June 24, 2021 by Paul G. | Blog, Features, Shield Pro, Shield Security

ShieldNET: WordPress Network Threat Intelligence

Shield Image

We’re levelling-up your WordPress security by giving ShieldPRO access to data about threats seen throughout the entire WordPress network.

We’re calling this new platform ShieldNET, and in this article we’ll outline what it is, and how it’ll revolutionise your WordPress security and protection.

Please watch the video below outlining what ShieldNET is and why it’s so important:

What is ShieldNET?

ShieldNET is the all-encompassing term that covers the technology and features that we use to gather security and threat information from across our entire WordPress ecosystem.

By collecting information from all active Shield Security plugins, we can offer this information back as threat intelligence to all sites running Shield.

The responsibility of identifying threats is then shifted away from individual sites to the collective.

A single site only knows what it knows. But when 10,000 sites get together and share information, they each know what 10,000 sites know.

This is massive. It completely transforms what’s possible when mitigating threats to our WordPress sites.

A ShieldNET Example: Bad Bot Identification

You may have come to realise we’re focusing a lot of our attention on bad bots and malicious visitors. As we learn more about websites security, our priorities shift towards areas that will yield the greatest impact.

For this reason we’re heavily invested in speedy and reliable indentification of bad bots.

Each time a visitor accesses a WordPress site running ShieldPRO for the first time, Shield starts from zero. It has no information about that visitor from which to make any adjustments to protect the site.

Shield must rely on the visitor to perform a number of requests and capture those behaviours, before it can make an assessment. And while Shield uses 25+ different signals to build a threat assessment, it’s still doing so completely independently.

But what if we could give it a head-start? What if we could tell Shield that this IP address has been seen on 100 other WordPress websites already? Perhaps those sites have already identified it as a bad bot?

Wouldn’t that help Shield make an informed decision, much more quickly, to block that visitor?

But now think of it the other way around. Perhaps the IP has been seen elsewhere and it has a great reputation, but on 1 particular site it’s triggered the plugin and Shield is about to block the visitor.

False positives is something we absolutely want to avoid!

With intelligence drawn from the network, we can reduce false positives where legitimate visitors are locked-out from a site.

Imagine then, all of this happening across all WordPress sites for all visitors, in real time?

ShieldNET and Privacy

Privacy of information and data is an critical aspect in a system like ShieldNET.

Let’s first discuss what information ShieldNET tracks and stores and just as importantly, what it doesn’t.

When a Shield plugin sends us IP information, it sends:

  • IP Addresses
  • Bot Signals that Shield has tracked for the IP addresses
  • Offense Counts
  • IP Blocked status

It’s important to also understand what information is NEVER shared.

It doesn’t share:

  • Any audit trail data
  • Any traffic log data
  • Any associated WP users and sessions
  • Any information about any individual requests

When Shield receives the data, it makes a unique, one-way hash of the site’s useragent to help identify and eliminate duplicates.

“One-way hash” means that if anyone ever had access to the resulting hash, they can’t ever “reverse” the hash to identify the originating user-agent/site.

ShieldNET then records the information about the IP address.

If this IP data is accessed, either internally or externally by a 3rd party, there is no way to derive information about any IP address and its relationship to any websites. The data is structured in such a way as to be absolutely useless, except for the purpose it’s intended – to build a picture of activity on an IP address across many different websites.

The Future Of ShieldNET and Opting Out

If you feel that you don’t want to be a “part” of ShieldNET and share this sort of anonymised information, that’s entirely up to you. We always respect that choice.

We don’t fully understand why, given that there are no privacy implications as we’ve already discussed. But this doesn’t mean we don’t respect your decision, so we’d love to hear your thoughts on it, if this is the case.

You can simply select to not be involved in ShieldNET, and then any IP reputation data wont be shared. The downside is that since ShieldNET is built by the network, if you’re not contributing to it, then you can’t draw from it.

It’s only by working together, pooling resources and information, can we really work to thwart the ever-evolving nature of threats to our sites.

As always, the choice is entirely yours.

Over time the features and enhancements provided by ShieldNET will only grow. If you decide to opt-out of contributing, your site security won’t benefit from these changes.

Availability of ShieldNET

We’re doing a soft-launch of ShieldNET in ShieldPRO 11.4 due out very soon.

It’ll include some integrated access to network-based IP address information but it wont yet be used by Shield itself to make any important decisions. There’ll be more detailed information in our release notes for Shield 11.4 at a later date.

As always, please do leave us your thoughts in the comments about anything discussed here.

ShieldPRO Testimonials
@doubleohdave's Gravatar @doubleohdave

Simply the best security plugin I ever tried

I can’t believe this is free. I’ve tried all the security plugins and even paid $60 for a premium one, and this is by far the very best. Can’t recommend it highly enough.

@kendawes's Gravatar @kendawes

A great update/replacement for Firewall 2!

The folks at IControlWP have done it again! They have taken the venerable Firewall 2 plugin as a starting point and have also added new features. WordPress Simple Firewall will be on *all* of my clients’ sites!

@stevenw123's Gravatar @stevenw123

Siteground conflict

Hi, I’ve enjoyed using your plugin for two years or so, but I’ve just moved to Siteground for my hosting and I’m getting endless problems. Shield logs me out every couple of minutes and makes me log back in, even though I’m working on the site, so it is not…

@lcwoodward's Gravatar @lcwoodward

these guys are on top of it!

I use this plugin on ALL of the 20+ websites I manage for clients. I have had no security breaches or compatibility issues with it in the year+ that I’ve been using it. It takes care of spam, too. Very well. I also use their iControlWP plugin for website management…

Hey there gorgeous! Do you like what you've read here? :)

If this cool feature is something you'd like, but you haven't gone PRO yet, click here to get started today. (no risk, with a 14-day satisfaction guarantee!)

You'll get all PRO features, including Malware Scanning, WP Config Protection, Plugin FileGuard, import/export, customer support, and so much more. Not only that, you'll get that warm, fuzzy feeling that comes from supporting our work and future development.

Get That Warm, Fuzzy Feeling →

Leave a Comment

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese