It probably looks very quiet in the world of Shield Security lately
This is just an illusion. We’ve been hard at work building the latest additions to your WordPress site security and we’re nearly ready to release it to the world.
There is so much that’s new and improved, that we’re moving to a major release: Shield 8.0
So what’s new in Shield Security 8.0?
There’s a lot.
To get a sense of how much code has gone into version 8, as it stands today, the rough stats are:
- 474 files have been altered.
- 63,028 code additions with 33,005 code deletions.
That’s a lot of code changes.
So what exactly has led to all this code? The following is a brief overview on what’s new and different with Shield 8.
New In Shield 8.0
- A Malware Scanner.
Probably the biggest addition that you’re going to love is an all-new Malware Scanner. It’ll examine every single PHP file in your WordPress directory, looking for common Malware patterns.
- Asynchronous scans – this is a big one.
Since the malware scanner looks at all your PHP files (and there’s a lot of them), the scan takes a while to complete. This is no problem for larger hosting servers, but it’s problematic on shared hosts. This led us to completely rebuild our scanning architecture to be asynchronous – that is, it doesn’t run in realtime and instead runs in the background while you wait.
- Brand new statistics gathering.
This is new feature will set you up for in-depth statistics and reporting. The actual reporting features will be built in a future release, but for now Shield will gather statistics for you which can be used later.
- Brand new audit trail reporting and events handling.
We’ve upgraded our audit trail to be far more reliable and to more easily gather reports from all areas of the Shield plugin. You’ll see more detailed messages about activity on the site.
- Plugin/Theme Guard will use file hashes taken straight from WordPress.org SVN repositories (wherever possible).
Until now we were building and storing hashes locally on the site, but now we fallback to this older method if we can’t get reliable hashes from WordPress.org repositories.
- Shield speaks more languages.
With our new audit trail enhancements mentioned earlier, we now report the audit trail in the correct language every time (if the translation is ready). We’ve put in the work to ensure all text on Shield is translatable and we’ve reached out to professionals to translate the plugin into as many languages as possible. This is an on-going effort, but when we go live with Shield 8.0, we hope to have 6 languages that are at least 99% translation-ready
- German (hopefully)
- … we may have more, but this is TBD.
- More efficient Comments SPAM handling. We’re getting rid of the Comment SPAM database and using WP transients instead (which we automatically clean-up to prevent any bloat on the DB).
There are many more tweaks and improvements, but these are the most interesting.
Side Note: A Brand New Public API For WordPress.org Hashes
If you look above at item #5 you’ll see we’re using WordPress.org hashes for plugins. If you’re familiar with any of this, you’ll know that WordPress.org only provides hashes for their official WordPress releases (see here).
There has been talk of creating the same service for WordPress.org plugins and themes. This was in 2017 and it appears nothing has come from it (yet).
So we decided to build our own.
We’ve called it WP Hashes and it’s built using the WordPress REST API. You can see on the homepage (https://wphashes.com/) how it works and how you can use it if you wanted to build an integration – we’ve even created a simple PHP wrapper for our API which you can see here.
We’ve integrated our WP Hashes service right into Shield so that we can now easily get the file hashes for any WordPress asset and version (WordPress, plugin, and ClassicPress). It even supports SHA1 (and SHA512) hashes.
We’d love to hear your thoughts on this API if you have any feedback.
When To Expect Shield 8 To Be Released
We’re working through a lot of testing of this release since so much has changed. We’re confident we’re in the final stages so we’d like to see Shield 8 released early next week, all-being-well.
We know it’s been a bit from our side, but hopefully you’ll feel it’s been worth the wait. The new Malware scanner and the async-scans should help Shield scale even further, while providing huge protection and malware detection as early as possible.
Please do leave us your comments and feedback below! Thank you for your support, as always.
Right in the name, Simple
I’m digging this security plugin.
Great security product
Moved from Wordfence to Shield and glad I did. Much more simpler to use and keeps my site safe.
It has secured all my WordPress sites after some minor hack attacks – Fandabidozi! (that’s Scottish for great!)
Good plugin, works :)
I am satisfied it does do what it says