10. Security

13.1 Getting Started

To access the Security section of your site in Account Center, follow these steps:

  1. Click on the site you wish to manage.
  2. Click on “Security” in the site manager menu.

This will open the Security settings and options available in the Account Center.

If you haven’t set up Defender Pro on your site, you’ll see an “Activate” button. Click this button to start tracking and managing your security in the Hub. This action will install and activate Defender Pro on your website and initiate a security scan to identify areas to enhance your website’s security.

13.2 Security Dashboard Overview

The Security Dashboard Overview provides an overview of the current configuration of the Defender Pro plugin on your site. It offers available security settings, configurations, and quick links to corresponding features in your site’s wp-admin for managing your site’s security.

Modules on the Dashboard include:

  • Security (Scan)
  • Your Reports
  • Recommendations
  • Malware Detection
  • Blocklist Monitor
  • Recently Quarantined Files
  • Firewall
  • Audit Logging
  • Advanced Tools

13.2.1 Security Scanning

The main Security Scanning module provides a summary of the Total issues detected by Defender on your site, including unresolved Security Tweaks and possible issues detected by the Malware Scanning feature. It also displays the date of the Next scheduled security scan, if enabled, and offers an option to Run a scan now.

  • Click the “Run scan” button to initiate an immediate malware scan.
  • Click the Next scheduled security scan date to access the corresponding screen in your site’s wp-admin and set up regular scans.

Additional options are available by clicking the ellipsis icon (…) which includes a Deactivate option to deactivate Defender on your site.

Click the “Tutorial” link for a comprehensive setup guide and the “Documentation” link for Defender plugin usage docs.

Clicking the Security title will take you to the Malware Scanning page in your site’s wp-admin.

13.2.2 Your Reports

The Reports module provides an overview of the reporting options enabled in various Defender modules and displays schedules for each report type. Clicking a schedule will take you to the corresponding Reports screen in your site’s wp-admin to configure the schedule for that feature.

13.2.3 Recommendations

Defender’s Recommendations offer layered security steps to enhance protection against hackers and bots. This module summarizes both resolved and unresolved Recommendations from Defender’s Recommendations section in your site’s wp-admin. For a complete list of Defender’s Recommendations and a guide on how to resolve them, visit the Defender Documentation.

  • Click “View all” in the “To action” section to access unresolved Recommendations.
  • Click in the “Actioned” section to view resolved Recommendations.
  • Click on the “Email Notification” section to adjust Recommendations notification settings.

Clicking the Recommendations title takes you to the main Recommendations screen in your site’s wp-admin.

13.2.4 Malware Detection

Defender Malware Detection scans your website for file changes, vulnerabilities, and injected code, and notifies you of suspicious activities.

  • Click the “Malware detection” title to access the main Malware Scanning screen in your site’s wp-admin.
  • Click “View Issues” to access the Issues screen of Defender Malware Scanning.
  • Click the “Email Notification” section to adjust Malware Scanning notification settings.

For more details on Deleting, Ignoring, and configuring Malware Detection settings, refer to Defender’s Malware Scanning usage docs.

13.2.5 Blocklist Monitor

Blocklist Monitor automatically checks if your site is on Google’s blocklist every 6 hours. If an issue is detected, Defender will send an email notification to help you reduce downtime.

To activate Blocklist Monitor:

  • Click the “Activate” link in this module.
  • Alternatively, visit “Defender > Dashboard” in your site’s wp-admin.

Once activated, you can click the “Blocklist Monitor” title to go directly to the Defender Dashboard screen in your site’s wp-admin.

13.2.6 Recently Quarantined Files

The Quarantine module in Hub provides an overview of the last 5 quarantined files, including their names and quarantined dates.

Expand any item to reveal additional information, such as the file’s source path and quarantined path. To restore a quarantined file, click “Restore.”

If you have access to your site, choose “I can access my website” and click “Restore.” If your site is currently unavailable, restore the file manually from the quarantine directory to its corresponding source directory or wait until your site becomes available.

Note: Refer to the documentation on file transfer using FTP, SFTP & SSH for further assistance.

13.2.7 Firewall

Defender can automatically lock out users displaying suspicious behavior. The Firewall uses IP Lockouts and Blocklisting to prevent unauthorized access to your site.

Click any date range selector to view quick info for the last 24 hours, last 7 days, or last 30 days.

Click the “Firewall” title or “View Logs” in the “Last Lockout” section to access the Firewall Logs screen in your site’s wp-admin.

Toggle the Block/Allow Global IPs to enable or disable synchronization of your IP Banning lists in your Hub with the site.

Click the Email Notification section to adjust your Firewall notification settings if needed.

The “Type” section indicates whether the Defender Firewall is active on a Parlatta hosted site or on a 3rd-party hosted site. When you activate the Web Application Firewall (WAF) on a Parlatta hosted site, the “Type” changes to “Hosted WAF.”

13.2.8 Audit Logging

Defender’s Audit Logs track events and changes made to your website, offering visibility over site activity. The Audit Logging module lists the number of events added during a selected period and the last event’s timestamp.

Activate Audit Logging by clicking the “Activate” link or visiting “Defender > Audit Logging” in your site’s wp-admin.

Click the “Audit Logging” title to access the Audit Logging > Settings screen. Click “View Logs” in the “Last Event Logged” section to access the Event Logs screen.

Click a date range selector to view info for the last 24 hours, last 7 days, or last 30 days.

For more information about Audit Logging, visit Defender’s Audit Logging documentation.

13.2.9 Advanced Tools

Defender’s Advanced Tools provide control over security headers, masking the login area, and enabling Google reCAPTCHA on your site’s forms. This module offers an overview of active security headers and whether Mask Login & reCAPTCHA features are enabled.

Click the “Advanced Tools” title or the gear icon next to Security Headers to access the Advanced Tools > Security Headers screen.

Click the On/Off toggle next to Mask Login Area to access the corresponding screen.

To deactivate Google reCAPTCHA, click the ellipsis icon.

13.2.10 Two-Factor Authentication

This feature adds an extra layer of security by requiring users to authenticate using Google’s Two-Factor Authentication.

Activate the feature by clicking the “Activate” button or visiting “Defender > 2FA” in your site’s wp-admin.

The module displays the feature’s status and whether Lost phone authentication is active.

Click the module title or a section to access the corresponding settings.

To deactivate Two-Factor Authentication, click the ellipsis icon.