WebDefender Security – Protection & AntiSpam


A Professional Security Protection Plugin for WP

The WebDefender was developed by a team of security experts and it incorporates professional security tools for the best all around WordPress website protection and prevention of threats. Includes GDPR compline module.

  • Smart Protection / Website Hide Function (Prevent Hacker Attack / Security) / Anti-Spam Protection / Brute Force Bot Attack Prevention / Smart Firewall
  • Detection / Antivirus Scanner / Database Malware / Adware, Spyware, Spam Links
  • Diagnostic / Vulnerabilities Detection / Blacklist Monitoring
  • Built-in Malware Removal Tool / Security Cleaning Tool
  • Security Hardening / Hosting Hardening Check / Automatic Updating Function
  • GDPR Tools / GDPR Compliance Function

All of these solution make the WebDefender one of the best all around security protection tools for your WordPress resource.

The WebDefender offers the following tools and protection measures

Primary Protection Function

Website Hide function that hides your WP site from crawlers spiders and bots.

  • Hides website from bots, hides the core WP website components, plugins and themes.
  • Fully automatic encryption of your website components.
  • Coding website without use of the .htaccess file.
  • One click installation.

Security Protection Functions

  • Smart Firewall that detects and blocks bot traffic. This is a perfect and powerful prevention tool.
  • Anti-Bot Protection – Monitors web traffic, filters out, and blocks bad bot traffic to a website.
  • Anti-SPAM Protection – Automatic detection of all comments insert by bots and their filtration.
  • Brute Force Bot Attack Prevention – Bots detection system to prevent attempts to crack a password (login security).

Antivirus Security Scanner

  • A professional Antivirus Scanner that will scan your website from external threats. Designed to detect adware and malware, backdoors, exploits, phishing code, trojans and viruses, include built-in malware removal tool.
  • Database Malware Scanning – A unique ability of our algorithm is scanning the website’s database. This function crucial as more and more hackers use SQL injection to infect the websites with malware.
  • Adware, Spyware and SPAM links detection – Protect you website from attached code attacks.
  • Vulnerabilities Detection – Plugins and themes security vulnerabilities, SQL, XSS injections, vulnerable and insecure scripts.
  • Blacklist Monitoring – Check your website reputation.

Security Hardening

  • Updater – an automatic functional tool for updating your WordPress Core versions, plugins and themes.
  • Hardening – Detect the hosting configuration security parameter.

Malware Removal Tool

Built-in file viewer and editor is an easy to use security cleaning tool for the removal of infected codes or its part depending on the type of infection.

GDPR Compliance Features

  • GDPR Consent management
  • Cookies and data collection privacy management
  • User data management
  • Privacy information should we provide to user
  • Personal data breaches

Companies that collect data on citizens in European Union (EU) countries will need to comply with strict new rules around protecting customer data by May 25, 2018. The General Data Protection Regulation (GDPR) is expected to set a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to comply.

Compliance will cause some concerns and new expectations of security teams. For example, the GDPR takes a wide view of what constitutes personal identification information. Companies will need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and Social Security number.

This plugin is meant to assist a Controller, Data Processor, and Data Protection Officer (DPO) with efforts to meet the obligations and rights enacted under the GDPR.

NOTE: Installing this plugin does not guarantee a full compliment with the GDPR. Please contact a GDPR consultant or a law firm to assess the necessary measures.

Technical Description

Hide Function – Perfect Security and Protection solution

A passive security mechanism for hack protection against crawlers spiders and bots. A fullprof function – one click and your website will become hidden from bots.

The Hider algorithm encrypts all layers of a website, thus hiding it from hackers by making existing vulnerabilities and other security risks invisible when searched and does not require manual configuration. Our encoding algorithm does not use the .htaccess file therefore there is no disruption to the operation of your website. This function will make your WordPress website totally invisible! A crucial step in improving your website security.

Smart Protection

A web application firewall filters, monitors, and blocks bad bot traffic to a website. It is deployed in “front” of a website and analyzes traffic – detecting and blocking anything malicious.


WebDefender includes a unique automatic algorithm for diagnosing the text entered on your website (forum, forms, comments and etc,) where made by a human or a bot. Bots won’t be allowed to enter text on your website. This is a unique algorithm, providing a unique solution to our clients.
The crisis is a time when almost every site is faced with a flurry of unwanted emails from reverse forms, posts and comments. Robots literally attack corporate e-mails, because of which sometimes valuable applications can be missed. But putting a captcha on the site you risk losing customer loyalty, as poorly readable images annoy 90% of users. Therefore, we offer a solution developed by WEbdefender specialists to protect the site from spam robots .

Brute Force Attack Protection

Hackers frequently use automatic bot systems to Brute force a website. Our algorithm detects those bots and prevents attempts of a password crack.

The “WebDefender” Antivirus Scanner

The builtin professional and multi-functional antivirus scanner offers top of the line security features and advanced functions for viruses and vulnerabilities detection. The scanner incorporates a user friendly malware removal tool. The diagnostic is performed by using a known database of virus signatures as well as Cobweb-Security’s Heuristic algorithm that can detected previously unknown virus signatures and zero-day vulnerabilities thus providing enterprise-level security capabilities.

WebDefender Antivirus Features

  • Virus and malware antivirus scanner
  • Database security scanning (exclusive function)
  • ZIP file scanning (exclusive function)
  • Adware, Spyware and SPAM links detection
  • Powerful and easy to use malware removal tool
  • Security hardening analytics and recommendations
  • Real-time malware signature updates (Professional or Premium)
  • Scanner scheduler’s settings (Professional or Premium)

Database Malware Scanning

An unique ability of our algorithm is scanning the website’s database. This function crucial as more and more hackers use SQL injection to infect the websites with malware.

Adware, Spyware and SPAM links detection

The WebDefender Scanner successfully detects:

  • SEO & SPAM links
  • Doorway pages (SEO)
  • iFrame injections
  • Black-hat SEO infections

Vulnerabilities Detection

One of the most important parts of your website security and protection is a well-timed analysis for plugin, CMS and database vulnerabilities. These security vulnerabilities are an easy way for a hacker to crawl into your website. That’s why a well-timed diagnosis and update are vital for hardening the protection of the website.

Our security scanner is able to find:

  • Plugins and themes vulnerabilities
  • SQL, XSS malicious injections

Blacklist Monitoring

The WebDefenders’ Blacklist Monitoring scanner checks IP addresses and website domains in the 10 most popular security blacklists and safe browsing databases.

Real-time Blacklists or Blackhole lists – also called DNS-based Blackhole Lists – are lists of IP addresses published through DNS. Often there are listed computers or networks that may spam or consist malware in such lists. Many secure corporate mail servers are configured to reject or flag messages which have been sent from IP addresses listed in one of these security blacklists.

Leading email systems like Gmail, Yahoo and Hotmail also use security blacklists to filter emails by addresses. If your network’s IP addresses end up in a blacklist, you and your customers can experience problems sending and receiving emails. It can significantly damage your business.

WebDefender Blacklist Monitoring scanner will automatically alert you if your website addresses or domains become listed in any of the widely used URL blacklists.

The Updater – WP Core, plugin and theme automatic update

The importance of using the latest updated version of the WP core, plugins and themes is understandable to everyone and not only for the increase in functionality but in no small degree for the security of the website.

To make it easier to keep track of update releases for WordPress Core, plugins and themes and installing them automatically, CobWeb-Security has introduced the Security Updater to the functionality of the WebDefender plugin.

The Updater will enable you to keep track of:

  • WordPress Core Updates
  • WordPress Plugin Updates
  • WordPress Theme Updates

The Updater has three separate blocks for managing themes, plugins, and WordPress core settings.

You can choose to update only individual plugins or themes or you can choose to update all of the installed themes and plugins. The Updater will also mark …


  • WebDefender Security Dashboard Control Panel
  • WebDefender Security Scanner Page
  • Blacklist Monitoring (Web Trust Check)
  • Security Hardening Analytics & Recommendations
  • Antivirus Scanner & Scheduler Settings Page
  • GDPR Dashboard Control Panel


To install the plugin and get it working:

  1. Login into your WordPress administration panel
  2. Navigate to Plugins option in WordPress navigation menu, and select Add New
  3. Please type WebDefender in the Search Plugins box (or upload plugin to the /wp-content/plugins/ directory)
  4. Select Install Now and than choose to Activate the plugin (or activate the plugin through the Plugins menu in WordPress)
  5. Navigate to WebDefender Security option in the navigation menu, and click Start Scan button
  6. During the registration, plugin securely sends the data to company’s server: name, email and website’s domain.


Is the WebDefender Security free to use?

Yes, WebDefender is completely free to use. If you need to enable additional features, Professional or Premium plans are available.

Is the WebDefender plugin secure?

No sensitive data is sent to our servers. However, during the initial registration, the plugin securely sends encrypted data to the company’s server: your name, email address and website’s domain.

Will the WebDefender Security protect my site from being hacked?

Yes. The WebDefender is the complete package. It incorporates all the main security elements needed to protect your website: a passive WAF, an antivirus scanner and an automatic Updater of the sites’ elements.

Will the plugin impact the performance of my website?

No, it will not. We’ve performed extensive tests and the plugin had no visible effect on the performance of websites.

Does the scanner stores logs in my websites’ database?

No, it does not. Unlike most scanners we store our logs as text files which has no effect on the speed of a website.

Are there any issues installing this plugin on any hosts?

Not that we are aware of. After thousands of installations we have yet to experience issues with installing the plugin. However, we are constantly modifying our plugin introducing new and improving on existing features, so if you experiencing trouble installing please contact us at cwis@cobweb-security.com


जुलाई 16, 2021
Annoying advertising and SCAM. Not trustworthy.
मे 3, 2020 2 जवाफहरू
couple of years ago i tried their plugin and made a huge mistake i gave them and payed with credit card more then 4 years every year twice or more they try to charge me althouge i tried to contact them in every way there is and didnt get answers or any responce scammers!!!! becarfull!!!!
अप्रिल 4, 2020 1 जवाफ
This plugin does not nothing unless you buy it, near $100 bucks a year. Another liar claiming free. It's only a 30 day trial and you must sign up now to even scan anything much less detection and removal. Too bad there is no zero rating.
फेब्रुअरी 7, 2020
Thank you for providing this plugin. With Smart Protection > Anti-Bot, Anti-Spam, and Brute Force Protection enabled spam has dropped by about 95% across dozens of sites. Better results than any other plugin I've tried (and I've tried many). I'm amazed this plugin doesn't have a million active installations. Best kept secret on WordPress. *Note, be careful with the hide function - it's a nice feature but can cause problems on some sites and is not necessary if all you want is the anti-spam functions.
मार्च 5, 2020
Amazing Plugin, it's really worth having. I always use it against malwares 🙂
सबै 18 समीक्षाहरू पढ्नुहोस्

योगदानकर्ता र डेभलपरहरू

“WebDefender Security – Protection & AntiSpam” खुला स्रोत सफ्टवेयर हो। निम्न व्यक्तिहरूले यो प्लगिनमा योगदान गरेका छन्।



  • PHP 8.2.16 compatibility bug fixed

  • Bugfix: fixed bug of registration of Trial version

  • Updated Angular lib
  • Bugfix: interface
  • Change Plugin working method – work only after customer registration
  • Bugfix: fixed bugs of registration of Trial version

  • Set autostart enabled by default

  • Aded Multiple files actions on Scan Results screen
  • Files in quarantine are excluded from scanning Results
  • Updated Signatures file
  • Updated jQuery to latest version
  • Updated Angular lib
  • Bugfix: after deleting a file to quarantine, the information in the results is not updated
  • Bugfix: in file quarantine: to restore the file, you need to click the restore button several times
  • Bugfix: crash and stop when scanning
  • Bugfix: with the number of files in the menu on the left of the scan results page
  • Bugfix: bug in file quarantine: file editor did not open
  • Bugfix: some files could not be restored from quarantine

  • PHP 8 compatibility bug fixed


  • Update versions PHP8


  • Added a set of new anti-virus signatures


  • Added a set of new anti-virus signatures

  • Malware signature and vulnerabilities list updates


  • New security vulnerabilities in WordPress plugins

  • Improved encoding of executable files pathnames
  • New malware signatures (obfuscated loader and backdoor)


  • Added new signatures of backdoor PHP webshells
  • The list of known vulnerabilities has been updated

  • Fixed an issue with License Key client-side manager

  • Issues with delayed loading of the Defender Settings


  • Added a new option IP Filter (Whitelist & Blacklist)

  • Option to export or save the user data in PDF format
  • GDPR cookies and data collection privacy management


  • General Data Protection Regulation (GDPR) features


  • JSON API capabilities are no longer removed
  • A modified Base64-variant only with URL-safe chars
  • Fixed issues with invalid JSON server responses

  • Fixed an issue with the temporary files directory
  • Optimized list of known plugins vulnerabilities


  • Added REST Nonce (beta feature, used in SaaS Dashboard)


  • The email address setting is now auto-synchronized


  • WebDefender Security status dashboard widget added

  • Added new signatures of backdoor trojan files
  • Updated list of known WP-plugins vulnerabilities
  • Minor improvements in Guarder URL Convertor


  • Added a separate option “Anti-Bot Protection”
  • Improved scan results editor, minor bug fixes


  • Dedicated page “Smart Protection” with settings and statistics
  • A new scanner setting “Check PHP-files for potential security vulnerabilities using static code analysis”
  • New malware signatures (webshells and viruses)


  • Added a new tool called Log File Viewer
  • URL encoder regex performance optimizations

  • Support for external URLs in Guarder URL Convertor


  • Prevented infinite recursion in the vulnerability scanner

  • Website anti-bot protection improvements


  • Enhanced Brute Force Login protection


  • New results category “Potentially vulnerable” contains the potentially vulnerable PHP code
  • Malware signatures and scan speed optimizations


  • Fixed an issue with child themes protection
  • Antivirus Scanner performance improvements
  • Fixed compatibility issues with some cache plugins

  • Improved support for relative CSS/JS paths
  • Updated list of known WP & plugins vulnerabilities


  • Caching WP plugins and themes autoupdate settings
  • Translate provider fix (default language set to ‘en’)
  • Popular social networks added to URL ignore list

  • Fixed compatibility issues with plugin JCH Optimize Pro
  • Anti-bot cross-browser compatibility and caching issues


  • Added anti-bot protection, based on user behavior analysis


  • Fixed recursive pathnames encoding (issue with the WP Rocket)
  • Updated list of known WordPress plugins vulnerabilities


Release Date – 31st January, 2018

  • Integrations with the CobWeb Security Defender and rebranding

  • Improved detection of some backdoor signatures

  • New malware signatures (installers, trojans and viruses)


  • The Professional Features panel is added to the dashboard

  • New malware signatures and known vulnerabilities

  • CPU benchmarking dynamic correction improved


  • Cached AJAX responses: improvements and bug fixes
  • New setting “File extensions to exclude from scanning”

  • New signatures detects Monero (XMR) CPU miner
  • Updated list of known WordPress plugins vulnerabilities

  • New malware signatures (total 4248 so far)

  • Fixed a weird bug with dropdown translations mechanism


  • New logo for CobWeb Security, improvements in sitecheck’s module
  • Setting “Custom Path” now can be switched between two modes


Release Date – 16th August, 2017

  • CWIS Antivirus Plugin Celebrates Its One Year Anniversary!
  • Improved database scan with large MySQL tables and with PHP memory limited size
  • Minor improvements to the email reports

  • Support for automatic background updates of all types (including configuration via wp-config.php file)


  • Improved scan algorithm with memory limited size
  • Reduced server load during intensive scanning


  • A new security hardening feature “CWIS Updater” (navigate to Settings option in WordPress navigation menu)


  • Scan results filtering feature with regex support
  • Fixed issue with binary files content filtering


  • Into file viewer added support for database browsing
  • File viewer automatically highlights the marker line on content load
  • Added menu item into the WordPress Admin bar


  • Major improvements to the email reports

  • Minor improvements and bug fixes
  • The list of known vulnerabilities is up-to-date


  • Maintenance release, new malware signatures

  • Vulnerabilities and URL ignore list updates

  • Added the “Quarantine Manager” tool with description
  • Enabled option to restore quarantined files


  • New dashboard element: “Scanner Feature Status”
  • Scan-level limits were removed from the Free version


  • New PHP webshells signatures (total 3937 so far)
  • Vulnerabilities and URL ignore list optimizations


  • Security and maintenance release

  • Client side user interface improvements

  • Database scanner now uses the list of detected CMS
  • Try new dashboard’s “Extra Options” to find out more…


  • New features of the Task Scheduler Manager
  • Improved white list management via AngularJS


  • Now using a local whitelist (useful for manual checking)
  • Fixed portability issues with ctype_xdigit and iconv


  • Updated list of known vulnerabilities
  • Removed deprecated result keys and methods

  • Compatability issues fix (path query in socket requests)
  • New defacement signatures (total 3915 so far)

  • Cronjob Scheduler and Site Check code optimizations
  • The scan path displayed during the scanning process


  • Maintenance release (total 3871 signatures)
  • Improvements in WordPress & CMS plugins detectors

  • New WordPress plugin vulnerabilities
  • SSL check results added to the dashboard


  • New malware and viruses signatures (total 3811 so far)
  • Speed optimizations of built-in cron job scheduler

  • Added MxToolBox’s blacklist lookup results
  • SSL Certificate check, HTTP status and load time

  • Fixed scanner stability issues on some busy/shared servers
  • Max file size been increased, prescan depth was limited

  • New server malware, phishing and viruses signatures
  • Scan settings sync fix, CSS styling and JS improvements

  • Optimized virus signatures of type “JS/redirector”
  • To prevent blocking, i18n JSON-files renamed to JS-files

  • Hack detection improvements (malicious code in .htaccess)

  • Updated list of known CMS/plugin/theme vulnerabilities


  • Security and maintenance release
  • Fixed issues with paused scan, database scan and site check


  • Quick rescan now being done significantly faster
  • Fixed incompatibility issues with the POSTed parameters


  • Rescan progress percent now calculated correctly

  • Improved rescan process (has been split into two phases)

  • Improvements in heuristic analysis algorithm (hacker nick names)
  • Whitelist and URL ignore list updates (tested on 1000+ plugins)

  • Malware signatures optimized, total 3709 signatures known
  • Fixed bug in recently updated UI-Bootstrap accordion

= 3.0.2 …