Shield Security for WordPress - Version 10.1.5

Version Description

Download this release

Release Info

Developer paultgoodchild
Plugin Icon 128x128 Shield Security for WordPress
Version 10.1.5
Comparing to
See all releases

Code changes from version 10.1.4 to 10.1.5

Files changed (5) hide show
  1. cl.json +6 -0
  2. icwp-wpsf.php +1 -1
  3. plugin-spec.php +3 -3
  4. readme.txt +72 -173
  5. src/lib/src/Modules/Plugin/AdminNotices.php +1 -1
cl.json CHANGED
@@ -121,6 +121,12 @@
121
  "title": "Add a new WordPress admin notice for when the Shield plugin version gets too old.",
122
  "description": [],
123
  "patch": "10.1.4"
 
 
 
 
 
 
124
  }
125
  ]
126
  },
121
  "title": "Add a new WordPress admin notice for when the Shield plugin version gets too old.",
122
  "description": [],
123
  "patch": "10.1.4"
124
+ },
125
+ {
126
+ "type": "fixed",
127
+ "title": "Stop notice showing when it's not required.",
128
+ "description": [],
129
+ "patch": "10.1.5"
130
  }
131
  ]
132
  },
icwp-wpsf.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: Shield Security
4
  * Plugin URI: https://shsec.io/2f
5
  * Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6
- * Version: 10.1.4
7
  * Text Domain: wp-simple-firewall
8
  * Domain Path: /languages
9
  * Author: Shield Security
3
  * Plugin Name: Shield Security
4
  * Plugin URI: https://shsec.io/2f
5
  * Description: Powerful, Easy-To-Use #1 Rated WordPress Security System
6
+ * Version: 10.1.5
7
  * Text Domain: wp-simple-firewall
8
  * Domain Path: /languages
9
  * Author: Shield Security
plugin-spec.php CHANGED
@@ -1,8 +1,8 @@
1
  {
2
  "properties": {
3
- "version": "10.1.4",
4
- "release_timestamp": 1607337143,
5
- "build": "202012.0701",
6
  "slug_parent": "icwp",
7
  "slug_plugin": "wpsf",
8
  "human_name": "Shield Security",
1
  {
2
  "properties": {
3
+ "version": "10.1.5",
4
+ "release_timestamp": 1607348838,
5
+ "build": "202012.0702",
6
  "slug_parent": "icwp",
7
  "slug_plugin": "wpsf",
8
  "human_name": "Shield Security",
readme.txt CHANGED
@@ -8,199 +8,98 @@ Requires at least: 3.5.2
8
  Requires PHP: 7.0
9
  Recommended PHP: 7.4
10
  Tested up to: 5.6
11
- Stable tag: 10.1.4
12
 
13
  The highest rated WordPress Security plugin, delivering unparalleled, all-in-one protection for you and your customers.
14
 
15
  == Description ==
16
 
17
- ### The highest rated 5* Security Plugin for WordPress
18
 
19
  Don't *settle* for the same ol' security plugin just because everyone else does.
20
 
21
- You **need** a security plugin that does **all** the heavy lifting for you, and alerts you only when you need to know.
22
-
23
- And when you get an alert, you'll have clear steps to take to solve the problem.
24
-
25
- ### Shield makes Security for WordPress easy
26
 
27
  There's no reason for security to be so complicated.
28
 
29
- Shield is the easiest security plugin to setup - you simply activate it.
30
-
31
- And you can gradually dig deeper, as you're ready.
32
-
33
- #### Trust: Shield Does Exactly What It Says It Will Do
34
-
35
- You've probably been let down in the past, but Shield is the WordPress Security solution that does what it says it'll do - Protect Your Site.
36
-
37
- #### Constant notifications are not okay. You're already busy!
38
-
39
- Receiving constant alerts from your security plugins isn't "security". It's just noise. By the time you receive a notification and respond to it, it's already too late.
40
-
41
- Instead, Shield Security does it what it needs to do, and alerts you if and when you need to informed.
42
-
43
- Shield is your Silent Guardian. It doesn't squawk at you every time a visitor presses against your defenses.
44
-
45
- It'll do *its job* without moaning at you, and leave you in peace to get on with *your job*.
46
-
47
- #### You're not alone, and there's no risk to test it out.
48
-
49
- You can try out Shield alongside any other security plugins, and it [comes highly recommended](https://wordpress.org/support/plugin/wp-simple-firewall/reviews/)
50
- - it has the highest average rating for any WP Security plugin.
51
-
52
- Easy-to-setup, but powerful protection blocks attacks and suspicious activity, but won't lock you out.
53
-
54
- Shield is the must-have, free Security Solution for all your WordPress sites.
55
-
56
- = Shield Features You'll Absolutely Love =
57
-
58
- * Beautiful, Easy-To-Use Guided Wizards - help you configure Shield and run scans like a Pro
59
- * Limit Login Attempts / Block Automatic Brute-Force Bots - all automatically
60
- * Powerful Core File Scanners - automatically detects malicious file changes and hacks you'd never see
61
- * Automatic IP Black List - no need for you to manage IPs!
62
- * 2-Factor Authentication - including Google Authenticator and Email
63
- * Block 100% Automated Comments SPAM
64
- * Audit Trail & User Activity Logging
65
- * reCAPTCHA
66
- * Firewall
67
- * Security Admin Users
68
- * Block REST API / XML-RPC
69
- * HTTP Headers
70
- * Automatic Updates Control
71
- * and much, much more...
72
-
73
- > <strong>Don't Leave Your Site At Risk</strong><br />
74
- > If your site is vulnerable to attack, you're putting your business and your reputation at serious risk. Getting hacked can mean you're locked out of your site, client data stolen, your website defaced or offline, and Google *will* penalise you.
75
- >
76
- > Why take the risk?
77
- >
78
- > Download and install Shield now for FREE so that you have the most powerful WordPress security system working for you and protecting your site.
79
-
80
- = The New Shield Pro =
81
-
82
- From November 2017, Shield Security now has a Pro version for those that need to take their Security to the next level.
83
-
84
- > <strong>The Pro Extras</strong>:
85
- >
86
- > 1. Exclusive customer email support.
87
- > 1. Plugin Vulnerability Scanner.
88
- > 1. Plugin / Themes Hack Detection Scanner.
89
- > 1. More Frequent Scans - as often as every hour.
90
- > 1. Protection for your WooCommerce customers (incl. Easy Digital Downloads & BuddyPress)
91
- > 1. Remember-Me 2-Factor Authentication.
92
- > 1. Powerful Password Policies.
93
- > 1. Import/Export of options across sites.
94
- > 1. Improved Audit Trail logging
95
- > 1. Exclusive early access to new security features
96
- > 1. Text customisations for your visitors.
97
- > 1. No manual Pro plugin downloads - we handle this all for you automatically.
98
- > 1. No license keys to manage - it's all automatic!
99
- > 1. (coming soon) White Labelling
100
- > 1. (coming soon) Statistics and Reporting
101
- > 1. (coming soon) Select individual automatic plugin updates
102
-
103
- ### Dedicated Premium Support
104
 
105
  The Shield Security team prioritises email technical support over the WordPress.org forums.
106
  Individual, dedicated technical support is only available to customers who have [purchased Shield Pro](https://shsec.io/ab).
107
 
108
  Discover all the perks turning your security Pro at [our Shield Security store](https://shsec.io/ab).
109
 
110
- = Our Mission =
111
-
112
- All the great features of how Shield protects your sites and your customers data are set out below in detail, but there are a few things about us, that you should know first:
113
-
114
- * We're on a mission to liberate people who manage websites from unnecessarily repetitive work, and by 2022 we want to
115
- be saving our clients over 62.5 million hours per year (and we'd love you to join us in our quest)
116
- * We have three rules that apply to everything we do, and you'll see these when you use our products or contact us for help:
117
-
118
- 1. We make everything as simple and easy-to-use as possible (and no simpler!).
119
- 1. We're reliable – we make sure our products do what they promise.
120
- 1. We take ownership for resolving problems - we will solve the problem, or point you towards the solution.
121
-
122
- So, read on for the detail, or start protecting yourself, *your clients and your clients' customers* immediately by
123
- downloading and installing Shield now
124
-
125
- = What makes the Shield different? =
126
-
127
- * Powerful free security protection.
128
- * Easy-To-Setup User Interface.
129
- * It won't break your website - you'll never get that horrible,
130
- pit-of-your stomach feeling you get with other security plugins when your website doesn't load anymore.
131
- * Super Admin Security - the *only* WordPress Security Plugin that protects against tampering.
132
- * Exclusive membership to a private security group where you can learn more about WordPress security.
133
-
134
- = Super Admin Security Protection =
135
- The **only** WordPress security plugin with a WordPress-independent security key to protect itself. [more info](https://shsec.io/wpsf05)
136
-
137
- = Audit Trail Activity Monitor =
138
- With the Audit Trail you can review all major actions that have taken place on your WordPress site, by all users.
139
-
140
- = Firewall Protection =
141
- Blocks all web requests to the site that violate the firewall security rules! [more info](https://shsec.io/wpsf06)
142
-
143
- = Brute Force Login Guard and Two-Factor Authentication =
144
- Provides effective security against Brute Force Hacking and email based Two-Factor Authenticated login. [more info](https://shsec.io/wpsf07)
145
-
146
- = Comment SPAM (Full replacement and upgrade from Akismet) =
147
- Blocks **ALL** automatic Bot-SPAM, and catches Human Comments SPAM without sending data to 3rd parties or charging subscription fees. [more info](https://shsec.io/wpsf08)
148
-
149
- = FABLE - Fully Automatic Black Listing Engine =
150
- No more manual IP Black lists. This plugin handles the blocking of IP addresses for hosts that are naughty.
151
-
152
- = WordPress Lock Down =
153
- Numerous security and protection mechanisms to lock down your WordPress admin area, such as blocking file edits and enforcing SSL.
154
-
155
- = Automatic Updates =
156
- Take back control of your WordPress Automatic Updates.
157
-
158
- [youtube http://www.youtube.com/watch?v=r307fu3Eqbo]
159
-
160
- = Login and Identity Security Protection - Stops Brute Force Attacks =
161
-
162
- Note: Login Guard is a completely independent feature to the Firewall.
163
-
164
- With the Login Guard this plugin will single-handedly prevent brute force login attacks on all your WordPress sites.
165
-
166
- It doesn't need IP Address Ban Lists (which are actually useless anyway), and instead puts hard limits on your WordPress site,
167
- and force users to verify themselves when they login.
168
-
169
- Three core security features provide layers to protect the WordPress Login system.
170
-
171
- 1. [Email-based 2-Factor Login Authentication](https://shsec.io/2v) based on IP address! (prevents brute force login attacks)
172
- 1. [Login Cooldown Interval](https://shsec.io/2t) - WordPress will only process 1 login per interval in seconds (prevents brute force login attacks)
173
- 1. [GASP Anti-Bot Login Form Protection](https://shsec.io/2u) - Adds 2 protection checks for all WordPress login attempts (prevents brute force login attacks using Bots)
174
-
175
- These options alone will protect and secure your WordPress sites from nearly all forms of Brute Force login attacks.
176
-
177
- And you hardly need to configure anything! Simply check the options to turn them on, set a cooldown interval and you're instantly protected.
178
-
179
- = SPAM and Comments Filtering =
180
-
181
- As of version 1.6, this plugin integrates [GASP Spambot Protection](http://wordpress.org/plugins/growmap-anti-spambot-plugin/).
182
-
183
- We have taken this functionality a level further and added the concept of unique, per-page visit, Comment Tokens.
184
-
185
- **Comment Tokens** are unique keys that are created every time a page loads and they are uniquely generated based on 3 factors:
186
-
187
- 1. The visitors IP address.
188
- 1. The Page they are viewing
189
- 1. A unique, random number, generated at the time the page is loaded.
190
-
191
- This is all handle automatically and your users will not be affected - they'll still just have a checkbox like the original GASP plugin.
192
 
193
- These comment tokens are then embedded in the comment form and must be presented to your WordPress site when a comment is posted. The plugin
194
- will then examine the token, the IP address from which the comment is coming, and page upon which the comment is being posted. They must
195
- all match before the comment is accepted.
196
 
197
- Furthermore, we place a cooldown (i.e. you must wait X seconds before you can post using that token) and an expiration on these comment tokens.
198
- The reasons for this are:
199
 
200
- 1. Cooldown means that a spambot cannot load a page, read the unique comment token and immediately re-post a comment to that page. It must wait
201
- a while. This has the effect of slowing down the spambots, and, if the spambots get it wrong, they've wasted that token - as tokens can only
202
- be used once.
203
- 1. Expirations mean that a spambot cannot get the token and use it whenever it likes, it must use it within the specfied time.
204
 
205
  This all combines to make it much more difficult for spambots (and also human spammers as they have to now wait) to work their dirty magic :)
206
 
8
  Requires PHP: 7.0
9
  Recommended PHP: 7.4
10
  Tested up to: 5.6
11
+ Stable tag: 10.1.5
12
 
13
  The highest rated WordPress Security plugin, delivering unparalleled, all-in-one protection for you and your customers.
14
 
15
  == Description ==
16
 
17
+ #### Get the highest rated 5* Security Plugin for WordPress
18
 
19
  Don't *settle* for the same ol' security plugin just because everyone else does.
20
 
21
+ #### Shield makes Security for WordPress easy
 
 
 
 
22
 
23
  There's no reason for security to be so complicated.
24
 
25
+ Shield is the easiest security plugin to setup - you simply activate it and as you learn more, you can tweak the settings to suit your needs best.
26
+
27
+
28
+ #### Non-stop Notifications Are Not Okay.
29
+ Wouldn't it be great if your Security plugin took responsibility and handled problems for you without non-stop email notifications?
30
+
31
+ Shield does exactly this. It's your Silent Guardian.
32
+
33
+ #### Shield Features You'll Absolutely Love =
34
+
35
+ * [Automatic Bot & IP Blocking](https://shsec.io/j0) - points-based system (that you control) to detect bad bots and block them.
36
+ * Block Bot Attacks On Important Forms:
37
+ * Login
38
+ * Registration
39
+ * Password Reset
40
+ * [Limit Login Attempts + Login Cooldown System](https://shsec.io/iw)
41
+ * Powerful Firewall Rules
42
+ * Restricted Security Admin Access
43
+ * [Prevents Unauthorized Changes To Site Even By Admins](https://shsec.io/ix).
44
+ * (2FA) [2-Factor Login Authentication](https://shsec.io/iy):
45
+ * Email
46
+ * Google Authenticator
47
+ * Yubikey
48
+ * [Block XML-RPC](https://shsec.io/iz) (*including* Pingbacks and Trackbacks)
49
+ * Block Anonymous Rest API
50
+ * Block and Bypass IP Addresses
51
+ * [Automatic IP Address Blocking Using Points-Based/Offenses System](https://shsec.io/j0)
52
+ * Block or Bypass individual IPs
53
+ * Block or Bypass IP Subnets
54
+ * Automatic File Scanning
55
+ * Detect File Changes - [Scan & Repair WordPress Core Files](https://shsec.io/j1)
56
+ * [Detect Unknown/Suspicious PHP Files](https://shsec.io/j2)
57
+ * [Create a **Custom Login URL** by hiding wp-login.php](https://shsec.io/j3)
58
+ * Detect (and optionally Block) Comment SPAM.
59
+ * reCAPTCHA & [hCAPTCHA](https://shsec.io/j4) support
60
+ * **Never Block Google**: Automatic Detection and Bypass for GoogleBot, Bing and other Official Search Engines including:
61
+ * Google
62
+ * Bing,
63
+ * DuckDuckGo
64
+ * Yahoo!
65
+ * Baidu
66
+ * Apple
67
+ * Yandex
68
+ * Automatically Detect 3rd Party Services and Prevent Blocking Of:
69
+ * ManageWP / iControlWP / MainWP
70
+ * Pingdom, NodePing, Statuscake, UptimeRobot, GTMetrix
71
+ * Stripe, PayPal IPN
72
+ * CloudFlare, SEMRush
73
+ * Full Audit Trail - [Monitor **All** Site Activity, including](https://shsec.io/j5):
74
+ * All login/registration attempts
75
+ * Plugin and Theme installation, activation, deactivation etc.
76
+ * User creation and promotion
77
+ * Page/Post create, update, delete
78
+ * Advanced User Sessions Control
79
+ * Restrict Multiple User Login
80
+ * Restrict Users Session To IP
81
+ * Block Use Of Pwned Passwords
82
+ * Block User Enumeration (?author=x)
83
+ * Full/Automatic Support for All IP Address Sources including Proxy Support
84
+ * [Full Traffic Log and Request Monitoring](https://shsec.io/j7)
85
+ * [HTTP Security Headers & Content Security Policies (CSP)](https://shsec.io/j6)
86
+
87
+ ### Dedicated Premium Support When You Go PRO
 
 
 
 
 
 
 
 
 
 
 
 
88
 
89
  The Shield Security team prioritises email technical support over the WordPress.org forums.
90
  Individual, dedicated technical support is only available to customers who have [purchased Shield Pro](https://shsec.io/ab).
91
 
92
  Discover all the perks turning your security Pro at [our Shield Security store](https://shsec.io/ab).
93
 
94
+ ## Our Mission
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
95
 
96
+ We're on a mission to liberate people who manage websites from unnecessarily repetitive work by automating as much as possible for you.
 
 
97
 
98
+ We have three rules that apply to everything we do, and you'll see these when you use our products or contact us for help:
 
99
 
100
+ 1. Make everything as simple and easy-to-use as possible (and no simpler!).
101
+ 1. Be reliable we make sure our products do what they promise.
102
+ 1. Take ownership for resolving problems - we will solve the problem if we can, or point you towards the solution.
 
103
 
104
  This all combines to make it much more difficult for spambots (and also human spammers as they have to now wait) to work their dirty magic :)
105
 
src/lib/src/Modules/Plugin/AdminNotices.php CHANGED
@@ -317,7 +317,7 @@ class AdminNotices extends Shield\Modules\Base\AdminNotices {
317
  switch ( $notice->id ) {
318
 
319
  case 'plugin-too-old':
320
- $needed = true||$this->isNeeded_PluginTooOld();
321
  break;
322
 
323
  case 'override-forceoff':
317
  switch ( $notice->id ) {
318
 
319
  case 'plugin-too-old':
320
+ $needed = $this->isNeeded_PluginTooOld();
321
  break;
322
 
323
  case 'override-forceoff':