\controller\class-captcha.php:175
filterwoocommerce_process_login_errorssrc\controller\class-captcha.php:176
actionwoocommerce_register_formsrc\controller\class-captcha.php:187
filterwoocommerce_registration_errorssrc\controller\class-captcha.php:188
actionwoocommerce_lostpassword_formsrc\controller\class-captcha.php:199
actionlostpassword_postsrc\controller\class-captcha.php:203
actionwoocommerce_after_checkout_billing_formsrc\controller\class-captcha.php:214
actionwoocommerce_after_checkout_validationsrc\controller\class-captcha.php:221
actionbp_before_registration_submit_buttonssrc\controller\class-captcha.php:237
actionbp_signup_validatesrc\controller\class-captcha.php:244
actionbp_after_group_details_creation_stepsrc\controller\class-captcha.php:255
actiongroups_group_before_savesrc\controller\class-captcha.php:256
actiondefender_enqueue_assetssrc\controller\class-dashboard.php:48
filtercustom_menu_ordersrc\controller\class-dashboard.php:49
filtermenu_ordersrc\controller\class-dashboard.php:50
actionadmin_initsrc\controller\class-dashboard.php:51
actiondefender_enqueue_assetssrc\controller\class-expert-services.php:38
actioninitsrc\controller\class-fake-bot-detection.php:43
actioninitsrc\controller\class-fake-bot-detection.php:44
actiondefender_enqueue_assetssrc\controller\class-firewall-logs.php:74
filterhttp_responsesrc\controller\class-firewall-logs.php:93
actiondefender_enqueue_assetssrc\controller\class-firewall.php:173
actionadmin_print_scriptssrc\controller\class-firewall.php:174
filterupload_mimessrc\controller\class-firewall.php:1109
actiondefender_enqueue_assetssrc\controller\class-global-ip.php:62
actionwd_blacklist_this_ipsrc\controller\class-global-ip.php:81
actioninitsrc\controller\class-global-ip.php:83
actionadmin_initsrc\controller\class-hub-connector.php:39
filterwdp_register_hub_actionsrc\controller\class-hub.php:57
actiondefender_hub_syncsrc\controller\class-hub.php:58
actiondefender_enqueue_assetssrc\controller\class-login-lockout.php:53
actiondefender_enqueue_assetssrc\controller\class-main-setting.php:80
actionwd_settings_updatesrc\controller\class-main-setting.php:95
actioninitsrc\controller\class-malicious-bot.php:42
actionwpdef_rotate_malicious_bot_secret_hashsrc\controller\class-malicious-bot.php:43
filterquery_varssrc\controller\class-malicious-bot.php:44
actionafter_switch_themesrc\controller\class-malicious-bot.php:45
actionwp_footersrc\controller\class-malicious-bot.php:50
actionlogin_footersrc\controller\class-malicious-bot.php:51
actiontemplate_redirectsrc\controller\class-malicious-bot.php:52
filterwp_defender_advanced_tools_datasrc\controller\class-mask-login.php:61
filterwp_redirectsrc\controller\class-mask-login.php:89
filtersite_urlsrc\controller\class-mask-login.php:91
filternetwork_site_urlsrc\controller\class-mask-login.php:92
filterupdate_welcome_emailsrc\controller\class-mask-login.php:96
filterlostpassword_redirectsrc\controller\class-mask-login.php:97
filterreport_email_logs_linksrc\controller\class-mask-login.php:99
filterbbp_redirect_loginsrc\controller\class-mask-login.php:101
actionlogin_form_rpsrc\controller\class-mask-login.php:106
actionlogin_form_resetpasssrc\controller\class-mask-login.php:107
filterretrieve_password_messagesrc\controller\class-mask-login.php:109
filteradmin_urlsrc\controller\class-mask-login.php:115
filtermyblogs_blog_actionssrc\controller\class-mask-login.php:119
actionadmin_bar_menusrc\controller\class-mask-login.php:123
actioninitsrc\controller\class-mask-login.php:127
actioninitsrc\controller\class-mask-login.php:133
filterallowed_redirect_hostssrc\controller\class-mask-login.php:501
filterposts_wheresrc\controller\class-mask-login.php:982
actiondefender_enqueue_assetssrc\controller\class-nf-lockout.php:53
actiondefender_enqueue_assetssrc\controller\class-notification.php:69
actiondefender_notifysrc\controller\class-notification.php:75
actionadmin_noticessrc\controller\class-notification.php:89
actiondefender_enqueue_assetssrc\controller\class-onboard.php:61
filteradmin_body_classsrc\controller\class-onboard.php:318
filterwp_defender_advanced_tools_datasrc\controller\class-password-protection.php:53
filternetwork_site_urlsrc\controller\class-password-protection.php:61
filterwp_authenticate_usersrc\controller\class-password-protection.php:63
actionvalidate_password_resetsrc\controller\class-password-protection.php:64
actionuser_profile_update_errorssrc\controller\class-password-protection.php:65
filterwoocommerce_reset_password_messagesrc\controller\class-password-protection.php:67
filterwp_defender_advanced_tools_datasrc\controller\class-password-reset.php:55
filternetwork_site_urlsrc\controller\class-password-reset.php:63
actionvalidate_password_resetsrc\controller\class-password-reset.php:65
actionprofile_updatesrc\controller\class-password-reset.php:66
actionpassword_resetsrc\controller\class-password-reset.php:67
filterwp_authenticate_usersrc\controller\class-password-reset.php:68
actiondefender_enqueue_assetssrc\controller\class-scan.php:96
actiondefender/async_scansrc\controller\class-scan.php:99
action_core_updated_successfullysrc\controller\class-scan.php:101
filterheartbeat_nopriv_sendsrc\controller\class-scan.php:126
actionaction_scheduler_completed_actionsrc\controller\class-scan.php:128
filterwp_defender_advanced_tools_datasrc\controller\class-security-headers.php:33
actiondefender_enqueue_assetssrc\controller\class-security-tweaks.php:97
actionwp_loadedsrc\controller\class-security-tweaks.php:98
filterwp_defender_advanced_tools_datasrc\controller\class-session-protection.php:43
actioninitsrc\controller\class-session-protection.php:46
actionwp_enqueue_scriptssrc\controller\class-session-protection.php:47
actionadmin_enqueue_scriptssrc\controller\class-session-protection.php:48
actionwp_loginsrc\controller\class-session-protection.php:50
filterwp_login_errorssrc\controller\class-session-protection.php:53
actionlogin_headsrc\controller\class-session-protection.php:54
filterattach_session_informationsrc\controller\class-session-protection.php:58
filterwp_defender_advanced_tools_datasrc\controller\class-strong-password.php:59
actionadmin_enqueue_scriptssrc\controller\class-strong-password.php:77
actionuser_profile_update_errorssrc\controller\class-strong-password.php:78
actionlogin_enqueue_scriptssrc\controller\class-strong-password.php:82
actionvalidate_password_resetsrc\controller\class-strong-password.php:83
actionwp_authenticate_usersrc\controller\class-strong-password.php:84
filterrandom_passwordsrc\controller\class-strong-password.php:85
actionwp_enqueue_scriptssrc\controller\class-strong-password.php:92
actionwoocommerce_save_account_details_errorssrc\controller\class-strong-password.php:93
filterwoocommerce_process_registration_errorssrc\controller\class-strong-password.php:102
filterwoocommerce_process_login_errorssrc\controller\class-strong-password.php:110
filterwoocommerce_reset_password_messagesrc\controller\class-strong-password.php:119
actiondefender_enqueue_assetssrc\controller\class-two-factor.php:109
actionupdate_option_jetpack_active_modulessrc\controller\class-two-factor.php:116
actionadmin_initsrc\controller\class-two-factor.php:122
actionpre_get_userssrc\controller\class-two-factor.php:123
actionshow_user_profilesrc\controller\class-two-factor.php:124
actionprofile_updatesrc\controller\class-two-factor.php:125
filterauthenticatesrc\controller\class-two-factor.php:128
actionset_logged_in_cookiesrc\controller\class-two-factor.php:129
actionlogin_form_defender-verify-otpsrc\controller\class-two-factor.php:130
actioncurrent_screensrc\controller\class-two-factor.php:146
actioninitsrc\controller\class-two-factor.php:161
filterquery_varssrc\controller\class-two-factor.php:162
filterwoocommerce_account_menu_itemssrc\controller\class-two-factor.php:163
actiontemplate_redirectsrc\controller\class-two-factor.php:175
actionwd_2fa_enabled_provider_slugssrc\controller\class-two-factor.php:179
filterwoocommerce_prevent_admin_accesssrc\controller\class-two-factor.php:1240
filterwoocommerce_login_redirectsrc\controller\class-two-factor.php:1250
actionwoocommerce_login_form_endsrc\controller\class-two-factor.php:1252
actiondefender_enqueue_assetssrc\controller\class-ua-lockout.php:56
actiondefender_enqueue_assetssrc\controller\class-waf.php:49
actionmainwp_child_site_statssrc\integrations\class-main-wp.php:37
actionadmin_initsrc\traits\defender-bootstrap.php:665
actionafter_setup_themesrc\traits\defender-bootstrap.php:692
filtercron_schedulessrc\traits\defender-bootstrap.php:695
actioninitsrc\traits\defender-bootstrap.php:702
actionplugins_loadedsrc\traits\defender-bootstrap.php:710
actioninitsrc\traits\defender-bootstrap.php:712
actionadmin_initsrc\traits\defender-bootstrap.php:714
actionadmin_enqueue_scriptssrc\traits\defender-bootstrap.php:716
actioninitsrc\traits\defender-bootstrap.php:722
actiondeactivated_pluginsrc\traits\defender-bootstrap.php:724
actionlogin_headsrc\view\two-fa\otp.php:48
actionwp_print_footer_scriptssrc\view\two-fa\otp.php:258
actionwp_print_footer_scriptssrc\view\two-fa\otp.php:416
actionplugins_loadedwp-defender.php:129
actioninitwp-defender.php:154
actionadmin_enqueue_scriptswp-defender.php:155
filteradmin_body_classwp-defender.php:156
actionbefore_woocommerce_initwp-defender.php:162

Scheduled Events 5

defender_hub_sync
defender_hub_sync
wpdef_confirm_antibot_toggle_on_hosting
wpdef_smart_ip_detection_ping
defender_hub_sync
Maintenance & Trust

Defender Security – Malware Scanner, Login Security & Firewall Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 3, 2026
PHP min version8.0.0
Downloads4.0M

Community Trust

Rating96/100
Number of ratings329
Active installs90K
Alternatives

Defender Security – Malware Scanner, Login Security & Firewall Alternatives

BulletProof Security

BulletProof Security

bulletproof-security

A
89

WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam...

30K 12 CVEs
Bearmor Security

Bearmor Security

bearmor-security

A
100

Lightweight, powerful WordPress security for small businesses. Malware scanning, login protection, 2FA, hardening - most features FREE.

50 No CVEs
All-In-One Security (AIOS) – Security and Firewall

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

A
93

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs
Security Optimizer – The All-In-One Protection Plugin

Security Optimizer – The All-In-One Protection Plugin

sg-security

A
86

Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.

1.0M 5 CVEs
MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall

MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall

malcare-security

A
100

Get Bulletproof Security for your WordPress site. WordPress security plugin packed with comprehensive Firewall, malware scanner, cleaner & more.

200K No CVEs
Developer Profile

Defender Security – Malware Scanner, Login Security & Firewall Developer Profile

WPMU DEV - Your All-in-One WordPress Platform

9 plugins · 2.4M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
396 days
View full developer profile
Detection Fingerprints

How We Detect Defender Security – Malware Scanner, Login Security & Firewall

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/defender-security/build/css/main.css/wp-content/plugins/defender-security/build/js/main.js/wp-content/plugins/defender-security/assets/css/main.css/wp-content/plugins/defender-security/assets/js/main.js/wp-content/plugins/defender-security/vendor/incsub/wp-removable-strings/assets/css/main.css
Script Paths
/wp-content/plugins/defender-security/build/js/main.js/wp-content/plugins/defender-security/assets/js/main.js
Version Parameters
defender-security/build/css/main.css?ver=defender-security/build/js/main.js?ver=defender-security/assets/css/main.css?ver=defender-security/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
defender-security-adminwp-defender-network-admin-barsui-box-titlesui-box-bodysui-tab-item
HTML Comments
<!-- WPMU DEV Defender: Settings --><!-- WPMU DEV Defender: Dashboard Widget --><!-- WPMU DEV Defender: Scan Results -->
Data Attributes
data-module=defender-securitydata-controller=defender-security
JS Globals
defender_varsDefender
REST Endpoints
/wp-json/defender/v1/
FAQ

Frequently Asked Questions about Defender Security – Malware Scanner, Login Security & Firewall