DNN Defender is a security module designed specifically for DNN Platform (DotNetNuke) websites. It helps administrators detect and investigate webshells (malicious backdoor files), hidden malware, obfuscated scripts, suspicious file uploads, and other indicators of compromise before they can lead to deeper damage.
Beyond file-level detection, the system also supports post-exploit risk analysis, helping identify signs that a site may already be compromised, such as persistence mechanisms or suspicious modifications. Its integrated WAF component focuses on traffic inspection and threat detection, including the ability to surface stealthy reconnaissance and probing activity that often precedes targeted attacks.
The module combines classical security rules, heuristic analysis, and a lightweight offline AI engine to identify both known and previously unseen threats with high accuracy, while providing administrators with actionable visibility rather than automatic blocking.
All detection and analysis run entirely on your own server. No files, hashes, or code snippets are ever sent outside your environment.
Trial and demo at dnndefender.com
Document at UGUIDE.docx
Trial download [Download Trial 1.20]
Key Capabilities
Full Site Malware Scanning
- Scan the entire DNN installation on demand
- Detect malicious files and high-risk code patterns
- Inspect suspicious files hidden inside uploaded archives (ZIP, RAR, 7z)
- Clear progress tracking with the ability to stop scans at any time
Real-Time File Monitoring
- Monitors file creation and modification in real time
- Detects suspicious uploads and changes as they occur
- Designed to catch webshells and backdoors at the moment they appear
- Application-aware request inspection (WAF layer) provides visibility into reconnaissance, automated scanning, and probing activity targeting your site
- Risk analysis helps identify hidden backdoors, persistence mechanisms, and known vulnerable components
Performance & Resource Efficiency
DNN Defender is designed to operate with low CPU and memory usage, making it safe to run on production websites and shared hosting environments.
- Lightweight stream-based file scanning avoids loading large files into memory
- Scanning operations are throttled to prevent CPU spikes
- Real-time monitoring uses efficient file system events instead of constant polling
- No background services or external processes are spawned
- Stable memory usage even on large DNN installations
Full site scans can be started or stopped at any time, allowing administrators to run intensive scans during low-traffic periods.
Intelligent Threat Scoring
Powered by multiple detection engines (including the AI engine), the system increases detection accuracy while minimizing noise, helping administrators quickly focus on the most dangerous findings.
Secure Quarantine (Admin-Controlled)
DNN Defender operates in a scan-first, action-on-request model.
- The module scans and reports potential threats
- Quarantine actions occur only when explicitly requested by a SuperUser
- Files are never deleted automatically
When quarantine is requested:
- Selected files are securely isolated from the website
- Files are stored in protected form and can be restored if needed
- All actions are fully recorded in the audit log
Safe File Preview
- View suspicious file content in a sanitized, read-only preview
- Dangerous functions and patterns are highlighted
- No risk of accidental execution
Dashboard & Reporting
- Clean dashboard with threat summaries and trends
- Recent detections with clear severity indicators
- Export scan results to CSV or JSON
Audit Log & Accountability
- Records scans, quarantines, restores, previews, and configuration changes
- Supports investigations, audits, and compliance requirements
Batch Email Notification
DNN Defender supports batched email notifications to keep administrators informed without overwhelming their inbox.
- Notifications for real-time detections (batched)
- Notifications when a full site scan completes
- Summaries include number of findings, highest severity, time range, and direct dashboard link
This approach ensures timely, actionable alerts while avoiding alert fatigue.
Trial Experience
DNN Defender includes a built-in full-feature trial that activates automatically after installation.
- Runs completely locally
- No license key, no registration, no external server
- Lets administrators evaluate protection on their own site
After the trial period, the module switches to limited mode until activated.
Privacy, Performance & Hosting Safety
- 100% offline operation — no data leaves your server
- Safe for shared hosting and production environments
- CPU and memory usage are throttled
- Scans and monitoring can be stopped or limited anytime
Who Should Use DNN Defender?
- DNN SuperUsers / Host administrators
- Website owners concerned about webshell and backdoor attacks
- Agencies and hosting providers managing multiple DNN sites
- Organizations requiring audit trails and offline security tools
Note: For security reasons, the module is accessible only to SuperUsers.
Why DNN Defender?
- Strong real-world detection of webshells and backdoors
- Real-time monitoring, not just manual scanning
- Offline AI with zero data leakage
- Safe-by-design operation with full administrator control
- Built specifically for the DNN Platform
DNN Defender helps you stay in control of your DNN website security — before attackers do.
