Defender 2.0, Forced 2FA, New Tweaks And “We’ll Clean Up Your Site!”

Defender 2.0, Forced 2FA, New Tweaks And “We’ll Clean Up Your Site!”

Defender 2.0 is now available including forced Two-Factor Authentication by user role and a new XML-RPC disabler. Big news, I know…but the real stunner comes as a new, members-only, service upgrade. WPMU DEV security experts will now restore and clean up your site after it’s been hacked!

Defender has already been downloaded half a million times. Our members love the pro-grade protection and simple setup automation. Security shouldn’t bog down your site, so for 2.0, we focused on refining his security superpowers.

Before we jump into our new site clean-up service let’s take a look at our 2.0 upgrades.

Forced 2-Factor Authentication By User Role

2FA is Defender’s “tour de force” that requires users to enter their password and a temporary verification code sent to an app on their smartphone. It basically brings brute force attackers to their knees.

Defender now lets you force specific user roles to use his 2-factor authentication tool.

Such a righteous password wall may be overkill for your subscribers but necessary for your administrators or contributing staff. With Defender’s new forced 2-factor by user role upgrade you can require specific roles to protect their account with 2FA.

Now that’s real protection.

New Security Tweak: XML-RPC Disabler

Defender includes a dozen simple security tweaks for toggling on extra layers of protection for your site.

The newest addition is the ability to disable XML-RPC. Boom, nice.

KML-RPC Security Tweaks
Defender now now includes 12 one-click security tweaks.

This controls the system that allows you to post on your blog from your mobile app, connect to services like IFTTT or publish to your blog remotely.

Most sites will never use this feature. We recommend fully disabling XML-RPC if it is not being used to ensure it can not be used for a remote attack.

Help!!! My Site Has Already Been Compromised!

We’ll clean it up for you. What exactly does that mean? First, if you have a backup (if you don’t have a backup do it now…it’s 2018), we’ll minimize your downtime and have you back online quicker than you can shout “DEV Man, help me!”.

But we don’t stop there. Just because your site is clean again, it doesn’t mean it is fixed. Our experts will scan your site to find and fix the source of the vulnerability and permanently remove the malicious code.

Defender hack clean up
WPMU DEV will clean up your hacked site.

And of course, if Defender is not setup on your site… we’ll make sure our wall of cyber muscle is there in the future to guard against another attack.

Real human expert clean up, Defender security tweaks, forced 2FA, audit logs, IP lockout, login screen masking, regular security scans, Snapshot backups with 10GB of remote cloud storage.

It’s the complete WordPress security package.

Sounds expensive? You can get Defender free on or signup now for a free trial and we’ll give you our complete lineup of services (security, performance, SEO, 24/7 live chat support for all things WordPress, automation, reports, and The Hub site manager) – no contract, no obligation, pure magic.

How do you secure your WordPress sites? Tell us what features you depend on to keep your site protected in the comments.
Aileen Javier
Aileen Javier A past writer for WPMU DEV