Something overlooked in any security plugin for WordPress is the security and integrity of that very same plugin.
Imagine you have a security/firewall plugin on your WordPress site, and somehow, even then, somebody gains access to the site through a security breach on an old plugin (for example), couldn’t that hacker just turn off the security plugin and make it even easier?
Yes, they could.
Also, consider the scenario that you’re managing the site for someone else who doesn’t quite understand the workings of the plugins and they accidentally turn off the security plugin without your knowing.
Whoops!
We offer you the unique option to lock-up your WordPress security away from people who shouldn’t ever be playing with it in the first place.
A security plugin that secures itself – The Shield Security
The self-security feature of the Shield Security for WordPress is quite simple.
You supply the Security Admin Access PIN when you activate the feature.
Then, every time you want to access the Shield Security options, you’ll be presented with a screen to enter this access PIN.
If you supply the correct access PIN, you’ll be able to proceed. If you don’t, you wont.
After you enter the access PIN, you’ll automatically be granted 30 minutes of access to the plugin. This will automatically expire and then you’ll need to enter your access PIN again.
You can, if you want, change the length of time you have access per session. This is entirely up to you.
What if you forget the Admin Access PIN?
Simple, you can turn off the whole plugin using the files system based override.
If you don’t know what this is, check the introduction video, or look at the plugin Knowledge Base.
We believe all WordPress security plugins should themselves be protected by some measure or another.
There are more ways in which we will add self-protection to this plugin, but this is a good start.