This new release, 10.2, is designed more as a bug-fixing release along with the removal of some options.
The next few ShieldPRO releases will directed towards improving existing features, instead of adding new ones.
There are a few reasons for this:
- ShieldPRO is already jam-packed with powerful anti-malware and anti-hacking features.
- In the effort to improve ShieldPRO‘s security portfolio, we added features with a view to coming back later and refining them further with enhancements.
- We want to extend Shield’s features to make them more accessible to developers and agencies and e-commerce.
Let’s find out what’s changed in ShieldPRO 10.2…
Removal Of Most Content Security Policy Options
We discussed this a week or so ago and outlined the full reasoning behind this decision.
In summary: CSP is a massive area and requires a huge undertaking to build a system to automatically generate the necessary headers.
Shield doesn’t have this (yet), and until we do we need to remove it as it’s causing more trouble for users than it’s actually solving problems.
Empty Usernames Trigger Invalid Login Bot Rule
ShieldPRO has the following option:
Until ShieldPRO 10.1 this option ignored logins with empty usernames. This was due to a technical limitation which added complexity, but we’ve solved this for 10.2.
Shield will treat logins without a username as invalid and trigger offenses according to your settings.
Malware Scanner UX Improvements – No More Automatic Re-scans
ShieldPRO‘s Malware scanner is thorough and it involves scanning the contents of every PHP file on the site against a list of code patterns that “look like” malware.
So as you can imagine, it can take some time to complete a full scan.
If a file is discovered that appears to contain malware, you have the option to delete the file through Shield’s UI. But, we had configured Shield to run a full re-scan after a malware file was deleted.
After feedback from many clients, we decided to remove this automatic re-scan and instead simply re-examine the deleted file itself and ensure it was properly erased.
This should make management of these files much easier.
We know there are other improvements you’d like to see, such as bulk delete, and we’ll definitely get to this. For now, we hope this improvement will make a big difference for you.
Malware Scanning Is Much More Efficient
While we were digging through the Malware scanning code, we made a number of improvements and optimisations which actually makes malware scanner run more quickly.
As we said, it’s a big scanner and will take a while to complete no matter what we do, but we hope this improvement will make Shield’s WordPress malware scanner a bit lighter on resources over time.
Traffic Log Viewer Show More IP Info
Based on client feedback again, we’ve enhanced the traffic log viewer by showing the IP status quite clearly for each entry – i.e how many offenses it has against your site.
This will reduce the need to jump to the IP Analyse tool each time you’re investigating an IP address’ activity on your site.
Other Shield Improvements
- A lot of code cleanup has been performed in this release with the removal of a huge number of legacy files left over from our move to PHP 7.0.
- Fixed a bug where the Javascript wouldn’t always allow removal of U2F and Yubikey keys from user profiles.
- Auto-cleaning for stale options left in the WP Options table when sites are moved/migrated between staging sites.
Comments and Suggestions
As always, we welcome any feedback and suggestions – you can see in this post that many of the enhancement have come from our clients.
Please do leave your comments and feedback below.
Hello dear reader!
If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)
You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.
We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.
ShieldPRO Testimonials
@alextc
Very happy
This plugin is simple to set up and so far no issues, keep up the good work!
@tazmah
Shield Pro Plugin
I tried the free version for approximately one year. After which I was more that satisfied so, attempted to try out the Pro shield version. I was so impressed with the Pro, I purchased it for all five websites. I found shield pro to be very easy to setup &…
@t2m
Best security plugin
This is the best security plugin I ever came across. It has all those features which all the good plugins out there have and has other impotant features which others just ignore. Icing on the cake is, it does not change or edit any of the wordpress core files. And…
@handymanhome
Great plugin!
After deciding to get the Pro version I’m very happy and feel my site is in safe hands. Paul generously spent his time personally answering my questions on a Zoom call and has gone out of his way to provide a beta version of his plugin to address my needs.
Thank you for the updates please add a nice dashboard will all security graphics stats it will be cool