Author

Paul G.

Paul Goodchild is the founder and CEO of Shield Security for WordPress – a best-in-class security plugin for the protection of critical WordPress-based websites and businesses.

Paul focuses on security features that deliver realworld results for client through the prevention of security breaches before they can happen. Prevention is preferrable over busy-security-work that sees you putting out fires and cleaning up your sites after an infection has taken hold.

Paul maintains that while a security plugin for WordPress is absolutely crucial, “security” is a practice and must involve your entire website and WordPress hosting environment, including your own local device security and security hygiene.

Paul Goodchild Profile Picture

Latest blogs from Paul

ShieldNOTES
June 22, 2026 by Paul G.

WordPress Plugin Vulnerabilities & the Hidden OptinMonster CDN Attack: Detect What Others Miss

Critical WordPress vulnerabilities, the OptinMonster CDN supply chain attack, and how Shield uncovers the malware that traditional security tools can't detect.

Continue Reading →
Monster vs Shield
June 18, 2026 by Paul G.

Why the OptinMonster CDN Attack Is a Case for On-Site WordPress Security

On 12 June 2026, a compromised CDN credential turned OptinMonster and TrustPulse into malware delivery vehicles targeting WordPress admins. Cloudflare couldn't stop it. A WAF couldn't stop it. We look at why on-site WordPress security is the layer that actually matters here, and what Shield is building next to catch an attack technique most security tools can't even see.

Continue Reading →
ShieldNOTES
June 15, 2026 by Paul G.

20 Critical WordPress Vulnerabilities to Fix This Week

New WordPress plugin and theme vulnerabilities this week. Check the top risks, severity scores, fixes, and hardening solutions to keep your site secure.

Continue Reading →
ShieldNOTES
June 9, 2026 by Paul G.

OttoKit, WPvivid, Blocksy, and More WordPress Vulnerabilities & Lock Down App Permissions

Fresh WordPress plugin and theme vulnerabilities landed this week, some critically severe. Time to update, and time to restrict your connected tool access.

Continue Reading →
Mandate App Security Release Feature Image
June 2, 2026 by Paul G.

Introducing Mandate App Security – Scope What Your Connected Tools Can Do in WordPress

Mandate App Security is a new WordPress plugin that narrows what a connected tool can do after it authenticates with an Application Password. You choose which capabilities to allow, and Mandate enforces that scope on every request the password makes. It's built for sites connecting to AI tools, automation platforms, REST API clients, and MCP connectors.

Continue Reading →
ShieldNOTES
June 1, 2026 by Paul G.

No Rest for WordPress: ACF Extended Critical & A Notice From Shield’s Team

ACF Extended joins the list of critically vulnerable WordPress plugins, and Shield Security is ending PHP 7.4 support. Here is what you need to know.

Continue Reading →
Shield Security Feature Image: Dropping support for PHP 7.4
May 28, 2026 by Paul G.

Why Shield Security is Dropping PHP 7.4 Support

PHP 7.4 has been without a security patch since November 2022, and the consequences are now catching up with plugins that depend on it. Shield Security's next major release will require PHP 8.2 as a minimum. Here's why the change is necessary and what you need to do before it arrives.

Continue Reading →
ShieldNOTES
May 26, 2026 by Paul G.

High BookingPress Pro Risk, npm Attacks, and WordPress Breach Recovery

High BookingPress Pro flaws, npm supply chain attacks, and active plugin exploits put WordPress sites at risk. See affected plugins and breach recovery tips.

Continue Reading →
Shield Security New Release
May 20, 2026 by Paul G.

WP Shield Security PRO – Release 22.0

ShieldPRO 22.0 is one of our most ambitious releases yet. It completely transforms your relationship with WordPress security by always guiding you towards the issues that need your most attention when you need it.

Continue Reading →
ShieldNOTES
May 18, 2026 by Paul G.

Critical WordPress Plugin Vulnerabilities: Burst Statistics & What Hardening Really Costs

20+ popular vulnerable WordPress plugins and themes this week. Burst Statistics critical flaw, security risks, and what hardening really costs.

Continue Reading →
Click to access the login or register cheese