ShieldPRO 20.0 is one of our biggest releases ever. It comes with our all-new silentCAPTCHA v2, as well as a completely revamped navigation that makes WordPress security management easier than ever before.
We often hear from our members that WordPress security is complicated and we’ve made it our mission to make Shield v20 the easiest to use in our history.
It’s still a big plugin, with many features and lots of options, but it’s now easier to find exactly what you need, when you need it.
#1 Shield Security’s All-New Navigation
Many of our members will be familiar with how many changes we’ve made to the UI over the years, in our efforts to improve and simplify navigation.
Some changes haven’t been as well received, but the trend has been towards a better UI overall.
With v18 of Shield we definitely landed on a UI that worked well, but we still had room to improve. And there was a reason for that.
Historically, Shield was comprised of “modules”. These modules reflected how the plugin was actually coded and has evolved over time. When we added major new security features, we often created an independent module to house it. Our thinking at the time was to optimise performance so that users could switch on/off modules as they needed them.
Our development skills have moved on a lot since then and we know better how to build optimised code for WordPress plugins. This approach was adding more complications than providing real benefit.
With earlier releases (19.0 and 19.1) we re-architected the plugin to begin the process of removing those modules from the code, and with this release we’ve all-but eliminated them entirely.
This freed us up to further redesign the plugin, and present its tools, features, and configuration in a logical manner.
We’ve also taken advantage of this restructuring to purge unimportant options from the plugin, too. More on this below.
Whereas until now the plugin was oriented around modules and their configuration pages, Shield v20 is oriented around high-level groups of security defenses. For now we’re calling them “Security Zones”:
- Security Admin
- Firewall
- Bots & IPs
- Scans & Integrity
- Login
- Users
- SPAM
- HTTP Headers
Within each group/zone, you’ll have specific call-outs to sub-features, as demonstrated below in the Firewall Zone.
In addition to the zones, there are the Security Tools, such as Activity Logs, Request Logs, Custom Security Rules, Whitelabelling, Reports, Login Renaming, 3rd Party Integrations, etc.
Several of these are on the top-level dashboard navigation, the rest are placed within the dedicated “Tools” menu. To configure the settings for each of these tools, where applicable, there’s an easy-to-access configuration button on the main menu.
One of the biggest, yet simplest, changes in this release is that access to the configuration for any given security tool, is provided alongside the tool itself. There is no separate “Configuration” menu to wade through, to locate the relevant options you need.
#2 silentCAPTCHA v2.0 WordPress Bot Detection
We’re often asked whether we support Google reCAPTCHA, or CloudFlare’s Turnstile, to protect against bots that brute force attack the WordPress login, or post Comment SPAM. We always answer the same: we have our own.
We call it silentCAPTCHA, and it’s our own proprietary bot-detection solution that we use to identify the types of visitors that are interacting with your WordPress sites.
Shield is dedicated to run on WordPress sites, so we can take advantage of the fact that we don’t have to provide a solution for different types of apps, or sites, and focus solely on WordPress.
We’ve made a number of big improvements to silentCAPTCHA in this release.
#3 Many Legacy Options Removed
We continue our efforts to streamline Shield and remove options that we feel no longer provide any utility for WordPress security.
This reflects changes in WordPress itself over the years, and the tangible security benefit that these options provided, if any.
The following is a non-exhaustive list of these options:
- All options within the Auto-Updates modules have been purged, except for the “Delay Autoupdates” feature, which has been moved to the Scans & Integrity Zone.
- Activity Logging to file
- Force SSL Admin
- Firewall Block Response type
- WP Generator tag removal
- All GASP JS options (the’ve been deprecated for over 2 years in favour of silentCAPTCHA)
- All options that let you toggle individual modules on/off. Since we’ve removed modules, these are not longer applicable.
Some of our members may find removal of these options an inconvenience, and we hope that that’s not the case. Some things are easy to replace with a code snippet, so if you have any questions about this, let us know and if we can help you find an alternative solution, please let us know.
#4 Other Important Changes
Because of the way we arranged features within modules until now, and that we’ve eliminated the modules, the way some features operate has now changed.
- Whitelabelling no longer requires Security Admin to be active
- Option to run Shield as Must-Use plugin no longer requires Security Admin to be active (option is also moved to Plugin Defaults configuration)
Comments & Suggestions
For the full list of changes, we suggest you review the changelog for the plugin.
As always, we welcome any suggestions and feedback you may have. Please leave any comments below and we’ll get right back to you!