This new release, 10.2, is designed more as a bug-fixing release along with the removal of some options.
The next few ShieldPRO releases will directed towards improving existing features, instead of adding new ones.
There are a few reasons for this:
- ShieldPRO is already jam-packed with powerful anti-malware and anti-hacking features.
- In the effort to improve ShieldPRO‘s security portfolio, we added features with a view to coming back later and refining them further with enhancements.
- We want to extend Shield’s features to make them more accessible to developers and agencies and e-commerce.
Let’s find out what’s changed in ShieldPRO 10.2…
Removal Of Most Content Security Policy Options
We discussed this a week or so ago and outlined the full reasoning behind this decision.
In summary: CSP is a massive area and requires a huge undertaking to build a system to automatically generate the necessary headers.
Shield doesn’t have this (yet), and until we do we need to remove it as it’s causing more trouble for users than it’s actually solving problems.
Empty Usernames Trigger Invalid Login Bot Rule
ShieldPRO has the following option:
Until ShieldPRO 10.1 this option ignored logins with empty usernames. This was due to a technical limitation which added complexity, but we’ve solved this for 10.2.
Shield will treat logins without a username as invalid and trigger offenses according to your settings.
Malware Scanner UX Improvements – No More Automatic Re-scans
ShieldPRO‘s Malware scanner is thorough and it involves scanning the contents of every PHP file on the site against a list of code patterns that “look like” malware.
So as you can imagine, it can take some time to complete a full scan.
If a file is discovered that appears to contain malware, you have the option to delete the file through Shield’s UI. But, we had configured Shield to run a full re-scan after a malware file was deleted.
After feedback from many clients, we decided to remove this automatic re-scan and instead simply re-examine the deleted file itself and ensure it was properly erased.
This should make management of these files much easier.
We know there are other improvements you’d like to see, such as bulk delete, and we’ll definitely get to this. For now, we hope this improvement will make a big difference for you.
Malware Scanning Is Much More Efficient
While we were digging through the Malware scanning code, we made a number of improvements and optimisations which actually makes malware scanner run more quickly.
As we said, it’s a big scanner and will take a while to complete no matter what we do, but we hope this improvement will make Shield’s WordPress malware scanner a bit lighter on resources over time.
Traffic Log Viewer Show More IP Info
Based on client feedback again, we’ve enhanced the traffic log viewer by showing the IP status quite clearly for each entry – i.e how many offenses it has against your site.
This will reduce the need to jump to the IP Analyse tool each time you’re investigating an IP address’ activity on your site.
Other Shield Improvements
- A lot of code cleanup has been performed in this release with the removal of a huge number of legacy files left over from our move to PHP 7.0.
- Fixed a bug where the Javascript wouldn’t always allow removal of U2F and Yubikey keys from user profiles.
- Auto-cleaning for stale options left in the WP Options table when sites are moved/migrated between staging sites.
Comments and Suggestions
As always, we welcome any feedback and suggestions – you can see in this post that many of the enhancement have come from our clients.
Please do leave your comments and feedback below.
Thank you for the updates please add a nice dashboard will all security graphics stats it will be cool