Shield Security PRO for WordPress – Release 11.2

ShieldPRO for WordPress v11.2 is designed to build upon the improvements we’ve seen so far in the Shield 11 series.

We’re making a few enhancements to the AntiBot scoring system, adding a revamped Wizard and finally making it possible to add Shield’s two-factor authentication UI anywhere on your site.

As always, we recommend reading up on the precise changes to Shield in the upgrade guide.

Let’s find out what’s new in ShieldPRO 11.2.

#1 Improved AntiBot Detection Scores

ShieldPRO‘s new AntiBot Detection Engine has been a great success so-far with its ability to detect bad bots without any CAPTCHAs.

As with anything new, there will always be room for enhancement, tweaking and optimising to ensure it works better on more sites.

We’ve received quite a bit of feedback over the past couple of months and we’ve incorporated much of it into the 11.2 release. Some of changes we’ve made include:

Improved Bot Scoring Logic

It seems that we were perhaps a little over zealous in our bot scoring – we were too heavy with our negative scores, and not generous enough with our positive scores. We’ve adjusted a lot of scoring logic to help ensure legitimate users don’t get flagged as bots.

We’ve also improved the NotBot system’s ability to pick-up on past user sessions, which helps improve NotBot scores for administrators and regular users.

No More Cookies

Shield would drop a cookie to assist in tracking which clients had completed the NotBot tests. With a bit of code restructuring, we no longer need to use these cookies

Faster NotBot Execution

Originally we thought putting the NotBot Javascript into the page footer and executing after the page loaded was a wise optimisation. It actually doesn’t need to be optimised this way, since the executed code is AJAX, which runs silently in the background and won’t block page rendering for visitors.

With it being in the footer, there were cases where an admin would login but the NotBot hadn’t executed, causing the admin to appear to be a bot.

To address this, we’ve put the NotBot AJAX in the <head> section and it executes immediately.

Better Bot Score Reset

Sometimes it was necessary to reset a bot score through the Shield interface. When you reset a Bot score it immediately looks to the Block List to pick-up signals for the IP and you’d be back to square 1. Not any longer – now when you reset the bot score, it’ll also removes the IP from the Block List.

#2 New and Improved Welcome Wizard

For experienced Shield clients, you don’t need a wizard to walk you through the settings, but for new, uninitiated users, Shield can be a daunting plugin because it’s so large.

We’ve had a wizard in Shield for a few years now, but over time it’s become a little stale, so in this release we’ve revamped it entirely, with a new style/design, better content, new videos and a more intuitive UX.

#3 Add Shield’s Two-Factor Authentication Anywhere

Until now Shield’s 2-Factor Authentication (2FA) interface was only available in the User Profile UI in the WordPress admin area.

This was fine, but what if you wanted to offer 2FA to your customers and clients in your frontend website or customer area?

You simply couldn’t do it.

With ShieldPRO 11.2 you can now provide the same user interface that’s available in the WordPress admin area, to frontend users with a simple WordPress shortcode.

We’ve adjusted the UI to ensure that the user experience in both formats (backend or frontend) is identical.

And, to make things simple, we’ve kept the HTML markup simple and mostly un-styled so that it’ll adopt styles from your theme automatically. And, if you do want to customise some styles, it’ll be quite painless to do so.

The shortcode to use is simply:

[ SHIELD_USER_PROFILE_MFA /]

#4 New And Improved Integrations

Since releasing our new AntiBot Detection Engine (ADE), we’ve been integrating Shield Security with as many different WordPress plugins as we can.

It seems the standard integration method for any plugin with a form is to either add Google reCAPTCHA, or Akismet antispam. Both of these solutions are far from ideal.

Taking Google reCATPCHA first, not only is it unsightly, it adds friction for many visitors, and if it’s not done properly, it’ll cause Javascript errors on your pages. And… if you’re using v3, it’ll likely still let SPAM through anyway.

Akismet antispam is problematic because it works by sending the content of your form submission off to a third party to process. This has privacy issues for a start, but more importantly there’s little that Akismet can do to assess how the visitor has been interacting with your site up until that point.

Shield’s ADE can assess a visitor right up until it submits a form and so it has a very good idea of what the likely profile of the visitor is. Not only that, it removes the need for CAPTCHAs or human “gotchas” from all forms.

This release sees new integrations for LifterLMS, and Groundhogg CRM.

You can access all integrations from the 3rd Party Integrations screen:

Suggestions and Feedback

We trust that there’s something new in this release that everyone will get benefit from, particularly the improvements to the AntiBot Detection Engine.

Of course, we always welcome your feedback and suggestions and any areas you think could be improved.

Thank you for your support!