For a long time now our Shield Security plugin has had a unique ability to protect itself from intruders. We called this module ‘Security Admin’.
We’ve been working on extending this feature so that you may in-fact lock down certain elements of your WordPress site, not just your security plugin, from other Administrators. This in-effect will make the administrator of the security plugin a “Super Administrator”.
What does Security Admin feature do?
The Security Admin feature of our Shield Security plugin is unique among WordPress plugin in that it allows you to not only setup your WordPress site security, but it allows you to secure the very plugin that implements this security.
Think of it like you’ve wrapped a padlock-chain around your website. It’s very secure now, but the padlock is exposed. Admin Access Restriction jams glue into the padlock preventing any one from getting to the lock itself to undo your chains.
We highly recommend you enforce this feature on all sites where you use our plugin.
What are the new extensions to the Security Admin feature?
With these extensions, you will be able to lock down admins, plugins, themes, posts, and pages.
When you use the admin access restriction module, you will have the added option to select certain, key actions relating to these areas and prevent any other users, even administrators, from accessing them.
What does this mean? It means, for example, if you were to restrict plugin updates, no other user except an administrator with the Admin Access PIN may perform any actions on your site pertaining to plugin updates.
What exactly can be restricted?
With the Shield Security plugin, the follow areas and associated actions may be restricted:
- This will restrict the ability of WordPress administrators from creating, modifying or promoting other administrators.
- Activate – restricts plugin activation/deactivation
Note: Enabling ‘Activate’ restriction will restrict all other plugin actions
- Update – restricts plugin updates
- Install – restricts installation of plugins
- Delete – restricts deletion of plugins
- Activate – restricts theme activation/deactivation
- Edit Theme Options – restricts editing key Theme options
Note: Enabling ‘Activate’ and ‘Edit Theme Options’ restrictions will restrict all other plugin actions
- Update – restricts theme updates
- Install – restricts installation of themes
- Delete – restricts deletion of themes
Posts & Pages
- Create / Edit – restricts the creating of drafts and editing of any posts and pages
- Publish – restricts the publishing of any new posts and pages drafts
- Delete – restricts deletion and undelete of posts and pages
How to access this feature
These are extensions to the Security Admin feature and may only be enabled for sites where admin access is active or activated.
Please see the screenshot below for how to access this:
What do you think?
Let us know what you think of this feature in the comments below – we’re keen to here your thoughts on this and what more you’d like to see in the plugin.
Being buried alive with constant hacker requests, to not being buried alive.
OK, from seeing at least 50 plus lockouts a day to none in 6 hours: is pretty damned good, and it’s all due to this Plugin. To originally combat the Hacker Bots that I was seeing in the “Limit Login Attempts Reloaded” logs, I ran a hapless plugin that changed…
Fast, quick, clear ! … and free !
wonderful plugin – for all sites I manage
Great plug-in I use for managing all sites. Every version of the plug-in gets better and better. I have been using it for at least a year now. Support is fast – and always helpful. Also love WorpDrive for backups.
Excellent addition for wordpress security
This little plugin works wonders. I would HIGHLY recommend this to anyone looking to protect against Bots/BruteForce attacks. SimpleFirewall also has other options I’m not listing here that protect against other instances and enhance protection. Jack Nance