The Plugin & Theme Guard For WordPress

February 22, 2018 by Paul G. | Blog, Features, Shield Pro

Keeping your WordPress sites secure is a never-ending game of cat and mouse.

100% protection against intrusion is impossible. We can do our best to stop it, but we must be ready to deal with any intrusions once they occur.

Shield Security already has several scanners that detect and repair alterations to your WordPress filesystem.

These include:

detecting and repairing any changes to Core WordPress files.
detecting and removing any files in your Core WordPress folders that are not part of WordPress.

So it looks like we have your WordPress Core covered.

But of course, WordPress is more than just its core files.

Making A Stand To Protect WordPress Plugins and Themes

It’s quite common for site hacks to involve quiet changes to scripts witin your plugins and theme folders that can go unnoticed for months.

These are nearly impossible to detect without some sort of automatic scanning.

So with Shield Security, we’re introducing a brand new scanner that guards against unauthorized changes to your plugins and theme files. It’ll alert you as soon as it detects any changes.

It’s important to understand what this scanner IS and what it IS NOT.

To Help with these, we’ve provided a full explanatory video (below).

Please note that the UI featured in the video demonstrating the Plugin & Theme Guard scanner may differ from the current interface due to updates and improvements made after the time of recording.

Plugins & Themes Guard Explanatory Video

Plugin & Theme Guard: What It Is Not

It is not a malware scanner – it does not detect the presence of malware on your site.

Plugin & Theme Guard: What It Is

It is a change-detection system which is a part of the Automatic WordPress File Scanner.

The Guard will take a “snapshot” of your files, and, if they are modified in any way, deleted, or new files are added, the Guard will alert you.

The Guard does not care about what these changes are, whether they’re good, bad, intended, or unintentional. It only cares about changes.

If there’s a change, you will be notified.

The Guard: Important Notes

The Guard only monitors active plugins and themes. If a plugin or theme is installed, but remains deactivated, it will not be monitored.
The Guard will also monitor the Parent theme, if you’re using a Child theme.
The Guard does not take a snapshot when you install a plugin, but only when you activate it. (If you deactivate it, monitoring for that plugin will stop).
The Guard will update its snapshot if you use WordPress to install, update or re-install a plugin or theme.
- If you update a plugin or theme outside of WordPress e.g. using FTP, this will cause the Guard to alert you. The Guard doesn’t know anything about FTP. It only understands changes you make using WordPress.
- The Guard understands updates made by iControlWP and will update its snapshot correctly.
The Guard will send alerts for changes made using WordPress’ built-in Editors. This is by-design.

When Does The Scanner Run?

The Guard’s scanner runs once every 24hrs using the WordPress Cron.

You can of course increase the frequency using the scan frequency setting with Shield.

Understanding the File Scan Areas

As you can imagine, scanning the file system for changes can be resource intensive.

To strike a balance between resource usage and protection, the Guard will only scan and monitor the scan areas you select in the settings.

You must understand that increasing the scan areas will cause processing times and resource usage to increase. It is up to you to decide which level of protection you want vs resource allocation.

The Guard: How To Handle Changes

The results of the scanner can be accessed only through the Scan Results section. This is the only way to respond to alerts sent from the Guard.

You will be presented with a clear list of all changes that have been detected. It is your role as the security administrator to decide whether these changes are “ok”, or whether they must be cleaned.

Shield Security can’t make this decision for you.

For plugins, your options include:

Re-install / Upgrade. Shield will attempt to re-install (and potentially upgrade if an update is available) a plugin. This is available for plugins from WordPress.org and premium plugins and themes.
Repair. Shield can immediately repair the affected plugin
Delete. Shield can’t repair unrecognised/unidentified plugin/theme files. You can do that manually only.
Ignore Changes. If you feel that the changes detect are legitimate, you can ignore them. Shield wont alert you to these changes again.

For themes, your options include just as with plugins above.

You can make manual modifications in response to the scanner, using FTP for example, and then re-scan your site.

Requirements For The Plugins & Theme Guard

Shield Security 17+
PHP Version 7.2+
WordPress 5.7+
Shield Pro – upgrade here

Please note that as of Shield v17, we’ve dropped support for PHP 7.0 and 7.1. In order to run Shield and this scanner, your web hosting will need to run at least PHP 7.2+.

Comments and Questions?

As always, we’re open to feedback and suggestions. Please feel free to leave your comments below.

Thank you for your support!

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials

@fredvandenheuvel

Absolutely the best Security Plugin for WordPress!

This is absolutely the best Security Plugin for WordPress! I would recommend this to everybody with a WordPress-site. For just $1 per month you get the best protection for your website. And the best personal support! Don’t hesitate, just protect your website with Shield Security.

@newels

Good work

@alityfunding

Excellent plugin

Thanks for this plugin.

@wongpk

Nicely layout plugin

Very easy to use security plugins. Unlike any other plugins with bunch of security term and complicated layout. Struggle with some features (might not be for me), overall good experience with the plugin.

Comments (3)

Robert Diaz

February 22, 2018 6:17 pm

Thanks for the video tutorial, it does a much better job at explaining the functionality than text and screenshots. Next time ensure the volume is up.

Paul G.

February 22, 2018 6:21 pm

Great, glad you liked it. And thanks for the feedback on the volume. We may be able to re-release it with higher volume, so thanks for sharing your thoughts! 🙂