February 22, 2018 by Paul G. | Blog, Features, Shield Pro

The Plugin & Theme Guard For WordPress

Shield Image

Keeping your WordPress sites secure is a never-ending game of cat and mouse.

100% protection against intrusion is impossible. We can do our best to stop it, but we must be ready to deal with any intrusions once they occur.

Shield Security already has several scanners that detect and repair alterations to your WordPress filesystem.

These include:

  • detecting and repairing any changes to Core WordPress files.
  • detecting and removing any files in your Core WordPress folders that are not part of WordPress.

So it looks like we have your WordPress Core covered.

But of course, WordPress is more than just its core files.

Making A Stand To Protect WordPress Plugins and Themes

It’s quite common for site hacks to involve quiet changes to scripts within your plugins and theme folders that can go unnoticed for months.

These are nearly impossible to detect without some sort of automatic scanning.

So with Shield Security 6.4, we’re introducing a brand new scanner that guards against unauthorized changes to your plugins and theme files. It’ll alert you as soon as it detects any changes.

It’s important to understand what this scanner IS and what it IS NOT.

To Help with these, we’ve provided a full explanatory video:

Plugins & Themes Guard Explanatory Video

Plugin & Theme Guard: What It Is Not

It is not a malware scanner – it does not detect the presence of malware on your site.

Plugin & Theme Guard: What It Is

It is a change-detection system.

The Guard will take a “snapshot” of your files, and, if they are modified in any way, deleted, or new files are added, the Guard will alert you.

The Guard does not care about what these changes are, whether they’re good, bad, intended, or unintentional. It only cares about changes.

If there’s a change, you will be notified.

The Guard: Important Notes

  • The Guard only monitors active plugins and themes. If a plugin or theme is installed, but remains deactivated, it will not be monitored.
  • The Guard will also monitor the Parent theme, if you’re using a Child theme.
  • The Guard does not take a snapshot when you install a plugin, but only when you activate it. (If you deactivate it, monitoring for that plugin will stop).
  • The Guard will update its snapshot if you use WordPress to install, update or re-install a plugin or theme.
    • If you update a plugin or theme outside of WordPress e.g. using FTP, this will cause the Guard to alert you. The Guard doesn’t know anything about FTP. It only understands changes you make using WordPress.
    • The Guard understands updates made by iControlWP and will update its snapshot correctly.
  • The Guard will send alerts for changes made using WordPress’ built-in Editors. This is by-design.

When Does The Scanner Run?

The Guard’s scanner runs once every 24hrs using the WordPress Cron.

You can of course increase the frequency using the scan frequency setting released with Shield 6.2.

Understanding the Depth parameter

As you can imagine, scanning the file system for changes can be resource intensive.

To strike a balance between resource usage and protection, the Guard will only scan and monitor the 1st level of any plugin/theme folder. It doesn’t process any sub-folders.

You can change this default behaviour by specifying the “depth” of the scanner. The default depth is 1 (i.e. 1st level). To protect sub-folders, you can increase the depth parameter.

To protect all levels, you can set the depth to Zero (0).

You must understand that increasing the depth will cause processing times and resource usage to increase. It is up to you to decide which level of protection you want vs resource allocation.

The Guard: How To Handle Changes

The results of the scanner can be accessed only through the scanner Wizard. This wizard is the only way to respond to alerts sent from the Guard.

You will be presented with a clear list of all changes that have been detected. It is your role as the security administrator to decide whether these changes are “ok”, or whether they must be cleaned.

Shield Security can’t make this decision for you.

For plugins, your options include:

  • Re-install / Upgrade. Shield will attempt to re-install (and potentially upgrade if an update is available) a plugin. This is only available for plugins from WordPress.org
  • Deactivate – Shield can immediately deactivate the affected plugin
  • Ignore Changes. If you feel that the changes detect are legitimate, you can ignore them. Shield wont alert you to these changes again.

For themes, your options include:

  • Re-install / Upgrade. Just as with plugins above.
  • Ignore Changes. Just as with plugins above.

You can make manual modifications in response to the scanner, using FTP for example, and then re-scan your site.

Requirements For The Plugins & Theme Guard

  • Shield Security 6.4+
  • PHP Version 5.4+
  • WordPress 4.0+
  • Shield Pro – upgrade here

Since late 2017, we made the decision to develop new features for Shield using PHP 5.4. To learn more about this decision, please see here.

Comments and Questions?

As always, we’re open to feedback and suggestions. Please feel free to leave your comments below.

Thank you for your support!

ShieldPRO Testimonials
@rawrbear's Gravatar @rawrbear

Works like a charm!

Really loving Shield! Easy to use, works like a charm and gives me the peace of mind knowing my sites are safe.

@rsleventhal's Gravatar @rsleventhal

Truly a great plugin

I’ve never been happier with a plugin that does what it advertises, provides great support and asks for nothing in return but the truth in a review. Thank you, devs, for a wealth of much needed protection!

@cpinho's Gravatar @cpinho

Great Plugin, maybe the best around here for free!

I’ve tested and used several security plugins. But Shield was indeed the elected one. The free version is really complete and goes beyond the basic features. It covers almost all the needs i need. Realy great! Look forward for introduction of new features!

@lourencoazevedo's Gravatar @lourencoazevedo

A great tool

One of the definition of tool is an instrument that the end result is directly related with the way you use it. If a finger suffers a hit from a hammer the tool can’t be blamed only the user itself and the way he was using it. Shield Security Pro…

Hey there gorgeous! Do you like what you've read here? :)

If this cool feature is something you'd like, but you haven't gone PRO yet, click here to get started today. (no risk, with a 14-day satisfaction guarantee!)

You'll get all PRO features, including Malware Scanning, WP Config Protection, Plugin FileGuard, import/export, customer support, and so much more. Not only that, you'll get that warm, fuzzy feeling that comes from supporting our work and future development.

Follow Your Dreams (and go pro) →

Comments (3)

    Thanks for the video tutorial, it does a much better job at explaining the functionality than text and screenshots. Next time ensure the volume is up.

      Great, glad you liked it. And thanks for the feedback on the volume. We may be able to re-release it with higher volume, so thanks for sharing your thoughts! 🙂

    Great information about keeping your WordPress sites secure.
    Thanks for sharing this useful information..

Leave a Comment

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese