Shield Security for WordPress

Wordpress Plugin
Download latest - 11.4.4

Developers

paultgoodchild

Download Stats

Today 1,106
Yesterday 1,381
Last Week 9,472
All Time 3,929,761
Banner 772x250

The highest rated 5* Security Plugin for WordPress

Shield - highest average 5* rating for any WordPress security plugin (2019/05). See what people are saying here.

It's 2020 - Don't settle for just another security plugin. Get smarter security.

You don't need another 100 email notifications.

You need a security plugin that does all the heavy lifting for you, and only alerts you when you need to know.

And when you get an alert, you actually have steps to take, not just the position of "I have no clue what to do!"

Security for WordPress doesn't have to be hard

There's no reason for security to be so darn complicated. It doesn't have to be this way any longer.

Shield is the easiest security plugin to setup - you simply activate it.

And you can gradually dig deeper, as you're ready.

Trust: Shield Does Exactly What It Says It Will Do

You've probably been let down in the past, but Shield is the WordPress Security solution that does what it says it'll do - Protect Your Site.

Constant notifications are not okay. You're already busy!

Receiving constant alerts from your security plugins isn't "security". It's just noise. By the time you receive a notification and respond to it, it's already too late.

Instead, Shield Security does it what it needs to do, and alerts you if and when you need to informed.

Shield is your Silent Guardian. It doesn't squawk at you every time a visitor presses against your defenses.

It'll do its job without moaning at you, and leave you in peace to get on with your job.

You're not alone, and there's no risk to test it out.

You can try out Shield alongside any other security plugins, and it comes highly recommended - it has the highest average rating for any WP Security plugin.

Easy-to-setup, but powerful protection blocks attacks and suspicious activity, but won't lock you out.

Shield is the must-have, free Security Solution for all your WordPress sites.

Shield Features You'll Absolutely Love

  • Beautiful, Easy-To-Use Guided Wizards - help you configure Shield and run scans like a Pro
  • Limit Login Attempts / Block Automatic Brute-Force Bots - all automatically
  • Powerful Core File Scanners - automatically detects malicious file changes and hacks you'd never see
  • Automatic IP Black List - no need for you to manage IPs!
  • 2-Factor Authentication - including Google Authenticator and Email
  • Block 100% Automated Comments SPAM
  • Audit Trail & User Activity Logging
  • reCAPTCHA
  • Firewall
  • Security Admin Users
  • Block REST API / XML-RPC
  • HTTP Headers
  • Automatic Updates Control
  • and much, much more...

Don't Leave Your Site At Risk
If your site is vulnerable to attack, you're putting your business and your reputation at serious risk. Getting hacked can mean you're locked out of your site, client data stolen, your website defaced or offline, and Google will penalise you.

Why take the risk?

Download and install Shield now for FREE so that you have the most powerful WordPress security system working for you and protecting your site.

The New Shield Pro

From November 2017, Shield Security now has a Pro version for those that need to take their Security to the next level.

The Pro Extras:

  1. Exclusive customer email support.
  2. Plugin Vulnerability Scanner.
  3. Plugin / Themes Hack Detection Scanner.
  4. More Frequent Scans - as often as every hour.
  5. Protection for your WooCommerce customers (incl. Easy Digital Downloads & BuddyPress)
  6. Remember-Me 2-Factor Authentication.
  7. Powerful Password Policies.
  8. Import/Export of options across sites.
  9. Improved Audit Trail logging
  10. Exclusive early access to new security features
  11. Text customisations for your visitors.
  12. No manual Pro plugin downloads - we handle this all for you automatically.
  13. No license keys to manage - it's all automatic!
  14. (coming soon) White Labelling
  15. (coming soon) Statistics and Reporting
  16. (coming soon) Select individual automatic plugin updates

Dedicated Premium Support

The Shield Security team prioritises email technical support over the WordPress.org forums. Individual, dedicated technical support is only available to customers who have purchased Shield Pro.

Discover all the perks turning your security Pro at our Shield Security store.

Our Mission

All the great features of how Shield protects your sites and your customers data are set out below in detail, but there are a few things about us, that you should know first:

  • We're on a mission to liberate people who manage websites from unnecessarily repetitive work, and by 2022 we want to be saving our clients over 62.5 million hours per year (and we'd love you to join us in our quest)
  • We have three rules that apply to everything we do, and you'll see these when you use our products or contact us for help:
  1. We make everything as simple and easy-to-use as possible (and no simpler!).
  2. We're reliable we make sure our products do what they promise.
  3. We take ownership for resolving problems - we will solve the problem, or point you towards the solution.

So, read on for the detail, or start protecting yourself, your clients and your clients' customers immediately by downloading and installing Shield now

What makes the Shield different?

  • Powerful free security protection.
  • Easy-To-Setup User Interface.
  • It won't break your website - you'll never get that horrible, pit-of-your stomach feeling you get with other security plugins when your website doesn't load anymore.
  • Super Admin Security - the only WordPress Security Plugin that protects against tampering.
  • Exclusive membership to a private security group where you can learn more about WordPress security.

Super Admin Security Protection

The only WordPress security plugin with a WordPress-independent security key to protect itself. more info

Audit Trail Activity Monitor

With the Audit Trail you can review all major actions that have taken place on your WordPress site, by all users.

Firewall Protection

Blocks all web requests to the site that violate the firewall security rules! more info

Brute Force Login Guard and Two-Factor Authentication

Provides effective security against Brute Force Hacking and email based Two-Factor Authenticated login. more info

Comment SPAM (Full replacement and upgrade from Akismet)

Blocks ALL automatic Bot-SPAM, and catches Human Comments SPAM without sending data to 3rd parties or charging subscription fees. more info

FABLE - Fully Automatic Black Listing Engine

No more manual IP Black lists. This plugin handles the blocking of IP addresses for hosts that are naughty.

WordPress Lock Down

Numerous security and protection mechanisms to lock down your WordPress admin area, such as blocking file edits and enforcing SSL.

Automatic Updates

Take back control of your WordPress Automatic Updates.

[youtube http://www.youtube.com/watch?v=r307fu3Eqbo]

Login and Identity Security Protection - Stops Brute Force Attacks

Note: Login Guard is a completely independent feature to the Firewall.

With the Login Guard this plugin will single-handedly prevent brute force login attacks on all your WordPress sites.

It doesn't need IP Address Ban Lists (which are actually useless anyway), and instead puts hard limits on your WordPress site, and force users to verify themselves when they login.

Three core security features provide layers to protect the WordPress Login system.

  1. Email-based 2-Factor Login Authentication based on IP address! (prevents brute force login attacks)
  2. Login Cooldown Interval - WordPress will only process 1 login per interval in seconds (prevents brute force login attacks)
  3. GASP Anti-Bot Login Form Protection - Adds 2 protection checks for all WordPress login attempts (prevents brute force login attacks using Bots)

These options alone will protect and secure your WordPress sites from nearly all forms of Brute Force login attacks.

And you hardly need to configure anything! Simply check the options to turn them on, set a cooldown interval and you're instantly protected.

SPAM and Comments Filtering

As of version 1.6, this plugin integrates GASP Spambot Protection.

We have taken this functionality a level further and added the concept of unique, per-page visit, Comment Tokens.

Comment Tokens are unique keys that are created every time a page loads and they are uniquely generated based on 3 factors:

  1. The visitors IP address.
  2. The Page they are viewing
  3. A unique, random number, generated at the time the page is loaded.

This is all handle automatically and your users will not be affected - they'll still just have a checkbox like the original GASP plugin.

These comment tokens are then embedded in the comment form and must be presented to your WordPress site when a comment is posted. The plugin will then examine the token, the IP address from which the comment is coming, and page upon which the comment is being posted. They must all match before the comment is accepted.

Furthermore, we place a cooldown (i.e. you must wait X seconds before you can post using that token) and an expiration on these comment tokens. The reasons for this are:

  1. Cooldown means that a spambot cannot load a page, read the unique comment token and immediately re-post a comment to that page. It must wait a while. This has the effect of slowing down the spambots, and, if the spambots get it wrong, they've wasted that token - as tokens can only be used once.
  2. Expirations mean that a spambot cannot get the token and use it whenever it likes, it must use it within the specfied time.

This all combines to make it much more difficult for spambots (and also human spammers as they have to now wait) to work their dirty magic :)


Releases (81 )

Version Release Date Change Log
9.0.3 2020-06-04
9.0.2 2020-05-14
9.0.1 2020-05-07
9.0.0 2020-05-05
8.7.0 2020-03-16
  • Current Release = Released: 16th March, 2020 - Release Notes

  • (v.0) NEW: [PRO] Traffic Rate Limiting Feature.

  • (v.0) ADDED: Support for registration forms in plugins: Profile Builder and Paid Member Subscriptions

  • (v.0) IMPROVED: Tweaks and changes to UI.

  • (v.0) FIXED: Minor issues with the MFA page.

Full Shield Security Changelog

8.6.3 2020-02-25
  • Current Release = Released: 25th February, 2020 - Release Notes

  • (v.3) IMPROVED: AJAX handling and general plugin requests have been refined to be less prone to errors.

  • (v.3) IMPROVED: The Traffic Log Viewer will now be displayed even if it's disabled.

  • (v.3) REMOVED: 2 options from the Automatic Updates module have been removed, that influenced translations and version control.

  • (v.3) IMPROVED: Some minor improvements and optimisations.

  • (v.3) IMPROVED: Adjusted how Shield stores temporary WP options to prevent duplicates.

  • (v.3) FIXED: Login backup-code wasn't always reset after it was used.

  • (v.3) FIXED: IP address wasn't blocked even after committing an offense in 1 particular scenario.

8.5.7 2020-02-10
  • Current Release = Released: 10th February, 2020 - Release Notes

  • (v.7) ADDED: New admin notice to indicate that the plugin is currently disabled.

  • (v.7) IMPROVED: Malware scanning for premium assets always uses hashes where possible to verify contents.

  • (v.7) IMPROVED: Optimised loading of libraries that run for certain features, if they aren't enabled.

  • (v.7) IMPROVED: Prevent a rare fatal error on activation.

8.4.4 2019-12-06
  • Current Release = Released: 6th December, 2019 - Release Notes

  • (v.4) IMPROVED: Discovered serious conflict with SiteGround Optimizer plugin. Provided admin notice and automatic fixing.

  • (v.4) FIXED: Protected against spurious error log notices when comparing hashes with "nothing".

8.3.0 2019-11-18
  • Current Release = Released: 18th November, 2019 - Release Notes

  • (v.0) IMPROVED: Improvements to Malware scanner to now track malware results by specific lines, not just by file.

  • (v.0) IMPROVED: Support colons (:) in IP addresses during visitor IP address detection.

  • (v.0) IMPROVED: Ensure license lookups use the correct site URL.

  • (v.0) IMPROVED: Attempt to ensure that if there is an interruption in the API, malware patterns are available for scanning.

  • (v.0) IMPROVED: Added default firewall whitelist parameter for AffiliateWP requests.

  • (v.0) IMPROVED: Spanish, French, Japanese translations.

8.2.3 2019-10-25
  • Current Release = Released: 25th October, 2019 - Release Notes

  • (v.3) FIXED: Fix for reported RXSS vulnerability - more info.

  • (v.3) FIXED: Fix for Rest API detection.

  • (v.3) FIXED: Fix for translation of some strings.

8.2.2 2019-10-14
  • Current Release = Released: 14th October, 2019 - Release Notes

  • (v.2) FIXED: Fixes for scans running under Windows/IIS.

  • (v.2) IMPROVED: Adds a check that a site can send an HTTP request to itself before allowing scans to run.

  • (v.2) IMPROVED: Scans clean up after themselves better, if they fail to run.

  • (v.2) IMPROVED: Server's own IP address detection when site migrated to a new host.

  • (v.2) UPDATED: International translations.

  • (v.2) FIXED: PHP notices when data wasn't as expected.

8.2.1 2019-10-07
  • Current Release = Released: 7th October, 2019 - Release Notes

  • (v.1) IMPROVED: Further reduce Malware false positives by also using SVN trunk data when verifying files for plugins and themes.

  • (v.1) ADDED: Initial support for repairing Themes that have been installed from WordPress.org.

  • (v.1) ADDED: Support for using WP Hashes.com for WordPress.org themes (already done for plugins).

  • (v.1) FIXED: PHP notices in the logs.

8.2.0 2019-10-01
  • Current Release = Released: 1st October, 2019 - Release Notes

  • (v.0) IMPROVED: [PRO] Malware scanner now uses network intelligence to the gather information on malware results.

  • (v.0) NEW: Traffic Watcher feature is now free for all users (no longer Pro-only).

  • (v.0) IMPROVED: Scanning cron is improved and more efficient.

  • (v.0) ADDED: Bulk Delete/Repair/Ignore actions now available for Malware scan results.

  • (v.0) IMPROVED: Malware scan results now provide details of affected line numbers and patterns discovered.

  • (v.0) IMPROVED: Malware scanner only scans wp-admin, wp-includes, wp-content folders, and files in top-level directory.

  • (v.0) IMPROVED: Malware scanner now excludes wp-content/cache/ directory.

  • (v.0) IMPROVED: Malware scanner performance improved with caching.

  • (v.0) IMPROVED: Malware auto-repair now works more consistently.

  • (v.0) IMPROVED: Updated default firewall whitelist rules.

  • (v.0) IMPROVED: If the PWNED Passwords API request fails entirely, the password check is skipped.

  • (v.0) ADDED: Japanese translations are at 100%.

  • (v.0) IMPROVED: Dutch translations are greatly improved (a huge thank you to Fred!).

  • (v.0) FIXED: Audit Trail correctly logs multiple occurrences for the same type of event on the same page request.

  • (v.0) FIXED: Audit Trail now correctly logs Google reCAPTCHA failure events.

  • (v.0) FIXED: PHP error when firewall was set to kill response without a user message.

8.1.1 2019-09-18
  • Current Release = Released: 18th September, 2019 - Release Notes

  • (v.1) FIXED: Error for sites pre-5.0 that don't have function determine_locale()

  • (v.0) IMPROVED: Massive improvements to asynchronous scans in performance and reliability.

  • (v.0) ADDED: [PRO] Possible to supply multiple email addresses for Administrator login notifications.

  • (v.0) ADDED: New firewall whitelist rule to prevent firewall blocks when activating certain plugins.

  • (v.0) IMPROVED: Prevent errors caused by other plugins not passing correctly-formatted data through WP filters.

  • (v.0) ADDED: Japanese translations (14%).

  • (v.0) IMPROVED: Plugin locale now respects user profile locale setting.

  • (v.0) IMPROVED: Audit Trail filter for specific events.

  • (v.0) IMPROVED: Lots of cleanup of deprecated PHP code following the the v7-v8 upgrade.

8.1.0 2019-09-18
  • Current Release = Released: 18th September, 2019 - Release Notes

  • (v.0) IMPROVED: Massive improvements to asynchronous scans in performance and reliability.

  • (v.0) ADDED: [PRO] Possible to supply multiple email addresses for Administrator login notifications.

  • (v.0) ADDED: New firewall whitelist rule to prevent firewall blocks when activating certain plugins.

  • (v.0) IMPROVED: Prevent errors caused by other plugins not passing correctly-formatted data through WP filters.

  • (v.0) ADDED: Japanese translations (14%).

  • (v.0) IMPROVED: Plugin locale now respects user profile locale setting.

  • (v.0) IMPROVED: Audit Trail filter for specific events.

  • (v.0) IMPROVED: Lots of cleanup of deprecated PHP code following the the v7-v8 upgrade.

8.0.2 2019-09-05
  • Current Release = Released: 5th October, 2019 - Release Notes

  • (v.2) IMPROVED: Password strength metering now better aligns with WordPress library (PHP 5.6+)

  • (v.2) IMPROVED: Dutch translations have been adjusted.

  • (v.2) FIXED: Setting 'Month' for IP block duration wasn't being applied.

  • (v.2) FIXED: Certain admin notices not displayed when they should be.

8.0.1 2019-08-29
  • Current Release = Released: 29th September, 2019 - Release Notes

  • (v.1) FIXED: Comment SPAM blocking wasn't working if set to "Detect and Reject".

  • (v.1) FIXED: Shield Widget/Badge broken in some cases.

  • (v.1) ADDED: You can force Shield to operate in any locale, regardless of site locale.

  • (v.1) ADDED: Russian translations are now at 100% and some Dutch translations have been adjusted.

8.0.0 2019-08-27
7.4.2 2019-05-30
  • Current Release = Released: 30th May, 2019 - Release Notes

  • (v.2) NEW: Options finder/jumper menu lets you find and jump to any option in the plugin instantly.

  • (v.2) NEW: Help/explainer videos for a few sections - more to come.

  • (v.2) FIXES: Fixes for a few problems introduced with the recent UI changes.

  • (v.2) FIXED: Welcome wizard launching was broken.

7.4.1 2019-05-20
  • Current Release = Released: 20th May, 2019 - Release Notes

  • (v.1) NEW: Adjustments and redesign of Shield options pages.

  • (v.1) IMPROVED: Further prep for better internationalization.

7.4.0 2019-05-13
  • Current Release = Released: 13th May, 2019 - Release Notes

  • (v.0) NEW: [PRO] Manual/Automatic User Suspension

  • (v.0) NEW: Comment SPAM - Increase minimum number of approved comments before scanning is skipped

  • (v.0) NEW: [PRO] Comment SPAM - Trusted user roles where comments scanning is skipped

  • (v.0) IMPROVED: AntiBot JS was improperly included when not required.

  • (v.0) IMPROVED: Added a GeoIP caching table and removed bundled GeoIP database - greatly reduces download size.

  • (v.0) FIXED: Inconsistent behaviour when PWA plugin is active and it infinitely reloads pages.

  • (v.0) FIXED: Inconsistent behaviour with Anonymous API blocking.

  • (v.0) IMPROVED: Code improvements and refactoring.

  • (v.0) ADDED: Prep for upcoming malware scanner.

7.3.2 2019-04-18
  • Current Release = Released: 18th April, 2019 - Release Notes

  • (v.2) IMPROVED: Provided inline links for new Bot Signals options.

  • (v.2) CHANGED: Added a workaround for WPML plugin using old, buggy version of TWIG library.

  • (v.1) FIX: Protection against 404 tracking blocking visitors in some cases.

  • (v.0) NEW: [PRO] 7x New Bot Signals - rules to catch and block bad bots.

  • (v.0) ADDED: Date picker for filtering Audit Log entries.

  • (v.0) IMPROVED: Audit Log viewer now combines entries from the same request into 1 for better readability.

  • (v.0) CHANGED: Use a more refined clearing of WP Fastest Cache.

  • (v.0) FIX: Error displayed when deleting plugins in some cases.

  • (v.0) UPDATED: Translations for Chinese, Finnish, Turkish, Dutch, Italian, and German.

7.2.3 2019-03-25
  • Current Release = Released: 25th March, 2019 - Release Notes

  • (v.3) FIX: Unable to turn off the Abandoned Plugin scanner.

  • (v.3) FIX: Fix bug with some DNS lookup failures for some ISPs.

  • (v.3) FIX: Fix display notice for 'disallow file editing' setting when IP is whitelisted.

7.1.2 2019-02-28
  • Current Release = Released: 27th February, 2019 - Release Notes

  • (v.2) IMPROVED: Firewall email notification content now better reflect the information in the audit trail.

  • (v.2) FIX: Firewall email notification was breaking in some instances.

7.1.1 2019-02-21
  • Current Release = Released: 21st February, 2018 - Release Notes
7.1.0 2019-02-21
  • Current Release = Released: 21st February, 2018 - Release Notes
7.0.4 2019-02-12
  • Current Release = Released: 12th February, 2018 - Release Notes

  • (v.4) IMPROVED: Refactored IP address blocking with improved audit trail messages.

  • (v.4) CHANGED: Expanded anonymous REST API whitelist to include 'wpstatistics' namespace.

  • (v.4) IMPROVED: Access protection for shield temp/caching dir.

  • (v.4) IMPROVED: Clarification on reCAPTCHA - v3 is not supported.

  • (v.4) IMPROVED: Clarification on user sessions timeout - Shield sets an absolutely session maximum.

  • (v.4) IMPROVED: Options form submission is adjusted to work around poorly restrictive webhosts.

  • (v.4) FIX: Various tweaks and fixes across the plugin.

  • (v.4) FIX: Error with ClassicPress.

7.0.3 2019-02-07
  • Current Release = Released: 7th February, 2018 - Release Notes

  • (v.3) NEW: Automatically whitelist anonymous REST API Access for 3 plugins: Contact Form 7, WooCommerce, JetPack.

  • (v.3) IMPROVED: Security admin login failure messages are clearer.

  • (v.3) IMPROVED: Admin notification for email sending 2FA verification easily lets you resend email.

  • (v.3) IMPROVED: File download code for WordPress Core file scanner repairs.

  • (v.3) IMPROVED: Attempt to also capture B/CC email addresses included in outgoing emails in Audit logs.

  • (v.3) FIX: Allow use of IPv4 ranges in whitelist again.

  • (v.3) CHANGED: Numerous code refactoring and improvements building upon the major v7 release and prepping for v7.1.

7.0.2 2019-01-28
  • Current Release = Released: 28th January, 2018 - Release Notes
7.0.1 2019-01-28
  • Current Release = Released: 28th January, 2018 - Release Notes
7.0.0 2019-01-28
  • Current Release = Released: 28th January, 2018 - Release Notes
6.10.9 2018-12-07
  • Current Release = Released: 7th December, 2018 - Release Notes

  • (v.9) FIXED: Admin notices displaying to non-admins.

  • (v.7) ADDED: [PRO] New option to specify usernames for Security Admin role.

  • (v.7) IMPROVED: Idle user detection.

  • (v.7) IMPROVED: Support for redirect/cancel URLs in 2FA login page.

  • (v.7) CHANGED: Final release before Shield v7. Small warning shown on plugins page if PHP < 5.4

6.10.4 2018-11-06
  • Current Release = Released: 5th November, 2018 - Release Notes

  • (v.4) FIXED: Couldn't deactivate plugin.

  • (v.3) ADDED: Support for Ultimate Member forms

  • (v.3) ADDED: Support for LearnPress login/registration forms

  • (v.3) FIXED: Security Admin now correctly honours the WordPress Options zone setting.

  • (v.3) IMPROVED: Distinguish which sub-site (sub-domain) for WPMS installations on Traffic Watcher.

  • (v.3) IMPROVED: Server's own IP lookup is only attempted once.

  • (v.3) ADDED: Experimental feature to help with some custom 3rd party login/registration forms

6.10.3 2018-11-05
  • Current Release = Released: 5th November, 2018 - Release Notes

  • (v.3) ADDED: Support for Ultimate Member forms

  • (v.3) ADDED: Support for LearnPress login/registration forms

  • (v.3) FIXED: Security Admin now correctly honours the WordPress Options zone setting.

  • (v.3) IMPROVED: Distinguish which sub-site (sub-domain) for WPMS installations on Traffic Watcher.

  • (v.3) IMPROVED: Server's own IP lookup is only attempted once.

  • (v.3) ADDED: Experimental feature to help with some custom 3rd party login/registration forms

6.10.2 2018-10-23
  • Current Release = Released: 23rd October, 2018 - Release Notes

  • (v.2) IMPROVED: Visitor IP address detection

  • (v.2) IMPROVED: Automatic whitelisting of Manage WP IP addresses

  • (v.2) IMPROVED: SPAM Comments code enhanced and optimised

  • (v.2) IMPROVED: IP Whitelisting code enhanced and optimised

  • (v.2) IMPROVED: Code cleaning and refactoring.

6.10.1 2018-10-16
  • Current Release = Released: 15th October, 2018 - Release Notes
6.10.0 2018-10-16
  • Current Release = Released: 15th October, 2018 - Release Notes
6.9.4 2018-09-13
  • Current Release = Released: 13th September, 2018

  • (v.4) FIXED: Bug where 2FA by email user roles get reset in some cases.

  • (v.3) ADDED: Support for AppleBot in the Traffic Watcher.

  • (v.3) FIXED: Plugin/Theme Guard bug not capturing updates correctly.

  • (v.3) FIXED: Google Authenticator could not be removed from profile.

6.9.3 2018-09-11
  • Current Release = Released: 11th September, 2018

  • (v.3) ADDED: Support for AppleBot in the Traffic Watcher.

  • (v.3) FIXED: Plugin/Theme Guard bug not capturing updates correctly.

  • (v.3) FIXED: Google Authenticator could not be removed from profile.

6.9.2 2018-09-10
  • Current Release = Released: 10th September, 2018

  • (v.2) FIXED: Prevent crashing on sites with PHP < v5.4

  • (v.1) ADDED: Support for Yandex search engine in the Traffic Watcher.

  • (v.1) IMPROVED: WooCommerce checkout handling with reCAPTCHA.

6.9.1 2018-09-09
  • Current Release = Released: 9th September, 2018

  • (v.1) ADDED: Support for Yandex search engine in the Traffic Watcher.

  • (v.1) IMPROVED: WooCommerce checkout handling with reCAPTCHA.

6.9.0 2018-09-07
  • Series = Released: 6th September, 2018 - Release Notes

  • (v.0) NEW: [PRO] Traffic Watcher - live tracking of all requests to your site.

  • (v.0) NEW: [PRO] Yubikey - Allows for multiple Yubikeys on the same user profile.

  • (v.0) ADDED: [PRO] Option to include listing of affected files within Hack Guard notification emails.

  • (v.0) ADDED: Option to delete the Security Admin Access Key

  • (v.0) ADDED: Option to add WooCommerce roles to 2FA-Email setting.

  • (v.0) CHANGED: Basic Stats system now requires minimum PHP v5.4.

  • (v.0) CHANGED: Password Policies now requires minimum WordPress v4.4.

  • (v.0) IMPROVED: Password expiration now redirects to the 'set password' screen, instead of the user profile.

  • (v.0) IMPROVED: Password capture for purposes of password policies is improved.

  • (v.0) IMPROVED: You can now delete the 'forceoff' file from inside the WP Admin.

  • (v.0) IMPROVED: Audit Trail entries for emails will identify the file that's calling the wp_mail function.

  • (v.0) IMPROVED: Audit Trail entries for post editing will identify the post type wherever possible.

  • (v.0) IMPROVED: Audit Trail entries will try to display all message text correctly.

  • (v.0) IMPROVED: Login/Register/Password forms are only checked when visitor is not logged-in.

  • (v.0) IMPROVED: Major database code refactoring and other code improvements.

  • (v.0) IMPROVED: User sessions handling.

  • (v.0) IMPROVED: Security Admin UX - ajax session checking, with admin notifications and auto-page reload.

  • (v.0) IMPROVED: Security Admin password setting now requires a confirmation password entry.

  • (v.0) IMPROVED: Refined Cooldown timing system.

  • (v.0) IMPROVED: Refined Bot checkbox Javascript.

  • (v.0) IMPROVED: Cron entry cleanup after deactivation.

  • (v.0) UPDATED: Bootstrap libraries to latest release v4.1.3.

  • (v.0) FIXED: Potential bug with Plugin/Themes guard scanning.

  • (v.0) FIXED: PHP Warning(s).

Full Changelog

6.8.2 2018-06-22
  • Current Release = Released: 22nd June, 2018 - Release Notes

  • (v.2) FIXED: Bug with multi-factor authentication verification.

  • (v.2) FIXED: Bug with chosen reCAPTCHA style not being honoured on login pages

  • (v.2) FIXED: Bug with Invisible reCAPTCHA + WooCommerce

  • (v.2) FIXED: Bug with Pwned passwords always being checked even if setting turned off.

6.8.1 2018-06-14
  • Current Release = Released: 14th June, 2018 - Release Notes

  • (v.1) FIXED: A couple of bugs with WooCommerce reCAPTCHA processing.

  • (v.1) FIXED: A bug with user sessions cleaning

6.8.0 2018-06-11
  • Current Release = Released: 11th June, 2018 - Release Notes

  • (v.0) ADDED: [PRO] White Label - ability to re-brand the entire Shield Security plugin to your company brand.

  • (v.0) ADDED: [PRO] Option for all users to receive notification email upon login to their accounts.

  • (v.0) IMPROVED: Completely rebuilt the bot and reCAPTCHA login protection system.

  • (v.0) IMPROVED: Import/Export system hugely improved with respect to automated push of options from Master sites.

  • (v.0) IMPROVED: A different approach to sessions management that should handle sessions a bit better.

  • (v.0) IMPROVED: Expired user sessions are cleaned from the DB using a cron, and on Insights Dashboard load.

6.7.2 2018-05-30
  • Current Release = Released: 30th May, 2018 - Release Notes

  • (v.2) ADDED: [PRO] Admin Notes feature - Notes can now be easily deleted (editing will not be possible).

  • (v.0) UPDATED: Some translations.

  • (v.2) FIXED: A few bugs with the Insights Dashboard.

  • (v.2) FIXED: Removed the dependency on jQuery with Invisible reCAPTCHA.

Note: The Insights Dashboard is only available on sites with PHP v5.4.0 and above.

6.7.1 2018-05-22
  • Current Release = Released: 22nd May, 2018 - Release Notes

  • (v.1) ADDED: [PRO] Admin Notes feature - you can add notes to the Shield plugin in the Insights Dashboard.

  • (v.1) FIXED: A few bugs with the Insights Dashboard.

  • (v.0) ADDED: A simple test cron to demonstrate whether your site crons are running.

  • (v.0) ADDED: [PRO] Full support for new WordPress GDPR Privacy Policy controls for exporting and erasing data.

  • (v.0) ADDED: [PRO] New GDPR guided wizard for exporting/erasing particular data based on custom search results.

  • (v.0) CHANGED: Guided Wizards now load through WP admin to fix ajax problems for poorly configured SSL on some sites

  • (v.0) IMPROVED: Upgraded Bootstrap library to 4.1.1.

  • (v.0) IMPROVED: Compatibility with AIO Events Cal - they like to force their old Twig libraries on everyone else.

Note: The Insights Dashboard is only available on sites with PHP v5.4.0 and above.

6.7.0 2018-05-21
  • Current Release = Released: 21st May, 2018 - Release Notes

  • (v.0) ADDED: All-New Insights Dashboard providing a high-level overview of your site security, with recommendations.

  • (v.0) ADDED: Helpful, explanatory videos directly into the Guided Welcome Wizard.

  • (v.0) ADDED: A simple test cron to demonstrate whether your site crons are running.

  • (v.0) ADDED: [PRO] Full support for new WordPress GDPR Privacy Policy controls for exporting and erasing data.

  • (v.0) ADDED: [PRO] New GDPR guided wizard for exporting/erasing particular data based on custom search results.

  • (v.0) CHANGED: Guided Wizards now load through WP admin to fix ajax problems for poorly configured SSL on some sites

  • (v.0) IMPROVED: Upgraded Bootstrap library to 4.1.1.

  • (v.0) IMPROVED: Compatibility with AIO Events Cal - they like to force their old Twig libraries on everyone else.

Note: The Insights Dashboard is only available on sites with PHP v5.4.0 and above.

6.6.8 2018-05-04
  • Current Release = Released: 4th May, 2018

  • (v.8) IMPROVED: Add GDPR-compliant Privacy Policy checkboxes to mailing list sign-up forms.

  • (v.8) ADDED: Introduction video to the Guided Setup Wizard.

6.6.7 2018-05-02
  • Current Release = Released: 2nd May, 2018

  • (v.7) IMPROVED: reCAPTCHA JS is only included on pages where it's actually used by Shield.

  • (v.7) IMPROVED: Upgrade Bootstrap library to 4.1.0.

  • (v.7) IMPROVED: Include jQuery for the plugin badge as required

6.6.6 2018-04-19
  • Current Release = Released: 19th April, 2018 - Release Notes

  • (v.6) ADDED: Small exclusion in the firewall for a jetpack parameter.

  • (v.6) ADDED: SVGs to the default list of files scanned by the plugin guard.

  • (v.6) ADDED: Workaround for a ridiculous NGG bug.

6.6.4 2018-04-07
  • Current Release = Released: 6th April, 2018 - Release Notes

  • (v.1-4) FIXED: Various small fixes and improvements

  • (v.4) FIXED: PHP Fatal Error on wp object cache.

  • (v.0) NEW: [PRO] Keyless Activation of Pro licenses.

  • (v.0) ADDED: WordPress Password Policies.

  • (v.0) ADDED: Pwned Passwords Detection.

  • (v.0) IMPROVED: Major rewrite of plugin AJAX handling.

  • (v.0) IMPROVED: Notices to indicate the time of the last scans.

  • (v.0) FIXED: A few bugs

6.6.3 2018-03-30
  • Current Release = Released: 30th March, 2018 - Release Notes

  • (v.1-3) FIXED: Various small fixes and improvements

  • (v.0) NEW: [PRO] Keyless Activation of Pro licenses.

  • (v.0) ADDED: WordPress Password Policies.

  • (v.0) ADDED: Pwned Passwords Detection.

  • (v.0) IMPROVED: Major rewrite of plugin AJAX handling.

  • (v.0) IMPROVED: Notices to indicate the time of the last scans.

  • (v.0) FIXED: A few bugs

6.6.2 2018-03-22
  • Current Release = Released: 22nd March, 2018 - Release Notes

  • (v.1-2) FIXED: Various small fixes and improvements

  • (v.0) NEW: [PRO] Keyless Activation of Pro licenses.

  • (v.0) ADDED: WordPress Password Policies.

  • (v.0) ADDED: Pwned Passwords Detection.

  • (v.0) IMPROVED: Major rewrite of plugin AJAX handling.

  • (v.0) IMPROVED: Notices to indicate the time of the last scans.

  • (v.0) FIXED: A few bugs

6.6.0 2018-03-19
  • Current Release = Released: 19th March, 2018 - Release Notes

  • (v.0) NEW: [PRO] Keyless Activation of Pro licenses.

  • (v.0) ADDED: WordPress Password Policies.

  • (v.0) ADDED: Pwned Passwords Detection.

  • (v.0) IMPROVED: Major rewrite of plugin AJAX handling.

  • (v.0) IMPROVED: Notices to indicate the time of the last scans.

  • (v.0) FIXED: A few bugs

6.5.0 2018-03-05
  • Current Release = Released: 5th March, 2018 - Release Notes

  • (v.0) IMPROVED: Plugin Guard better handles the case where a plugin/theme has been entirely renamed/removed.

  • (v.0) IMPROVED: Attempts to access the XML-RPC system when it's disabled will now trigger the blacklist transgressions counter.

  • (v.0) IMPROVED: Try to prevent black listing the server's own public IP address where visitor IP address detection is not correctly configured.

  • (v.0) ADDED: [PRO] Provisional support for not processing 2FA logins for Woocommerce Social Login plugin.

  • (v.0) FIXED: Plugin Guard better handles ignoring non-WordPress.org Plugins/Themes

  • (v.0) FIXED: A few small bugs

6.4.4 2018-02-27
  • Current Release = Released: 26th February, 2018 - Release Notes

  • (v.1-4) FIXED: Various Fixes

  • (v.0) ADDED: [PRO] New Scanner to detect file changes for active plugins and themes

  • (v.0) IMPROVED: Automatic updates for vulnerable plugins ignores automatic updates delay setting

  • (v.0) CHANGED: Email notifications for scanners will now link to the Wizard where possible, instead of listing files.

6.4.3 2018-02-26
  • Current Release = Released: 26th February, 2018 - Release Notes

  • (v.3) FIXED: Various Fixes

  • (v.0) ADDED: [PRO] New Scanner to detect file changes for active plugins and themes

  • (v.0) IMPROVED: Automatic updates for vulnerable plugins ignores automatic updates delay setting

  • (v.0) CHANGED: Email notifications for scanners will now link to the Wizard where possible, instead of listing files.

6.4.2 2018-02-26
6.4.1 2018-02-26
  • Current Release = Released: 26th February, 2018 - Release Notes

  • (v.1) ADDED: [PRO] New Scanner to detect file changes for active plugins and themes

  • (v.1) IMPROVED: Automatic updates for vulnerable plugins ignores automatic updates delay setting

  • (v.1) CHANGED: Email notifications for scanners will now link to the Wizard where possible, instead of listing files.

6.4.0 2018-02-26
  • Current Release = Released: 26th February, 2018 - Release Notes

  • (v.0) ADDED: [PRO] New Scanner to detect file changes for active plugins and themes

  • (v.0) IMPROVED: Automatic updates for vulnerable plugins ignores automatic updates delay setting

  • (v.0) CHANGED: Email notifications for scanners will now link to the Wizard where possible, instead of listing files.

6.3.3 2018-02-21
  • Current Release = Released: 21st February, 2018 - Release Notes

  • (v.3) FIXED: Bug with automatic updates delay processing

6.3.2 2018-02-19
  • Current Release = Released: 19th February, 2018 - Release Notes

  • (v.2) CHANGED: Changed text that seems to cause servers to swallow-up emails. See here for more reliable email

6.3.1 2018-02-12
  • Current Release = Released: 12th February, 2018 - Release Notes

  • (v.0) ADDED: [PRO] Automatic updates stability delay

  • (v.0) IMPROVED: Complete plugin UI rebuild, using the new Bootstrap 4.

  • (v.0) FIXED: A few bugs with Google Authenticator.

  • (v.1) FIXED: Options page javascript to work around conflicts.

6.3.0 2018-02-12
  • Current Release = Released: 12th February, 2018 - Release Notes

  • (v.0) ADDED: [PRO] Automatic updates stability delay

  • (v.0) IMPROVED: Complete plugin UI rebuild, using the new Bootstrap 4.

  • (v.0) FIXED: A few bugs with Google Authenticator.

6.2.2 2018-02-02
  • Current Release = Released: 2nd February January, 2018 - Release Notes

  • (v.2) FIXED: Fix for IP Manager PHP error.

  • (v.2) IMPROVED: Two-factor verification email.

6.2.1 2018-02-01
  • Current Release = Released: 1st February January, 2018 - Release Notes

  • (v.1) FIXED: Bug where administrator login email notification setting is not being honoured.

  • (v.1) IMPROVED: If a site is having trouble with database creation, User Sessions wont lock you out.

  • (v.0) IMPROVED: Major overhaul of the Shield User Sessions system.

  • (v.0) IMPROVED: Link the Security Admin authentication with the new Sessions system.

  • (v.0) IMPROVED: Major overhaul to plugin's user meta data storage, limiting to a single DB entry for all data.

  • (v.0) ADDED: [PRO] Ability to increase frequency of file system scans up to once every hour.

  • (v.0) ADDED: [PRO] Add a remember me option, allowing users to skip Multi-factor authentication for a set number of days.

6.2.0 2018-01-31
  • Current Release = Released: 31st January, 2018 - Release Notes

  • (v.0) IMPROVED: Major overhaul of the Shield User Sessions system.

  • (v.0) IMPROVED: Link the Security Admin authentication with the new Sessions system.

  • (v.0) IMPROVED: Major overhaul to plugin's user meta data storage, limiting to a single DB entry for all data.

  • (v.0) ADDED: [PRO] Ability to increase frequency of file system scans up to once every hour.

  • (v.0) ADDED: [PRO] Add a remember me option, allowing users to skip Multi-factor authentication for a set number of days.

6.1.1 2018-01-17

Latest Release = Released: 17th January, 2018

  • (v.1) FIXED: Verify link missing from the two-factor authentication verification email.
6.1.0 2018-01-15

Latest Release = Released: 15th January, 2018 Release Notes

  • (v.0) ADDED: 3x more Shield Wizards: Multi-factor Authentication, Core File Scanning, Unrecognised File Scanning.
  • (v.0) ADDED: You can now use regular expressions for file exclusions in the 'Unrecognised File Scanner'.
  • (v.0) CHANGED: File Scanner email notifications now link to the appropriate scanner wizard directly.
  • (v.0) IMPROVED: Plugin options pages restyling.
  • (v.0) IMPROVED: Plugin refactoring and improvements.
6.0.0 2017-12-18

Latest Point Release = Released: 18th December, 2017

  • (v.0) ADDED: All-new Shield Welcome and Setup Wizard - more helpful guided wizards to come.
  • (v.0) ADDED: [PRO] Shield options import and export
  • (v.0) ADDED: [PRO] In conjunction with import/export - Shield Security Network: automated options syncing.
  • (v.0) CHANGED: Going forward, new features and options will support only PHP 5.4+. Existing features will remain unaffected.
5.20.1 2017-12-11

Latest Point Release = Released: 11th December, 2017

  • (v.1) FIXED: File include error.
  • (v.0) IMPROVED: [PRO] Audit Trail length is configurable. Length for free is 50 entries (the original unpaginated limit)
  • (v.0) IMPROVED: Large redesign of options sections to be more intuitive and cleaner
  • (v.0) IMPROVED: Added dedicated help section for each module.
  • (v.0) IMPROVED: Certain modules have an new Actions centre, such a Audit Trail viewer and User Sessions manager
  • (v.0) IMPROVED: Audit Trails are now ajax-paginated. You can browse through all your audit trail entries
  • (v.0) IMPROVED: User session tables are also ajax-paginated.
5.0.0 2016-03-01

Latest Point Release = Released: 1st March, 2016

  • (v.0) NEW: WordPress Simple Firewall plugin has been re-branded and is called Shield
  • (v.0) ADDED: Support for this plugin is now Premium. Added Premium Support page that links to Helpdesk.
  • (v.0) ADDED: NEW feature - Google ReCaptcha for Comment SPAM and Login protection.
  • (v.0) CHANGED: Refactor of comment spam code.
  • (v.0) CHANGED: Core File Scanner now handles the odd Hungarian distribution.
4.17.0 2016-02-17

Latest Point Release = Released: 1st February, 2016

  • (v.0) ADDED: NEW feature - Google Authenticator Login option.
  • (v.0) ADDED: Core File Scanner now includes an automatic link to repair files (you must be logged in as admin for this link to work!).
  • (v.0) ADDED: NEW - if you already have a logged-in session and you open the login screen, you'll be provided with a link to go straight to the admin area.
  • (v.0) CHANGED: Email-based Two-Factor Authentication is now stateless/session-less - it will not check validity per-page load.
  • (v.0) CHANGED: Changes to the email-based authentication system - now only 1 option and it no longer locks to IP or browser.
  • (v.0) CHANGED: Various efficiency improvements including reduced SQL updates.
  • (v.0) CHANGED: Email system is improved and now send emails from the default WordPress sender. This may be changed with filter.
4.0.0 2014-09-30
  • ADDED: New Feature - Audit Trail
  • ADDED: Audit Trail options include: Plugins, Themes, Email, WordPress Core, Posts/Pages, WordPress Simple Firewall
  • FIXED: Full and proper cleanup of plugin options, crons, and databases upon deactivation.
  • REMOVED: Firewall Log. This is no longer an option and is instead integrated into the "WordPress Simple Firewall" Audit Trail.
3.5.5 2014-09-22
  • ADDED: Better admin notifications for events such as options saving etc.
  • CHANGE: Some plugin styling to highlight features and options better.
  • FIXED: Small bug with options default values.
3.0.0 2014-06-26
  • FEATURE: User Management. Phase 1 - create user sessions to track current and attempted logged in users.
  • CHANGED: MASSIVE plugin refactoring for better performance and faster, more reliable future development of features
  • ADDED: Obscurity Feature - ability to remove the WP Generator meta tag.
  • ADDED: ability to change user login session length in days
  • ADDED: ability to set session idle timeout in hours
  • ADDED: ability to lock session to a particular IP address (2-factor auth by IP is separate)
  • ADDED: ability to view active user sessions
  • ADDED: ability to view last page visited for active sessions
  • ADDED: ability to view last active time for active sessions
  • ADDED: ability to view failed or attempted logins in the past 48hrs
  • ADDED: Support for GASP login using WooCommerce
  • CHANGED: Admin Access Restriction now has a separate options/feature page
  • CHANGED: Admin styling to better see some selected options
  • ADDED: Support for WP Wall shoutbox plugin (does no GASP comment checks)
  • CHANGED: Removed support for upgrading from versions prior to 2.0
  • CHANGED: Removed support for importing from Firewall 2 plugin - to import, manually install plugin v2.6.6, import settings, then upgrade.
2.6.6 2014-06-17
  • FIX: Improved compatibility with bbPress.
2.0.0 2013-11-05
  • ADDED: Localization capabilities. All we need now are translators! Go here to get started.
  • ADDED: Option to mask the WordPress version so the real version is never publicly visible.
1.9.2 2013-11-03
  • CHANGED: Simplified the automatic WordPress Plugin updates into 1 filter for consistency
1.0 2013-07-09
  • First Release

=