Paul G.
Paul Goodchild is the founder and CEO of Shield Security for WordPress – a best-in-class security plugin for the protection of critical WordPress-based websites and businesses.
Paul focuses on security features that deliver realworld results for client through the prevention of security breaches before they can happen. Prevention is preferrable over busy-security-work that sees you putting out fires and cleaning up your sites after an infection has taken hold.
Paul maintains that while a security plugin for WordPress is absolutely crucial, “security” is a practice and must involve your entire website and WordPress hosting environment, including your own local device security and security hygiene.
Latest blogs from Paul
WordPress Plugin Vulnerabilities & the Hidden OptinMonster CDN Attack: Detect What Others Miss
Critical WordPress vulnerabilities, the OptinMonster CDN supply chain attack, and how Shield uncovers the malware that traditional security tools can't detect.
Continue Reading →
Why the OptinMonster CDN Attack Is a Case for On-Site WordPress Security
On 12 June 2026, a compromised CDN credential turned OptinMonster and TrustPulse into malware delivery vehicles targeting WordPress admins. Cloudflare couldn't stop it. A WAF couldn't stop it. We look at why on-site WordPress security is the layer that actually matters here, and what Shield is building next to catch an attack technique most security tools can't even see.
Continue Reading →
20 Critical WordPress Vulnerabilities to Fix This Week
New WordPress plugin and theme vulnerabilities this week. Check the top risks, severity scores, fixes, and hardening solutions to keep your site secure.
Continue Reading →
OttoKit, WPvivid, Blocksy, and More WordPress Vulnerabilities & Lock Down App Permissions
Fresh WordPress plugin and theme vulnerabilities landed this week, some critically severe. Time to update, and time to restrict your connected tool access.
Continue Reading →
Introducing Mandate App Security – Scope What Your Connected Tools Can Do in WordPress
Mandate App Security is a new WordPress plugin that narrows what a connected tool can do after it authenticates with an Application Password. You choose which capabilities to allow, and Mandate enforces that scope on every request the password makes. It's built for sites connecting to AI tools, automation platforms, REST API clients, and MCP connectors.
Continue Reading →
No Rest for WordPress: ACF Extended Critical & A Notice From Shield’s Team
ACF Extended joins the list of critically vulnerable WordPress plugins, and Shield Security is ending PHP 7.4 support. Here is what you need to know.
Continue Reading →
Why Shield Security is Dropping PHP 7.4 Support
PHP 7.4 has been without a security patch since November 2022, and the consequences are now catching up with plugins that depend on it. Shield Security's next major release will require PHP 8.2 as a minimum. Here's why the change is necessary and what you need to do before it arrives.
Continue Reading →
High BookingPress Pro Risk, npm Attacks, and WordPress Breach Recovery
High BookingPress Pro flaws, npm supply chain attacks, and active plugin exploits put WordPress sites at risk. See affected plugins and breach recovery tips.
Continue Reading →
WP Shield Security PRO – Release 22.0
ShieldPRO 22.0 is one of our most ambitious releases yet. It completely transforms your relationship with WordPress security by always guiding you towards the issues that need your most attention when you need it.
Continue Reading →
Critical WordPress Plugin Vulnerabilities: Burst Statistics & What Hardening Really Costs
20+ popular vulnerable WordPress plugins and themes this week. Burst Statistics critical flaw, security risks, and what hardening really costs.
Continue Reading →