This usage document explains how to use Hub 2.0 security features to secure WordPress sites with scans, Security Tweaks, IP lockouts, Two-Factor Authentication, Login Masking, Firewall, and other security features included in Defender Pro.

If you haven’t set up your WPMU DEV account yet, visit the Hub page, where you can explore available features, see pricing packages, and start a free trial.

Already a member? Visit your Hub dashboard to get started.

6.1 Getting Started

Copy chapter anchor to clipboard

To access the Security section of your site in the Hub 2.0, click the site you would like to manage and then click the Security tab in the site manager menu.

This will open the Security settings and options available in Hub 2.0.

security-overview

If you haven’t set up Defender Pro on your site, click the Activate button to start tracking and managing your security in the Hub. This will install and activate Defender Pro on your website and begin a security scan looking for areas to strengthen website security.

6.2 Security Dashboard Overview

Copy chapter anchor to clipboard

The Security Dashboard Overview provides you with an overview of the current configuration of the Defender Pro plugin on your site. You’ll find available security settings, configurations, and quick links to corresponding features in your site’s wp-admin for managing your site’s security.

Modules on the Dashboard include:

  • Security (Scan)
  • Your Reports
  • Recommendations
  • Malware Detection
  • Blocklist Monitor
  • Firewall
  • Audit Logging
  • Advanced Tools

6.2.1 Security (Scan)

Link to chapter 2

The main Security module gives you a quick overview of the number of Total issues detected by Defender on your site, including unresolved Security Tweaks and possible issues detected by the Malware Scanning feature. You’ll also see when your Next scheduled security scan is set for if that’s enabled, and includes an option to Run a scan now.

Click the Run scan button to start a malware scan right away, or click in the Next scheduled security scan box to be redirected to the corresponding screen in your site’s wp-admin to set it up to run regularly.

Click the Tutorial link to be directed to a comprehensive setup guide on our blog. Click the Documentation link there to go to the usage docs for the Defender plugin. Click the Config link to Save or Apply a Defender config to your site.

Click the ellipsis icon ( … ) for additional options where you’ll also find a Deactivate option which will deactivate Defender on your site.

Click the Security title of this module to go straight to the Malware Scanning page in your site’s wp-admin.

Hub security module overview

6.2.2 Your Reports

Link to chapter 2

The Reports module gives you a quick overview of which reporting options you have enabled in the various modules in Defender, and shows you your schedules for each type of report.

Click the schedule of any one to go straight to the corresponding Reports screen in your site’s wp-admin to enable or configure the schedule for that feature.

security-module-reports

6.2.3 Recommendations

Link to chapter 2

Defender’s Recommendations are a combination of layered security steps to make it harder for hackers and bots to gain access to your sites. For a complete list of Defender’s Recommendations and a guide on how to resolve them, visit the Defender documentation.

This module summarizes all the resolved and unresolved Defender items listed in the Recommendations section in your site’s wp-admin.

Click View all in the To action section to go straight to the unresolved Recommendations screen of Defender in your site admin.

Click in the Actioned section there to go to the resolved Recommendations screen in your site admin.

Click on the Email Notification section to go to the corresponding screen in your site admin to adjust your Recommendations notification settings if needed.

Click the Recommendations title of that module to go straight to the main Recommendations screen in your site’s wp-admin.

security recommendations

6.2.4 Malware Detection

Link to chapter 2

Defender Malware Detection scans your website for file changes, vulnerabilities and injected code and notifies you of anything suspicious.

Click the Malware detection title of that module to go straight to the main Malware Scanning screen in your site’s wp-admin.

Click View Issues in the module to go straight to the Issues screen of Defender Malware Scanning in your site admin.

Click in the Email Notification section to go to the corresponding screen in your site admin to adjust your Malware Scanning notification settings if needed.

For information on Deleting, Ignoring, and configuring Malware Detection settings, visit Defender’s Malware Scanning usage docs.

security-module-malware

6.2.5 Blocklist Monitor

Link to chapter 2

Blocklist Monitor automatically checks if you’re on Google’s blocklist every 6 hours. If something’s wrong, Defender sends an email notification so you can limit downtime.

Activate the Blocklist Monitor either by clicking the Activate link in this module, or visit Defender > Dashboard in your site’s wp-admin.

security-module-blocklist-activate

Once activated, you can click the Blocklist Monitor title of that module to go straight to the Defender Dashboard screen in your site’s wp-admin.

For more information about Google’s blocklist, see this blog article.

security-module-blocklist

6.2.6 Firewall

Link to chapter 2

Defender can automatically lockout any users who display suspicious behavior. The Defender Firewall uses IP Lockouts and Blocklisting to stop users accessing your site.

Click any of the date range selectors at the top of the module to view quick info for the last 24 hours, last 7 days or last 30 days.

Click the Firewall title of that module, or click View Logs in the Last Lockout section, to go straight to the Firewall Logs screen in your site’s wp-admin.

Click in the Email Notification section to go to the corresponding screen in your site admin to adjust your Firewall notification settings if needed.

security-module-firewall

6.2.7 Audit Logging

Link to chapter 2

Defender has Audit Logs for tracking events and changes made to your website. This gives you full visibility over what’s going on behind the scenes. The Audit Logging module lists how many events were added during a selected period, and when the last event took place. This information can be valuable when fixing a hacked site or managing sites with multiple users making changes.

Activate Audit Logging either by clicking the Activate link in this module, or by visiting Defender > Audit Logging in your site’s wp-admin.

Once activated, click the Audit Logging title of that module to go straight to the Audit Logging > Settings screen in your site’s wp-admin.

Click View Logs in the Last Event Logged section to go straight to the Audit Logging > Event Logs screen in your site’s wp-admin.

Click any of the date range selectors at the top of the module to view quick info for the last 24 hours, last 7 days or last 30 days.

For more information about Audit Logging and settings visit the Defender Audit Logging documentation.

security-module-audit

6.2.8 Advanced Tools

Link to chapter 2

Defender’s Advanced Tools features give you full control over which security headers are enabled on your site, as well as the option to mask your login area, so it’s harder for hackers & bots to make a mess of things.

This module gives you a quick overview of the security headers that are active, and shows whether the Mask Login feature is enabled or not.

Click the Advanced Tools title of that module, or the gear icon next to Security Headers, to go straight to the Advanced Tools > Security Headers screen in your site’s wp-admin.

Click the On/Off toggle next to Mask Login Area in that module to go straight to the corresponding screen in your site’s wp-admin.

security-module-advanced

6.2.9 Two-Factor Authentication

Link to chapter 2

This feature provides an additional layer of site security by enabling you to require users to authenticate their login to your site using Google’s Two-Factor Authentication. Activate the feature either by clicking the Activate button in the module, or visit Defender > 2FA in your site’s wp-admin.

security-module-2fa-activate

Once activated, the module will provide you with a quick overview of the feature’s Status, and will indicate if the Lost phone authentication option is active or not.

Click the module title or either section to go straight to the corresponding settings screen in your site’s wp-admin.

security-module-2fa

6.3 Security Support

Copy chapter anchor to clipboard

Need help managing or setting up Defender Pro or Security in the Hub 2.0? WPMU DEV members have access to 24/7 live support.