Our lastest ShieldPRO 14.1 security plugin for WordPress brings a huge WordPress REST API integration along with some much-needed tweaks and enhancements.
Read on to discover everything we’ve included in your newest and favourite WordPress Securty Plugin.
#1 Full Integration With WordPress REST API
Management of WordPress websites at scale is a huge challenge for all of us.
Consider the work that’s involved with managing just 1 WordPress site and all its plugins, themes, updates, backups and, of course, security.
Now multiply that by the number of WordPress sites you run.
It’s a huge amount of work.
This is why we built iControlWP many years back and why we also integrated Shield Security into it to allow WordPress admins to manage their WordPress sites at scale, and also their WordPress security.
But not everyone wants to use iControlWP and that’s totally cool! But we still want to open up management of Shield to folk that need to scale their WordPress security.
This is where our new WordPress REST API integration comes in. It leverages the very thorough platform that the WordPress Core provides, letting us build a REST API that is powerful, secure and easy to maintain.
Many clients won’t have a need for our REST API directly, but you may use tools and services that could take advantage of if you asked them to.
#2 Hugely Improved Audit & Traffic Logs
This is a big one.
A short time ago we completely overhauled the Audit Trail and Traffic Logging features.
This involved a major revamp of the UI and the tables that display the logs.
As you can imagine, these tables and data set can grow very large, particularly for busy websites.
Since we were loading a large dataset all at once, browsing these log tables became tedious and slow. For high traffic sites, it would unusable in some cases resulting in loading errors!
So we went back to our core implementation (again) and made the entire thing dynamic. Instead of loading all the records, we only load precisely what we need. This makes the initial loading near-instant.
The pagination will be a bit slower than what you’re used to – but this is because we’re loading just the log records you need, when you need them.
We’ve also adjusted the traffic log database table structure to help us speed all this along and provide more useful information right where you need it.
This is a major reworking and we hope you’ll love it!
#3 Run Shield As A “Must-Use” (MU) Plugin
If you’ve never heard of a must-use WordPress plugin, don’t worry, you’re not alone.
Simply put, a must-use WordPress plugin is one that is automatically enabled and always loads when WordPress loads. These special plugins can’t be (easily) disabled and execute before all other plugins.
They’re installed in a different directory (
/wp-content/mu-plugins/) instead of the default (
So why would you want to switch Shield to be an MU plugin?
In much the same way as Shield offers the Security Admin module to protect against tampering, you could set Shield to be an MU plugin to prevent the plugin from being disabled accidentally, maliciously.
It’ll also ensure Shield executes before other plugins. While this won’t offer an advantage currently, we’ll soon adjust some Shield’s code to block malicious requests much earlier in the WordPress load.
What actually happens when you enable MU Mode?
The core of the Shield plugin will remain in the normal installation directory-
Shield will then create a new file in the MU directory that loads the normal Shield plugin. When this happens you’ll see 2x Shield plugins installed on your site as shown below:
How can you disable Shield after enabling MU Mode?
Once MU mode is enabled, you can’t disable the normal Shield plugin from the WordPress dashboard. This is normal WordPress behviour.
However, you can simple revert the option within Shield’s settings to disable MU Mode, and then return the plugins screen and disable Shield like any other plugin.
The setting for MU Mode is found within the Security Admin module and doesn’t require a Security Admin PIN to be set.
#4 Better Detection Of Incorrect Application Passwords
Until now Shield wasn’t correctly spotting when these application password login attempts were failing. We’ve added some new events and logging and we’ll even increase the offense counter for an IP address when the event is triggered.
We spotted these new events being triggered almost immediately after we put them live for testing.
#5 More Quick Access Data In Admin Bar
Some time ago we add a top menu to the WordPress admin bar to help indicate when Shield found some scan items that warrant further investigation.
After prompting for some extra information by a client, we’ve made some new helpful additions to the menu (see image below).
Each of these additions provide helpful links to the item in question, for example:
- Recently Blocked IPs and Offenses link to the IP Analyse Tool for the specific IP in-question.
- Recent Sessions links to the Shield Sessions table and the individual session item in the menu links to the profile of the given user.
Comments, Questions & Suggestions?
We’ve packed a lot of new things into this release. We think this is our best release yet for Shield Security, but as with anything that changes, there will be questions and feedback.
Please feel free to use the comments section below to drop us a message or question if you have any. Thanks as always for your support!
Solid. Simple. Powerful
Easily the best security plugin for WP. It’s not overbearing, but it’s powerful and full featured. Tons of optional features too depending on your requirements. Get it now!
Excellent plugin, Thank you!
Been using Shield for a while now and I am 100% satisfied. I find it remarkable what it offers in the free version. Before installing anything I always read the 1 star comments. In this case I have to say to future users reading this, the few negative ratings here…
Easy to Use
It’s easy to use WordPress.org, including easy to perform updates. I have always found Drupal a pain with updates, so I try to avoid it. WordPress on the other hand is great.
Excellent performance. No database bloat. Two-factor authentication keeps your website hack proof. Does what it says. Honest and fair marketing. No gimmicks. Really liked its overall features. Update 25-12-2016 After 3 months of use, I can’t image running a WordPress blog without this plugin. Update 02-02-2018 After using it for…