Protection – WebDefender & GDPR Compliance Solutions


A Professional Security Protection & GDPR compliant Plugin for WP

The WebDefender was developed by a team of security experts and it incorporates professional tools for the best all around WordPress website protection and prevention of threats. Include GDPR compline module

The WebDefender offers the following tools and protection measures:

Preparing you website for the General Data Protection Regulation (GDPR)

This is extension for our security plugin help to website owner or company
Data Protection Officer (DPO) , Controller, Data Processor employees to fit the
web application with the obligations and rights enacted under the GDPR
that have already been indexed by search engines, at the expiration of six months, attempts to hack the site have decreased to 10%.

GDPR compliant function

- GDPR Consent management
- Cookies and data collection privacy management
- User data management
- Privacy information should we provide to user
- Personal data breaches

Primary protection function

Website Hide function

that hides your WP Site from crawlers spiders and bots.

  • Hides websites from bots , hides the core WP website components,
    Hide of plugins and themes
  • Fully automatic encryption of your website components
  • Coding website without
  • One click installation

Security function

  • = Smart Firewall = that detects and blocks bot traffic. This is a perfect and powerful prevention tool.
    • Adware, Spyware and SPAM Links Detection.
    • = Brute force bot attack prevention = – bots detection system to prevent attempts to crack a password (login security).
    • = Anti-spam protection = , automatic detection of all comments insert by bots and their filtration.

Security scanner

A professional Antivirus Scanner = that will scan your website from external threats. Designed to detect adware and malware, backdoors, exploits, phishing code, trojans and viruses, include built-in malware removal tool.
Unique scanning function – Database malware scanning .
Adware, Spyware and SPAM links detection
Vulnerabilities detection – plugins and themes vulnerabilities, SQL, XSS injections, vulnerable and insecure scripts.
Blacklist monitoring – check your website reputation.

Security Hardening

  • = Updater = – an automatic functional tool for updating your WordPress Core versions, plugins and themes.
    • Detect the hosting configuration security parameter
      All of these tools make the WebDefender one of the best all around protection
      tools for your WordPress resource.

Malware Removal Tool

Built-in file viewer and editor is an easy to use security cleaning tool for the   
        removal of infected codes or its part depending on the type of infection.<h3>New plugin extension</h3>

GDPR compliant Solutions:

Cookies and data collection privacy management
* For registered users by default the cookie value will be set to close.
* For registered users by default the Data collection will be set to close.
* For registered users the plugin will show a form with an Accept and Reject options.

User data management

* The provision to users on request of their personal information stored on the site.
* Allowing the user to change or delete personal information.
* The ability to export information in a XML or JSON formats.

GDPR Consent management

* A User Consent management review form.
* The ability to control version changes and users’ reconfirmation for Privacy Policy page.<h3>GDPR COMPLIANCE FEATURES:</h3>Companies that collect data on citizens in European Union (EU) countries will need to comply with strict new rules around protecting customer data by May 25, 2018. The General Data Protection Regulation (GDPR) is expected to set a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to comply.

Compliance will cause some concerns and new expectations of security teams. For example, the GDPR takes a wide view of what constitutes personal identification information. Companies will need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and Social Security number.
This plugin is meant to assist a Controller, Data Processor, and Data Protection Officer (DPO) with efforts to meet the obligations and rights enacted under the GDPR.


This plugin keeps track of user consent by saving them to the database. We can only do that for logged in users. For visitors, however, we track their concent by creating a cookie and storing their preferences there. The same logic applies for cookies. We set a cookie named gdpr that stores that information.

WordPress also stores cookies on log in or commenting on a post. You can learn more about WordPress cookies here “

Premium Program

We also offer a Professional WebDefender key that will give you:

  • Scanner scheduler’s settings
  • Upgrade to Premium support
  • Database malware scan (WebDefender exclusive function)
  • Scanner report export function

A 100% protection – your website’s security in our hands. Our team will monitor your website online 24/7, in case of a hacker attack or malware injection, we will clean and repair you website.

You can click here to sign-up for WebDefender Professional or Premium now.


  • WebDefender Security Dashboard Control Panel
  • WebDefender Security Scanner Page
  • Blacklist Monitoring (Web Trust Check)
  • Security Hardening Analytics & Recommendations
  • Antivirus Scanner & Scheduler Settings Page


Is the WebDefender Security free to use?

Yes, WebDefender is completely free to use. If you need to enable additional features, Professional or Premium plans are available.

Is the WebDefender plugin secure?

No sensitive data is sent to our servers. However, during the initial registration, the plugin sends encrypted data to the company’s server: your name, email address and website’s domain.

Will the WebDefender Security protect my site from being hacked?

Yes. The WebDefender is the complete package. It incorporates all the main security elements needed to protect your website: a passive WAF, an antivirus scanner and an automatic Updater of the sites’ elements.

Will the plugin impact the performance of my website?

No, it will not. We’ve performed extensive tests and the plugin had no visible effect on the performance of websites.

Does the scanner stores logs in my websites’ database?

No, it does not. Unlike most scanners we store our logs as text files which has no effect on the speed of a website.

Are there any issues installing this plugin on any hosts?

Not that we are aware of. After thousands of installations we have yet to experience issues with installing the plugin. However, we are constantly modifying our plugin introducing new and improving on existing features, so if you experiencing trouble installing please contact us at


Very pretty – but too many false positives

I’ve been testing this plugin on a number of compromised and not compromised accounts.

The good.
Bonus points for initial ease of use and graphical interface. This is quite possibly the tidiest looking security plugin I’ve ever seen.

The not so good.
Legitimate coding within WordPress core and coding within many well-regarded plugins and themes is marked in bold red colored text, with phrases like, “Server malware detected. Might be a malicious or hacker’s scripts” or “Danger! Malicious or suspicious files have been detected on the website”.

A fresh installation of WordPress with stock plugins, themes and a few well-known plugins installed from the WordPress repository return the warning, “Danger! Malicious or suspicious files have been detected on the website.”

An example:
The readme.txt file of a well know security plugin with over 2 million active installs is marked as “Server malware detected. Might be a malicious or hacker’s scripts.”

Obvious false positives like the one above are immediately followed by the phrase:
“Most likely the website has been compromised. Please, contact security experts or experienced webmaster immediately to clean up the website from malware” and then,
“Feel free to contact us, and for a reasonable fee we will be glad to help you!”

A person who is not familiar with basic security terminology or able to read basic PHP coding may find the results of the scans run by the Security Antivirus Scanner – CWIS troubling, to say the least.

Read all 12 reviews

Contributors & Developers

“Protection – WebDefender & GDPR Compliance Solutions” is open source software. The following people have contributed to this plugin.




  • General Data Protection Regulation (GDPR) features


  • JSON API capabilities are no longer removed
  • A modified Base64-variant only with URL-safe chars
  • Fixed issues with invalid JSON server responses

  • Fixed an issue with the temporary files directory
  • Optimized list of known plugins vulnerabilities


  • Added REST Nonce (beta feature, used in SaaS Dashboard)


  • The email address setting is now auto-synchronized


  • WebDefender Security status dashboard widget added

  • Added new signatures of backdoor trojan files
  • Updated list of known WP-plugins vulnerabilities
  • Minor improvements in Guarder URL Convertor


  • Added a separate option “Anti-Bot Protection”
  • Improved scan results editor, minor bug fixes


  • Dedicated page “Smart Protection” with settings and statistics
  • A new scanner setting “Check PHP-files for potential security vulnerabilities using static code analysis”
  • New malware signatures (webshells and viruses)


  • Added a new tool called Log File Viewer
  • URL encoder regex performance optimizations

  • Support for external URLs in Guarder URL Convertor


  • Prevented infinite recursion in the vulnerability scanner

  • Website anti-bot protection improvements


  • Enhanced Brute Force Login protection


  • New results category “Potentially vulnerable” contains the potentially vulnerable PHP code
  • Malware signatures and scan speed optimizations


  • Fixed an issue with child themes protection
  • Antivirus Scanner performance improvements
  • Fixed compatibility issues with some cache plugins

  • Improved support for relative CSS/JS paths
  • Updated list of known WP & plugins vulnerabilities


  • Caching WP plugins and themes autoupdate settings
  • Translate provider fix (default language set to ‘en’)
  • Popular social networks added to URL ignore list

  • Fixed compatibility issues with plugin JCH Optimize Pro
  • Anti-bot cross-browser compatibility and caching issues


  • Added anti-bot protection, based on user behavior analysis


  • Fixed recursive pathnames encoding (issue with the WP Rocket)
  • Updated list of known WordPress plugins vulnerabilities


Release Date – 31st January, 2018

  • Integrations with the CobWeb Security Defender and rebranding

  • Improved detection of some backdoor signatures

  • New malware signatures (installers, trojans and viruses)


  • The Professional Features panel is added to the dashboard

  • New malware signatures and known vulnerabilities

  • CPU benchmarking dynamic correction improved


  • Cached AJAX responses: improvements and bug fixes
  • New setting “File extensions to exclude from scanning”

  • New signatures detects Monero (XMR) CPU miner
  • Updated list of known WordPress plugins vulnerabilities

  • New malware signatures (total 4248 so far)

  • Fixed a weird bug with dropdown translations mechanism


  • New logo for CobWeb Security, improvements in sitecheck’s module
  • Setting “Custom Path” now can be switched between two modes


Release Date – 16th August, 2017

  • CWIS Antivirus Plugin Celebrates Its One Year Anniversary!
  • Improved database scan with large MySQL tables and with PHP memory limited size
  • Minor improvements to the email reports

  • Support for automatic background updates of all types (including configuration via wp-config.php file)


  • Improved scan algorithm with memory limited size
  • Reduced server load during intensive scanning


  • A new security hardening feature “CWIS Updater” (navigate to Settings option in WordPress navigation menu)


  • Scan results filtering feature with regex support
  • Fixed issue with binary files content filtering


  • Into file viewer added support for database browsing
  • File viewer automatically highlights the marker line on content load
  • Added menu item into the WordPress Admin bar


  • Major improvements to the email reports

  • Minor improvements and bug fixes
  • The list of known vulnerabilities is up-to-date


  • Maintenance release, new malware signatures

  • Vulnerabilities and URL ignore list updates

  • Added the “Quarantine Manager” tool with description
  • Enabled option to restore quarantined files


  • New dashboard element: “Scanner Feature Status”
  • Scan-level limits were removed from the Free version


  • New PHP webshells signatures (total 3937 so far)
  • Vulnerabilities and URL ignore list optimizations


  • Security and maintenance release

  • Client side user interface improvements

  • Database scanner now uses the list of detected CMS
  • Try new dashboard’s “Extra Options” to find out more…


  • New features of the Task Scheduler Manager
  • Improved white list management via AngularJS


  • Now using a local whitelist (useful for manual checking)
  • Fixed portability issues with ctype_xdigit and iconv


  • Updated list of known vulnerabilities
  • Removed deprecated result keys and methods

  • Compatability issues fix (path query in socket requests)
  • New defacement signatures (total 3915 so far)

  • Cronjob Scheduler and Site Check code optimizations
  • The scan path displayed during the scanning process


  • Maintenance release (total 3871 signatures)
  • Improvements in WordPress & CMS plugins detectors

  • New WordPress plugin vulnerabilities
  • SSL check results added to the dashboard


  • New malware and viruses signatures (total 3811 so far)
  • Speed optimizations of built-in cron job scheduler

  • Added MxToolBox’s blacklist lookup results
  • SSL Certificate check, HTTP status and load time

  • Fixed scanner stability issues on some busy/shared servers
  • Max file size been increased, prescan depth was limited

  • New server malware, phishing and viruses signatures
  • Scan settings sync fix, CSS styling and JS improvements

  • Optimized virus signatures of type “JS/redirector”
  • To prevent blocking, i18n JSON-files renamed to JS-files

  • Hack detection improvements (malicious code in .htaccess)

  • Updated list of known CMS/plugin/theme vulnerabilities


  • Security and maintenance release
  • Fixed issues with paused scan, database scan and site check


  • Quick rescan now being done significantly faster
  • Fixed incompatibility issues with the POSTed parameters


  • Rescan progress percent now calculated correctly

  • Improved rescan process (has been split into two phases)

  • Improvements in heuristic analysis algorithm (hacker nick names)
  • Whitelist and URL ignore list updates (tested on 1000+ plugins)

  • Malware signatures optimized, total 3709 signatures known
  • Fixed bug in recently updated UI-Bootstrap accordion


  • Delayed autostart on load and automatic retry on error
  • Improved handling of broken/unstable Internet connection
  • Sub-categories added to the WordPress admin menu

  • Scheduling periodic rescan using WordPress cron
  • Whitelist optimizations, new malware signatures


  • Forced restarting of stuck/incomplete rescan


Release Date – 2nd February, 2017

  • The first stable release of CWIS-3.0 is out!
  • CSS/JS optimizations, temporary files folders fix
  • Whitelist and URL ignore list updates (tested on 900 plugins)
  • Improved “iFrame injections” detector (PRO level)


  • Security patch, mail sender bug fix, new signatures, and more…


  • Testing completely redesigned interface written in pure AngularJS


  • LTS (Long-term support) version release
  • Quick Rescan and Scheduler bug fixes

  • Compatability with WordPress 4.7.2
  • System info reporting improvements


  • Updated URL ignore-list and known vulnerabilities list

  • Security and maintenance release


  • Validation improvements, updated list of vulnerabilities

  • Whitelist and URL ignore list updates (tested on 700 plugins)

  • New server malware signatures, total 3697 signatures known
  • Updated list of known plugins and themes vulnerabilities

  • Correct calculations of rescan speed and time left in Quick Rescan mode
  • Filenames queue list split by volumes, quick rescan of modified files
  • URL-ignore list optimizations (automatically adding the WWW prefix)

  • Incorrect date check results resolved using a timezone offset

  • Whitelist updates, client-side improvements in License Manager

  • CMS plugins detector now supported the one-file-plugins

  • Whitelist and URL ignore list updates (tested on 300 plugins)
  • Memory and signatures optimizations, CMS detector bug fix

  • CSS improvements, bug fix in suspicious redirect detector
  • Weekly notice: “To make your site as secure as possible…”


  • New signatures, code improvements and optimizations, bug fixes
  • Complemented list of latest known vulnerabilities across WordPress Core, plugins and themes

  • New server malware signatures, total 3587 signatures known

  • Unset UA warning fix, default date timezone is set to UTC
  • Removed some low quality signatures which caused false positives

  • Added the most recent high-profile plugins vulnerabilities
  • Added a signature of fake plugin named “WordPress Researcher”
  • Empty threat categories in the scan results are also displayed

  • Simulate function error_get_last() for PHP 5 < 5.2.0
  • Scanner whitelist’s function fread() PHP warning (bug fix)

  • Support for the latest version check on core-level

  • Updated security list of known vulnerabilities (WordPress plugins)


  • New backdoor and server malware signatures, total 3581 signatures known
  • Scanner skips automatically files caused to compile-time parse errors


  • Security and maintenance release
  • Added prescan status “completed”, new Potentially Malicious signatures
  • Now possible simultaneous scanning of different/mixed paths

  • Whitelist optimizations, URL ignore list been updated
  • New backdoor signatures added, total 3568 signatures known
  • Some of Server Malware signatures were skipped because of the bug


  • Doorways detection algorithm has been greatly improved (Professional Mode)
  • Scanning quality has been greatly improved (Basic Check and Recommended Mode)

  • Bug fixed in AJAX request’s timeout check (time limit has been doubled)
  • Last time rendering improved as scanner now ignores additional AJAX requests


  • Bug in the method detecting rescan status has been detected and fixed
  • The DRY philosophy has been applied to the scanner’s check code


  • Optimized some signatures in category “Potentially malicious”
  • Bootstrap popovers on hover explaining the scan modes and levels
  • Scan levels simplified: “Basic Check”, “Recommended” and “Professional”

  • List of known vulnerabilities (CMS and plugins) is up to date


  • Client-side now handling correctly an empty server response
  • PDO class file is loaded once now (additional check added)

  • New signatures added into category “Server malware”

  • API mode with log messages turned off

  • Prevented duplicate result entries

  • “Database Scan” may be enabled/disabled on-the-fly

  • Whitelist optimizations, URL ignore list been updated
  • cURL timeout has been increased from 3 to 5 seconds


  • Some regexps were moved to a more appropriate category “Potentially malicious”

  • Fixed mistakenly popping dialog


  • New shell signatures, scan results explanation notice added

  • Total 3544 signatures known (adware, phishing, viruses etc)

  • A new signature added, extended messaging in the paused scan state

  • Whitelist updates, JS stability issues, and a new banner image


  • The scanner stopped after receiving an error from the server, fixed
  • Disk free space check added with response “Possibly out of free disk space”
  • Total 3534 signatures known (adware, phishing, viruses etc)

  • Improvements in alerting system (stripped HTML tags and JSON parser fix)


  • MIME types are used now to detect and skip binary files in “Paranoid” mode

  • Ability to add a database check in the middle of an already running scan


  • Code refactoring, improved scanner stability on slow servers

  • Improper progress data is now being recovering silently
  • The list of vulnerabilities is extended and covers the last 4 years
  • Total 3477 signatures known (adware, phishing, viruses etc)


  • Scanner code has been refactored, improved performance

  • Quick rescan was failed on empty files list (bug fix)

  • Database scan was reset at each page refresh (bug fix)

  • Upload directory detection code compatability improvements

  • Whitelist updates and false AJAX timeouts fix

  • Support for files with no content (bug fix)


  • Client side user interface improvements

  • Added timeout check for lengthy AJAX requests

  • Whitelisted bunch of WordPress 4.6.0 and plugins files (nearly 500)
  • Whitelist check has been optimized, category “Encrypted files” now checked too
  • Plugins detector bug fixed (when empty array passed from the CMS detector)

  • SEO links detection improved (PHP-code in anchor is now skipped)
  • Scan result handling has been improved, empty names bug fixed
  • Client entered in loop in specific conditions, fixed


  • Database scanning control via new “DB Scan” button
  • Updated list of vulnerable CMS and plugins versions
  • Memory limit set to “1536M”, added new signatures

Release Date – 16th August, 2016

  • The plugin is listed in the official WordPress Plugin Directory
  • Added check for usage of unknown types for PHP extensions in .htaccess file


  • Delayed autostart on the first run (in 5 sec)
  • Improved WordPress version and CMS plugins detectors
  • Fixed issue with report shuffling after quick rescan


  • Improvements in built-in mechanism of translations
  • Autostart option is turned off on the very first run


  • Errors handling and translation quality improvements
  • Uploads directory used wp_upload_dir($this->plugin_name));


  • Thread-safe atomic file reading and writing solution
  • Basic scan level’s critical entries RegExp bug fixed


  • Scripts and styles included using the action hook


  • Activator and deactivator classes enabled
  • Scanner files upgraded to the latest version


  • Main file containing passwords now updated automatically
  • AJAX options now automatically generated and stored