This new release, 10.2, is designed more as a bug-fixing release along with the removal of some options.

The next few ShieldPRO releases will directed towards improving existing features, instead of adding new ones.

There are a few reasons for this:

  • ShieldPRO is already jam-packed with powerful anti-malware and anti-hacking features.
  • In the effort to improve ShieldPRO‘s security portfolio, we added features with a view to coming back later and refining them further with enhancements.
  • We want to extend Shield’s features to make them more accessible to developers and agencies and e-commerce.

Let’s find out what’s changed in ShieldPRO 10.2…

Removal Of Most Content Security Policy Options

We discussed this a week or so ago and outlined the full reasoning behind this decision.

In summary: CSP is a massive area and requires a huge undertaking to build a system to automatically generate the necessary headers.

Shield doesn’t have this (yet), and until we do we need to remove it as it’s causing more trouble for users than it’s actually solving problems.

Empty Usernames Trigger Invalid Login Bot Rule

ShieldPRO has the following option:

ShieldPRO Option: Detect Login Bot Using Invalid Username

Until ShieldPRO 10.1 this option ignored logins with empty usernames. This was due to a technical limitation which added complexity, but we’ve solved this for 10.2.

Shield will treat logins without a username as invalid and trigger offenses according to your settings.

Malware Scanner UX Improvements – No More Automatic Re-scans

ShieldPRO‘s Malware scanner is thorough and it involves scanning the contents of every PHP file on the site against a list of code patterns that “look like” malware.

So as you can imagine, it can take some time to complete a full scan.

If a file is discovered that appears to contain malware, you have the option to delete the file through Shield’s UI. But, we had configured Shield to run a full re-scan after a malware file was deleted.

After feedback from many clients, we decided to remove this automatic re-scan and instead simply re-examine the deleted file itself and ensure it was properly erased.

This should make management of these files much easier.

We know there are other improvements you’d like to see, such as bulk delete, and we’ll definitely get to this. For now, we hope this improvement will make a big difference for you.

Malware Scanning Is Much More Efficient

While we were digging through the Malware scanning code, we made a number of improvements and optimisations which actually makes malware scanner run more quickly.

As we said, it’s a big scanner and will take a while to complete no matter what we do, but we hope this improvement will make Shield’s WordPress malware scanner a bit lighter on resources over time.

Traffic Log Viewer Show More IP Info

Based on client feedback again, we’ve enhanced the traffic log viewer by showing the IP status quite clearly for each entry – i.e how many offenses it has against your site.

This will reduce the need to jump to the IP Analyse tool each time you’re investigating an IP address’ activity on your site.

Other Shield Improvements

  • A lot of code cleanup has been performed in this release with the removal of a huge number of legacy files left over from our move to PHP 7.0.
  • Fixed a bug where the Javascript wouldn’t always allow removal of U2F and Yubikey keys from user profiles.
  • Auto-cleaning for stale options left in the WP Options table when sites are moved/migrated between staging sites.

Comments and Suggestions

As always, we welcome any feedback and suggestions – you can see in this post that many of the enhancement have come from our clients.

Please do leave your comments and feedback below.

Hey there handsome! Do you like what you've read here? 🙂

If this cool feature is something you'd like, but you haven't gone PRO yet, click here to get started today.
(no risk, with a 30-day satisfaction guarantee!)

You'll get all PRO features, including Malware Scanning, WP Config Protection, Plugin FileGuard, import/export, customer support, and so much more. Not only that, you'll get that warm, fuzzy feeling that comes from supporting our work and future development.

Get That Warm, Fuzzy Feeling →