Home WP Plugins Standard Post

Standard Post

WordPress Security Plugin Recommendations: Defender Security_Malware Scanning_Firewall

Security is also a very important part after building your own website. This plugin called Defender WordPress Security, Malware Detection, and Firewall can perform security checks, malware scanning, and firewall functions for your website. It can also provide security recommendations. Recommended...

Updated on December 16, 2019 About 4 minutes read
WordPress安全插件推荐:Defender Security_恶意软件扫描_防火墙

Building Your Own WebsiteSecurity is also a very important part. This plugin named Defender WordPress Security, Malware Detection, and Firewall can perform security checks, malware scanning, and firewall functions for your website. It can also provide security recommendations. We recommend everyone to use it.

Introduction and Download of Defender Security

Defender WordPress Security, Malware Detection, and Firewall is another free plugin from the same company as the very useful WordPress speed optimization plugin: Hummingbird, which was previously shared by Naibabiji.A very useful WordPress speed optimization plugin: HummingbirdAnother free plugin from the same company.

Using Defender WordPress Security, you only need a few simple clicks to get the best WordPress security settings.

Defender WordPress Security supports:

  1. Malware scanning;
  2. Firewall;
  3. Two-factor authentication;
  4. Prevention of brute force login;
  5. Prevention of SQL injection;
  6. Prevention of cross-site scripting (XSS) attacks;
  7. Other WordPress vulnerabilities.

The plugin supports Chinese. Naiba tested it on theWebsite Building Noteswebsite and found the features acceptable. It is currently in use.

Download Link

Defender Security Usage Tutorial

1. When using the plugin for the first time, there will be a quick setup. Just click the 'Start Using' button.

Defender Security设置教程

2. After the scan is complete, there will be a scan result. Any issues will be highlighted for you.

Defender Security设置教程

3. The 'Security Tweaks' section will give you some security recommendations, similar to security assistants on computers. You can click to view each recommendation and decide whether to accept it based on your actual situation.

Defender Security设置教程

  • Disable Trackback and Pingback (Recommended to adopt the suggestion)
  • Database Prefix (Risk of database injection. The suggestion is to modify the database prefix, but it is not recommended for already installed websites to adopt this suggestion, as modifying the database prefix carries risks.)
  • File Editor (Disable file editing, recommended to adopt the suggestion)
  • Security Keys (Recommended to adopt the suggestion)
  • Information Disclosure (Prevent information leakage, requires server administrator handling, can accept the suggestion.)
  • Admin Login Duration (Default is 14 days, can be adjusted to a smaller value.)

4. File Scanning will scan and show you files and folders not included in the default WordPress directory, as shown in the image below:

Defender Security设置教程

You need to make a judgment yourself. For example, many of the files in the image above are search engine verification files with no security threats, so you can just ignore them.

5. IP Lockout

IP lockout is a simple firewall function, but it is very practical.

Defender Security设置教程

Log:In the IP Lock section, you can see a log. If your website has 404 pages accessed by others, they will be displayed here. This feature can help you troubleshoot 404 pages on your website, and you can also directly blacklist the IPs of bots scanning for non-existent files.

Login Protection: This is a powerful weapon against brute force attacks on your website admin account. By default, if there are 5 failed login attempts within 5 minutes, access is blocked for 5 minutes. You can choose a longer time or permanently block the IP. You can also fill in usernames to block. For example, if you don't use admin to log in, but someone tries to use admin, it must be a bot brute forcing, so directly lock it in the blacklist.

Of course, if you use anotherWordPress Brute Force Login Protection Plugins, you can deactivate and delete them, as one plugin with the same functionality is sufficient.

404自动拦截

404 Detection: By default, if 20 visits to 404 pages occur within 5 minutes, the IP will be blacklisted for 5 minutes. In practice, you can set this threshold higher, such as 10 visits within 3 minutes, which can effectively block most spam bots.

IP Blocking: This is the IP whitelist and blacklist. If you want to permanently block an IP address, simply add it here. It's worth noting that this feature includes the ability to block IPs by region, so you can replace theiQ Block Countrythis plugin.

6. Advanced Tools

There are two features in Advanced Tools: Two-Factor Authentication and Mask Login Area. Two-Factor Authentication uses Google Authenticator, which is not available in China, so consider carefully whether to enable it. Mask Login Area can replace theWPS Hide Login.

As for the remaining advanced features, the blacklist monitoring is not very useful, and the audit log can useWP Security Audit Log.

Rate this article post
Previous WordPress Website Security Log Plugin: WP Security Audit Log Continue reading content around the same timeline. Next Free download of the Chinese-original anime WordPress theme lolimeow. View the next related tutorial or experience.

AI Website Building Assistant

🤖
Hello! I am the Naibabiji AI Assistant. How can I help you?
Quick Consultation: