Ghostables Defender is the security plugin built by the team behind Ghostables. Malware scanning, firewall, login defence, hardening, and a tamper-evident audit chain — all in one drop-in install. Free on wp.org. Pro tiers for sites that need more.
Defender is the practical, operator-friendly security stack we wish was available when we built Ghostables for WordPress. Seven module groups, every event written to a tamper-evident audit chain, sensible defaults that you can flip into hardened mode in one click.
Continuously watches your installed software and the files on disk for known threats and unexpected change.
Stops bad traffic before it reaches WordPress. Manual rules, country blocking, threat-intel feeds, and a managed WAF on Business+.
Login is the most-attacked surface on WordPress. Defender layers controls so credential stuffing, brute force, and replay don't get through.
A live checklist of WordPress hardening best-practice. Solo and above gets one-click fixes for each row.
If something does get through, you want a clean known-good restore point and the paper trail to prove what happened.
Every admin action, every defensive event, and every login attempt is logged to a tamper-evident chain. The dashboard shows you what matters today.
An extra security layer above wp-admin so that even a compromised admin account can't drop Defender, disable scans, or delete the audit trail.
Defender keeps attackers off the site. Ghostables for WordPress makes sure that if they ever do get in, the customer database they walk away with is unreadable. Together you have prevention and contained-impact. Buy a Ghostables for WordPress plan and the matching Defender tier is included automatically — one licence, both plugins, no double payment.
If you own Ghostables for WordPress at any paid tier, Defender activates against the same licence key. The Defender plugin detects the licence automatically and unlocks the matching tier — no extra checkout, no extra invoice.
You can still install Defender on its own — that's the wp.org free tier and the standalone Pro tiers on this page. But if you're going to encrypt your customer database anyway, the bundle is cheaper than buying both products separately.
See Ghostables for WordPress →Already have Ghostables for WordPress? You don't need to buy Defender separately — your existing licence unlocks it. These prices are for sites running Defender on its own.
wp.org download · 1 site · community support
or £6/month · 1 site · email support
or £19/month · 5 sites · priority support
or £59/month · unlimited sites · SLA support
All paid tiers include automatic updates, secure recovery, and a 14-day refund. VAT calculated at checkout. Cancel any time from your dashboard.
The full feature matrix. Everything in the table works in every tier marked ✓ — no hidden caps or "lite" versions.
| Feature | Free | Solo | Business | Enterprise |
|---|---|---|---|---|
| Threat detection | ||||
| CVE scanner (Patchstack) | ✓ | ✓ | ✓ | ✓ |
| CVE scanner (WPScan) | — | ✓ | ✓ | ✓ |
| File integrity baseline | ✓ | ✓ | ✓ | ✓ |
| Pattern malware scanner | ✓ | ✓ | ✓ | ✓ |
| ClamAV signatures | — | ✓ | ✓ | ✓ |
| Quarantine | — | ✓ | ✓ | ✓ |
| Core + plugin checksums | ✓ | ✓ | ✓ | ✓ |
| Custom YARA rules | — | — | — | ✓ |
| Perimeter | ||||
| Manual IP allow / block | — | ✓ | ✓ | ✓ |
| Geo / country blocking | — | ✓ | ✓ | ✓ |
| AbuseIPDB threat-intel | — | — | ✓ | ✓ |
| Managed WAF ruleset | — | — | ✓ | ✓ |
| Bot verification | — | ✓ | ✓ | ✓ |
| Community blocklist sync | — | ✓ | ✓ | ✓ |
| Cross-site threat-intel network | — | — | — | ✓ |
| Account security | ||||
| Login lockouts | — | ✓ | ✓ | ✓ |
| Custom login URL | — | ✓ | ✓ | ✓ |
| Two-factor authentication | ✓ | ✓ | ✓ | ✓ |
| Enforced 2FA for admins | — | — | ✓ | ✓ |
| Pwned-password check | — | ✓ | ✓ | ✓ |
| Per-country login geo-block | — | ✓ | ✓ | ✓ |
| Hardening | ||||
| Hardening recommendations | ✓ | ✓ | ✓ | ✓ |
| One-click fixes | — | ✓ | ✓ | ✓ |
| HTTPS-only enforcement | ✓ | ✓ | ✓ | ✓ |
| wp-config watcher | ✓ | ✓ | ✓ | ✓ |
| WooCommerce order integrity | — | — | ✓ | ✓ |
| Backup & recovery | ||||
| Encrypted database backups | — | ✓ | ✓ | ✓ |
| Backup encryption (operator key) | — | — | ✓ | ✓ |
| Offsite backup destinations | — | — | ✓ | ✓ |
| GDPR data export | ✓ | ✓ | ✓ | ✓ |
| Compliance pack export | — | — | ✓ | ✓ |
| Monitoring & audit | ||||
| Tamper-evident audit chain | ✓ | ✓ | ✓ | ✓ |
| Anomaly detection (14-day baseline) | ✓ | ✓ | ✓ | ✓ |
| Uptime monitor | — | ✓ | ✓ | ✓ |
| Weekly digest email | — | — | ✓ | ✓ |
| Forensic PDF incident report | — | — | ✓ | ✓ |
| Hedera HCS audit anchoring | — | — | — | ✓ |
| Operator controls | ||||
| Operator PIN + dedicated 2FA | ✓ | ✓ | ✓ | ✓ |
| Per-operator action throttling | ✓ | ✓ | ✓ | ✓ |
| Webhook integrations | — | ✓ | ✓ | ✓ |
| Cloudflare rule sync | — | — | ✓ | ✓ |
| "Protected by Ghostables" trust mark | — | ✓ | ✓ | ✓ |
| White-label trust mark | — | — | ✓ | ✓ |
| Plugin allowlist (signed-only) | — | — | — | ✓ |
| One-click site lockdown | — | — | — | ✓ |
| Support & coverage | ||||
| Sites | 1 | 1 | 5 | Unlimited |
| Support channel | Community | Priority email | SLA | |
| Auto-update with rollback | — | — | ✓ | ✓ |
You already have it. The two plugins talk to each other — install Defender on the same site and it picks up the Ghostables for WordPress licence and runs at the matching tier automatically. You don't pay twice. The standalone Pro prices on this page are for sites that don't have Ghostables for WordPress and just want the security plugin on its own.
It's useful. The free tier includes CVE scanning, file-integrity baselines, the pattern malware scanner, the hardening checklist, two-factor authentication, and the audit log. That's already more than most paid competitors offer for free. Pro tiers add deeper scanning (ClamAV), the perimeter layer (firewall + WAF + threat-intel), one-click fixes, the reporting / compliance bits agencies need, and the "Protected by Ghostables" trust mark — the public mark is paid-only because it represents accreditation, and an accreditation that anyone can claim for free isn't an accreditation.
Defender ships with a "Lite Mode" that disables everything except scanning, so you can install on a fragile / legacy site and turn modules on one at a time. The hardening checklist tells you exactly what each fix will change before you apply it. Every action is reversible from the audit log. And there's a one-click "Pause Defender" toggle if you ever need to take it out of the request path.
Every defensive action — every block, every quarantine, every operator login, every settings change — is written to a tamper-evident chain. Each entry's hash is bound to the previous one, so removing or altering an entry breaks the chain visibly. The Enterprise tier can anchor that chain to the Hedera public ledger so the proof is verifiable independently of your server. The free tier already includes the chain itself; anchoring is the only Enterprise-only piece.
An extra security layer on top of wp-admin. Even if an admin account is compromised (stolen password, malicious plugin code), the attacker can't disable Defender, delete scan results, or alter the audit chain without separately knowing the operator PIN and passing the dedicated operator 2FA. It's the difference between an attacker who got in and an attacker who can clean up after themselves.
You buy a subscription, we email a licence key. Paste it into the plugin's settings page. The plugin checks in daily — if your subscription lapses, the plugin degrades gracefully to the free tier rather than going offline. Customer data, audit history, and scan baselines all remain intact.
14 days, no questions. Cancel from your dashboard or email hello@ghostables.io. You keep access until the end of the current billing cycle and the plugin then steps down to the free tier.
Start free, or pick a Pro tier and get everything. If you already own Ghostables for WordPress, install Defender — it activates against your existing licence.