The invention discloses a wireless network security defense method based on software-defined security. The wireless network security defense method is based on a software-defined secure network architecture and comprises a cloud platform, an SDN controller and a wireless access point. The wireless network security defense method includes the steps: sniffing the network environment data packet in the wireless network by the wireless access point, and uploading the network environment data to the cloud platform in real time; executing the network flow table from the SDN controller to realize network defense; enabling the cloud platform to complete attack detection of the network environment data, generate a defense decision after detecting a network attack, and issue the defense decision tothe SDN controller; and enabling the SDN controller to manage and configure network forwarding equipment including the wireless access point, and issue a network flow table according to the defense decision. According to the invention, attack detection and defense automation and integration under a wireless network are realized, and the protection efficiency is improved.