ShieldPRO 11.5 for WordPress will see a new, updated User Interface for scan results making it much, much easier to see what’s happening and take any corrective actions.
While there are other improvements in this release, we’ll focus mainly on the changes to scan results.
#1 Component-Based Scan Results
ShieldPRO comes with quite a few distinct scanners covering the following areas:
- PHP Malware
- WordPress Core Files
- Unrecognised Core Files
- Plugin and Themes Files
- Known Vulnerabilities for Plugins and Themes
- Abandoned Plugins
- Filelocker for:
- wp-config.php
- .htaccess
- index.php
That’s a lot and it covers the vast majority of possible areas of file hacking and intrusion.
As you can imagine, the amount of data processed is enormous, and depending on the size of the results, the amount of details presented to the admin is also huge.
Having such a large amount of information to convey to the administrator presents a challenge. Not only does the administrator need to assess the data in a clear format, they need to make informed decision based on the information. Again, a huge challenge.
To-date we’ve opted to display the results of individual sub-scanners separately. So you’d have a results page for plugin files, a separate one for WordPress files, a separate one for vulnerabilities and so on.
But this doesn’t lead to an intuitive interface for managing scan results.
So we took a fresh approach and opted instead combine the separate results together, where possible, grouping them into logical areas we’re all familiar with.
Instead of results grouped by scans, Shield now presents results grouped by WordPress components:
- WordPress Core
- Modified/Unrecognised/Missing Files
- Unrecognised Files
- Plugins
- Modified/Unrecognised Files
- Abandoned Status
- Vulnerabilities Status
- Themes
- Modified/Unrecognised Files
- Abandoned Status
- Vulnerabilities Status
- Malware
- FileLocker
On paper this might not seem like a huge change, but it gives us a far more logical presentation of data that feels more intuitive and leads to a smoother decision making process.
#2 Much Improved File Results Tables
In order to display scan results until now we’ve been extending WordPress’ tables UI. You can see examples of this UI in the WordPress Users listing page, the plugins page and the comments page.
It did the job, but it’s clunky, and making it dynamic in any way isn’t easy.
Then we discovered datatables.js, and this is the framework we use to build all our new tables within the Shield Security plugin. It makes the tables fast and very neat, built-in pagination and search, with the option to reload contents quickly and dynamically as required.
#3 View File Contents In Browser
Often when a file is flagged we want to see its contents.
Shield has offered the ability to quickly download any results file using links built into Shield’s results tables.
This is useful, but we found that many folk found this a bit cumbersome. Ideally, if possible, we could display the file contents to the admin within the browser itself.
This feature is now available with Shield 11.5, by simply clicking on the file link within the results table. We’ve even added syntax highlighting, along with line numbering, to make it easier to read.
#4 Eliminate Empty PHP Files From Results
If you’ve been alerted to an unrecognised file on your site, you’ll want to know exactly what it is as quickly as possible.
As a security-aware admin, you’ll take the potential threat seriously and it’ll likely interrupt whatever you’re currently working on, to investigate the matter.
If that’s the case, the last thing you’ll want to discover after being interrupted, is that the particular PHP file in-question is empty.
The question is, can we build something into Shield to prevent irrelevant scan results?
After receiving a request about this scenario, we set about discovering how we might do this. Consider the 2 possibilities:
- The PHP file is completely empty
- The PHP file isn’t completely empty but has only whitespace and comments (i.e. no executable code).
The 1st scenario is easy to deal with, but the 2nd is more complex and involves parsing the files just as the PHP interpreter would do, to detect the presence, or absence, of executable code.
We’re happy to report that with ShieldPRO 11.5 you have the option to eliminate all of these sorts of file results long before they’re reported to you.
#5 Switch To Crowd-Sourced Hashes For Plugins and Themes Scanning
In our previous release, ShieldPRO 11.4 we discussed the beginning of our ShieldNET rollout.
In particular one of the features was crowd-sourcing the generation of plugin and theme file hashes, by participating WordPress sites. In this way we could build a library of file hashes that would allow us to scan for file changes in all WordPress assets, including premium plugins and themes.
This is a massive step forward for our WordPress security and isn’t available anywhere else. We’re happy with the roll-out so far in the previous release and we’re ready to start using these crowd-sourced hashes in our file scanning.
We’re still being a little cautious however, and so Shield will always be able to fallback seamlessly to its original method of file scanning at any time, without any interruption.
#6 Using Crowd-Sourced Hashes For Malware Scanning
With our crowd-source hashes feature, ShieldNET now has a database of millions of files from 1000s of plugins and theme.
This repository of file hashes now lends itself to helping Shield eliminate even more false positive results from a malware scan.
If you’ll remember, our Malware scanner searches out PHP code that looks like malware. This means it can inadvertantly pick-up legitimate code and flag it as malware. Noboday wants these false positives in our results since it wastes our time.
So, the more false positives we can automatically remove from malware results, the better! Shield already does this to a large extent, but now we can use the database of crowd-sourced hashes to eliminate even more false postive results!
Questions, Suggestion and Feedback
As with every release, there are bug fixes and code enhancements that don’t really need to be detailed, but we’re always working to ensure that Shield is as bug-free and stable as we can make it.
If you have any questions or suggestions about anything raised in this article, please don’t hesitate to leave us a comment below. Thanks!