WPMU DEV is dedicated to supporting advanced users in every possible way. Our Defender API Documentation is an ongoing project. Information about new commands will be added here as it becomes available.

5.1 Filters & Actions

Copy chapter anchor to clipboard
Audit
Configure reporting preferences
/src/view/email/audit-report.php
Convert key to human name
/src/component/audit/options-audit.php
Firewall
After login lockout
/src/component/login-lockout.php
“Not found” lockout
/src/component/notfound-lockout.php
Blocklist IP
/src/component/notfound-lockout.php
/src/component/notfound-lockout.php
IP lockout assets
/src/controller/firewall.php
Before lockouts
/src/controller/firewall.php
IP lockout logs store backward
/src/component/firewall.php
Get default allowlist IPs
/src/component/blacklist-lockout.php
Recommendations
Get supported servers
/src/component/security-tweaks/servers/server-factory.php
Get login duration
/src/component/security-tweaks/login-duration.php
Get supported PHP versions
/src/component/security-tweaks/php-version.php
Verify SSL argument
/src/component/security-tweaks/servers/server.php
2FA
Check 2FA user
/src/component/two-fa.php
Mask Login
Filter strict slugs
/src/component/mask-login.php
Filter non-strict slugs
/src/component/mask-login.php
Redirect login page
/src/controller/mask-login.php
Security Headers
Get TTL
/src/component/security-header.php
Notifications
After recipient added
/src/model/notification/notification.php
Configure report preferences
/src/view/email/firewall-report.php
/src/view/email/lockout-404.php
/src/view/email/login-lockout.php
Notify users
/src/component/login-lockout.php
/src/component/notfound-lockout.php
/src/component/scan.php
Change confirmation email
/src/component/notification.php
Change subscription email
/src/component/notification.php
Unsubscribe email
/src/component/notification.php
Additional hooks
Run after Defender activation
/wp-defender.php
Enqueue assets
/src/bootstrap.php
Get time interval
/src/traits/formats.php
Filter user IP
/src/traits/ip.php
Advanced tools data
/src/controller/advanced-tools.php
Filter settings data
/src/controller.php
/src/controller2.php

5.1.1 Filter: defender_get_supported_servers

Link to chapter 1

Description

Filter. Get supported servers.

Usage

add_filter( ‘defender_get_supported_servers’, ‘custom_defender_filter’ );

Parameters

$servers – array – the list of supported servers

Return

the $servers as an array

Example

5.1.2 Filter: defender_security_tweaks_login-duration_get_duration

Link to chapter 1

Description

Filter. Get login duration in days or seconds.

Usage

add_filter( ‘defender_security_tweaks_login-duration_get_duration’, ‘custom_defender_filter’ );

Parameters

$duration – int – duration value

Return

the $duration as int

Example

5.1.3 Filter: defender_php-version_supported_php

Link to chapter 1

Description

Filter. Get supported PHP versions.

Usage

add_filter( ‘defender_php-version_supported_php’, ‘custom_defender_filter’ );

Parameters

$supported_php – array – the list of supported PHP versions

Return

the $supported_php as an array

Example

5.1.4 Filter: defender_ssl_verify

Link to chapter 1

Description

Filter. Verify SSL argument in an HTTP request.

Usage

add_filter( ‘defender_ssl_verify’, ‘custom_defender_filter’ );

Parameters

$ssl_verify – bool

Return

the $ssl_verify as bool

Example

5.1.6 Filter: wd_audit_settings_keys

Link to chapter 1

Description

Filter. Convert the key to the human name.

Usage

add_filter( ‘wd_audit_settings_keys’, ‘custom_defender_filter’ );

Parameters

$settings_keys – array – the list of keys.

Return

the $settings_keys as an array

Example

5.1.7 Action: wd_login_lockout

Link to chapter 1

Description

Action after login lockout.

Usage

add_action( ‘wd_login_lockout’, ‘custom_defender_action’ );

Parameters

$model – object – Record the attempt
$scenario – string – One of them: ‘login_fail’, ‘login_lockout’ or ‘login_ban’

Return

No return.

Example

5.1.8 Action: wd_404_lockout

Link to chapter 1

Description

Action after ‘Not found’ lockout.

Usage

add_action( ‘wd_404_lockout’, ‘custom_defender_action’ );

Parameters

$model – object – Record the attempt
$scenario – string – One of them: ‘normal’, ‘blacklist’

Return

No return.

Example

5.1.9 Action: wd_blacklist_this_ip

Link to chapter 1

Description

Action. Add an IP to the blocklist.

Usage

add_action( ‘wd_blacklist_this_ip’, ‘custom_defender_action’ );

Parameters

$ip – string – a new IP for blacklist

Return

No return.

Example

5.1.10 Action: defender_ip_lockout_action_assets

Link to chapter 1

Description

Action. Add additional script or style assets for IP Lockouts.

Usage

add_action( ‘defender_ip_lockout_action_assets’, ‘custom_defender_action’ );

Parameters

No parameters.

Return

No return.

Example

5.1.11 Action: wd_before_lockout

Link to chapter 1

Description

Action before any lockouts.

Usage

add_action( ‘wd_before_lockout’, ‘custom_defender_action’ );

Parameters

No parameters.

Return

No return.

Example

5.1.12 Filter: ip_lockout_logs_store_backward

Link to chapter 1

Description

Filter. Count days for IP logs to be saved to DB

Usage

add_filter( ‘ip_lockout_logs_store_backward’, ‘custom_defender_filter’ );

Parameters

$storage_days – string|int – storage days

Return

the $storage_days as string|int.

Example

5.1.13 Filter: ip_lockout_default_whitelist_ip

Link to chapter 1

Description

Filter. Get the list of default allowlisted IP addresses.

Usage

add_filter( ‘ip_lockout_default_whitelist_ip’, ‘custom_defender_filter’ );

Parameters

$ips – array – the default IPs that need to whitelisteda

Return

the $ips as an array

Example

5.1.14 Filter: wp_defender_2fa_user_enabled

Link to chapter 1

Description

Filter. Check if the 2FA option is enabled for a specific user.

Usage

add_filter( ‘wp_defender_2fa_user_enabled’, ‘custom_defender_filter’, 10, 2 );

Parameters

$is_enabled – int. One of them: 1 or 0 $user_id – int.

Return

the $is_enabled as int

Example

5.1.15 Filter: wd_login_strict_slugs

Link to chapter 1

Description

Filter. Filter strict slugs.

Usage

add_filter( ‘wd_login_strict_slugs’, ‘custom_defender_filter’ );

Parameters

$slugs – array – the list of the slugs

Return

the $slugs as an array

Example

5.1.16 Filter: wd_login_slugs

Link to chapter 1

Description

Filter. Filter non-strict slugs.

Usage

add_filter( ‘wd_login_slugs’, ‘custom_defender_filter’ );

Parameters

$slugs – array – the list of the slugs

Return

the $slugs as an array

Example

5.1.17 Filter: defender_redirect_login

Link to chapter 1

Description

Filter. Rredirect to the page

Usage

add_filter( ‘defender_redirect_login’, ‘custom_defender_filter’, 10, 3 );

Parameters

$url – string $raw_url – string $user – object – User object

Return

the $url string.

Example

5.1.18 Filter: wd_head_request_ttl

Link to chapter 1

Description

Filter. Get TTL.

Usage

add_filter( ‘wd_head_request_ttl’, ‘custom_defender_filter’ );

Parameters

$ttl – null|int|false

Return

the $ttl string

Example

5.1.19 Action: defender_recipient_added

Link to chapter 1

Description

Action. After adding recipients

Usage

add_action(‘defender_recipient_added’, ‘custom_defender_action’, 10, 2 );

Parameters

$email – string
$name – string

Return

No return.

Example

5.1.21 Action: defender_notify

Link to chapter 1

Description

Action. Notify users about results from Scan and Firewall modules.

Usage

add_action( ‘defender_notify’, ‘custom_defender_action’ );

Parameters

$slug – string – One of them: ‘firewall-notification’, ‘malware-notification’

$model – module object

Return

No return.

Example

5.1.22 Filter: wd_confirm_noreply_email

Link to chapter 1

Description

Filter. Change email for confirmation.

Usage

add_filter( ‘wd_confirm_noreply_email’, ‘custom_defender_filter’ );

Parameters

$no_reply_email – string

Return

the $no_reply_email as string.

Example

5.1.23 Filter: wd_subscribe_noreply_email

Link to chapter 1

Description

Filter. Change email for subscription.

Usage

add_filter( ‘wd_subscribe_noreply_email’, ‘custom_defender_filter’ );

Parameters

$no_reply_email – string

Return

the $no_reply_email as string.

Example

5.1.24 Filter: wd_unsubscribe_noreply_email

Link to chapter 1

Description

Filter. Change email to unsubscribe.

Usage

add_filter( ‘wd_unsubscribe_noreply_email’, ‘custom_defender_filter’ );

Parameters

$no_reply_email – string

Return

the $no_reply_email as string.

Example

5.1.25 Action: wp_defender

Link to chapter 1

Description

Action. Run after the activation of the Defender plugin.

Usage

add_action( ‘wp_defender’, ‘custom_defender_action’ );

Parameters

No parameters.

Return

No return.

Example

5.1.26 Action: defender_enqueue_assets

Link to chapter 1

Description

Action. Enqueue assets and display data.

Usage

add_action( ‘defender_enqueue_assets’, ‘custom_defender_action’ );

Parameters

No parameters.

Return

No return.

Example

5.1.27 Filter: defender_get_times_interval

Link to chapter 1

Description

Filter. Get time interval.

Usage

add_filter( ‘defender_get_times_interval’, ‘custom_defender_filter’ );

Parameters

$interval – array

Return

the $interval array.

Example

5.1.28 Filter: defender_user_ip

Link to chapter 1

Description

Filter. Filter user IP.

Usage

add_filter( ‘defender_user_ip’, ‘custom_defender_filter’ );

Parameters

$ip – string

Return

the $ip string

Example

5.1.29 Filter: wp_defender_advanced_tools_data

Link to chapter 1

Description

Filter. Get and update frontend data for Masc Login and Security Headers pages.

Usage

add_filter( ‘wp_defender_advanced_tools_data’, ‘custom_defender_filter’ );

Parameters

$data – array

Return

the $data array

Example

5.1.30 Filter: defender_filtering_data_settings

Link to chapter 1

Description

Filter. Filter settings data.

Usage

add_filter( ‘defender_filtering_data_settings’, ‘custom_defender_filter’ );

Parameters

$data – array

Return

the $data array

Example

Malware Scanning

Command
wp defender scan [command] [–type=]

Parameters

command
String
Filescan task to perform. Accepts: run, ignore, unignore, delete, resolve.
type
String
Type of content to perform the task on. Accepts: all, core, plugins, content. Default: all.

Examples

Run full Defender filescan.
wp defender scan run

Run full Defender filescan and ignore all issues.
wp defender scan ignore

Run full Defender filescan and unignore all issues.
wp defender scan unignore

Run full Defender filescan and delete all unknown or modified files/directories in WordPress core, plugins and themes, and all files with suspicious functions found.
wp defender scan delete

Run full Defender filescan and resolve all possible issues.
wp defender scan resolve

Run full Defender filescan and ignore all unknown/modified file issues found in WordPress core.
wp defender scan ignore --type=core_integrity

Run full Defender filescan and unignore all unknown/modified file issues found in WordPress core.
wp defender scan unignore --type=core_integrity

Run full Defender filescan and delete all unknown files/directories in WordPress core.
wp defender scan delete --type=core_integrity

Run full Defender filescan and resolve all unknown/modified file issues found in WordPress core.
wp defender scan resolve --type=core_integrity

Run full Defender filescan and ignore all unknown/modified file issues found in plugins from wordpress.org.
wp defender scan ignore --type=plugins_integrity

Run full Defender filescan and unignore all unknown/modified file issues found in plugins from wordpress.org.
wp defender scan unignore --type=plugins_integrity

Run full Defender filescan and delete all unknown files/directories found in plugins from wordpress.org.
wp defender scan delete --type=plugins_integrity

Run full Defender filescan and resolve all unknown/modified file issues found in plugins from wordpress.org.
wp defender scan resolve --type=plugins_integrity

Run full Defender filescan and ignore all unknown/modified file issues found in themes from wordpress.org.
wp defender scan ignore --type=themes_integrity

Run full Defender filescan and unignore all unknown/modified file issues found in themes from wordpress.org.
wp defender scan unignore --type=themes_integrity

Run full Defender filescan and delete all unknown files/directories found in themes from wordpress.org.
wp defender scan delete --type=themes_integrity

Run full Defender filescan and resolve all unknown/modified file issues found in themes from wordpress.org.
wp defender scan resolve --type=themes_integrity

Run full Defender filescan and ignore all published vulnerability issues found in plugins and themes.
wp defender scan ignore --type=plugins

Run full Defender filescan and unignore all published vulnerability issues found in plugins and themes.
wp defender scan unignore --type=plugins

Run full Defender filescan and delete all files with published vulnerability issues found in plugins and themes.
wp defender scan delete --type=plugins

Run full Defender filescan and resolve all possible published vulnerability issues found in plugins and themes.
wp defender scan resolve --type=plugins

Run full Defender filescan and ignore all suspicious code issues found in plugins and themes.
wp defender scan ignore --type=content

Run full Defender filescan and unignore all suspicious code issues found in plugins and themes.
wp defender scan unignore --type=content

Run full Defender filescan and delete all files with suspicious code issues found in plugins and themes.
wp defender scan delete --type=content

Run full Defender filescan and resolve all possible suspicious code issues found in plugins and themes.
wp defender scan resolve --type=content

Mask Login

Command
wp defender mask_login [command]

Parameters

command
String
Mask Login task to perform. Accepts: clear.

Examples

Clear the Mask Login URI & reset to default.
wp defender mask_login clear

Security Headers

Command
wp defender security_headers [command]

Parameters

command
String
Security headers task to perform for all security header options. Accepts: check, activate, deactivate.

Examples

Check for all security headers.
wp defender security_headers check

Activate all security headers.
wp defender security_headers activate

Deactivate all security headers.
wp defender security_headers deactivate

Firewall

Command
wp defender firewall [command] [arg_1] [arg_2]

Parameters

command
String
Firewall task to perform. Accepts: clear.
arg_1
String
Type of content to perform the task on. Accepts: ip, files.
arg_2
String
Specific content to perform the task on. Accepts: allowlist, blocklist, country_allowlist, country_blocklist.

Examples

Clear all IP addresses from the IP allowlist.
wp defender firewall clear ip allowlist

Clear all IP addresses from the IP blocklist.
wp defender firewall clear ip blocklist

Clear all IP addresses from the Locations allowlist.
wp defender firewall clear ip country_allowlist

Clear all IP addresses from the Locations blocklist.
wp defender firewall clear ip country_blocklist

Clear all files from the 404 allowlist.
wp defender firewall clear files allowlist

Clear all files from the 404 blocklist.
wp defender firewall clear files blocklist

Settings

Command
wp defender settings [command]

Parameters

command
String
Settings task to perform. Accepts: reset.

Examples

Reset all plugin settings and data.
wp defender settings reset