We’re excited to announce that with ShieldPRO 11.4 we’re moving full-steam ahead with ShieldNET, which will significantly raise the bar for WordPress security.
ShieldNET is our solution to the challenge of sharing and distribution the knowledge of threats between individual Shield plugins.
#1 Provisional ShieldNET Release?
Please watch the video below to understand what ShieldNET is, and how it’s going to change WordPress security.
You can also read the full article on ShieldNET if you prefer.
The First Release Stage For ShieldNET
Rather than go all out with something new like this and risk problems with some sites and configurations, we’re going with a soft-launch.
A soft-launch will involve the following:
a) Intelligence Gathering
ShieldPRO 11.4 will start sending IP reputation information back to our central data repository. To begin, we’re sending back a limited subset of the data to gauge how our infrastructure can handle this influx of data.
As you can imagine, receiving all this data, even a small subset of it, from 10s of thousands of websites would be a massive undertaking. So we’re limiting this data to a smaller number of websites running ShieldPRO.
This will allow us to build up our IP repuation database safely and allow us room to modify and optimise it easily as necessary.
b) Crowd-Source Plugin & Theme Hashes
This is one of our most exciting developments.
We’re going to build a database of all WordPress plugin and theme file hashes.
File hashes let us scan WordPress plugins and themes looking for unwanted changes to the files. If we can catalogue these files, we can better detect changes.
We’ve been able to do this for WordPresss.org plugins and themes for a long time already. But the challenge we’re faced with is doing the same for premium plugins and themes.
For example, how can we detect changes to files in a premium Woocommerce extension?
Since we have no way to know what the file was originally, it’s difficult to do this.
But what if we can poll a website that has this plugin installed? What if we could poll 100 websites with this plugin installed? We could then build up a reliable picture of every single official file for that plugin and then scan your website for changes far more accurately.
That’s exactly what we’re doing: Crowd-Source Hashes.
Just like IP reputation data, we’re throttling this activity in this release so that we can test and monitor our server infrastructure, and tweak/optimise as required.
The Second Release Stage For ShieldNET
After we’ve released this version of Shield, we’ll assess how well it’s gone and make any necessary changes to our infrastructure.
We’ll then go fully live with ShieldNET with the release of ShieldPRO 12.
With v12 you’ll be able to call upon ShieldNET to help assess the threat posed by any visitor. The Shield plugin installed on your sites will be able to use this intelligence, or not, to formulate its response.
Hopefully you can start to see the power that will come with ShieldNET’s network intelligence.
#3 A New Public Tool For IP Information
There is no shortage of tools out there where you can look up information about an IP address.
We’ve built something similar, but we’ve also added summary information from our ShieldNET database.
Note: Until data starts coming in to us, the availability of IP Score reputation information will be quite limited.
Check out the IP Bot Or Not Tool here.
#4 Improved WordPress Vulnerability Scanning
We announced a couple of months ago that eventually we’d be moving to use Patchstack as our preferred provider of WordPress vulnerabilities data.
There are several reasons for this, the primary motivators being the openness of their vulnerability database, alongside what appears to be a more community-driven approach.
Awareness and access to vulnerability information is a critical component of WordPress site security, so for us, who we partner with for this data is also important.
While we haven’t made the switch just yet, we’ve put the updated code in-place so that when we do your Shield plugin won’t be affected in any way, and will continue as normal.
#5 An Improved Navigation Bar
We’re continuing with our incremental improvements to Shield’s User Interface. With this release, we’ve reduced the text-heavy look and feel with user-friendly icons and floating sub-meanus.
The screenshots below will demonstrate the difference very clearly.
#6 Other Changes With Shield 11.4
- We’ve fixed a few bugs relating to user sessions and how reliably Shield was capturing them.
- Minimum WordPress version changed to 3.7
Questions, Suggestion and Feedback
As with every release, there are bug fixes and code enhancements that don’t really need to be detailed, but we’re always working to ensure that Shield is as bug-free and stable as we can make it.
If you have any questions or suggestions about anything raised in this article, please don’t hesitate to leave us a comment below. Thanks!
