ShieldPRO 19.1 is primarily a maintenance and optimisation release, but it also delivers a much-requested feature: Instant Alerts
Instant Alerts will instantly alert you to critical security events that occur on your WordPress sites.
#1 Instant Alerts
At the time of release, we’ve provided 4 primary categories of Instant Alerts, namely:
- Admin Account Changes
- Vulnerabilities
- FileLocker Changes
- Shield Plugin Deactivation
They’re fairly self-explanatory, but we’ll outline the finer details so that you’re fully aware of each does.
Shield Plugin Deactivation
You’ll receive an alert as soon as the Shield plugin is deactivated.
We sometimes get reports from our members that the Shield plugin was deactivated and they had no idea why, and since when. This alert will solve this for you by sending an email that looks little like this:
Admin Account Changes
This alert is critical to your site integrity. If anything important changes about any administrator account, you’ll get and instant alert to it. Changes that are monitored are:
- Admin account added
- Admin account deleted
- Admin account demoted (e.g. demoted to Author role)
- Non-Admin account promoted to Admin
- Admin password changed
- Admin email address changed
All of these actions are normally done by admins using the WordPress dashboard.
However, if your site’s compromised, or subject to an SQLi vulnerability (for example), hackers may be able to directly modify the WordPress database and bypass the dashboard. In this way they could silently create new WordPress admins on your site without you ever realising.
Shield’s exclusive Snapshot Technology will detect these changes regardless of whether they’re done through the dashboard, WordPress API, or by any other means.
Plugin/Theme Vulnerabilities
Shield’s vulnerability scanner will normally alert you to the presence of vulnerabilities via the standard Alert Reporting feature.
However, some members requested that they be instantly alerted when a vulnerability is discovered.
FileLocker Changes
Much like the vulnerabilities option above, you’d normally be alerted to FileLocker changes through standard Shield Reporting. Again, members requested that they receive dedicated email alerts of any changes as soon as they’ve been detected. You’ll need to be running the FileLocker feature, of course.
#2 A Fuller View On Scan Results & Alterations
Until now, when Shield presents scan results it shows only those results that need intervention by the admin. If there was a result that has already been processed (e.g. repaired or ignored), then that result is removed from display, never to return.
This has caused confusion for some admins, who receive a Report outlining certain scan results, and there’s a discrepancy between the numbers outlined on the report, and what is displayed in the results.
The reasons for the discrepancy are varied, but typically involve the use of the “auto-repair” feature, or where some results have been ignored from previous scans.
This scenario starts to cast doubts over whether Shield is correctly displaying results to the admin.
This is understandable, and to alleviate this, we’ve provided the ability to expand the results that are displayed on the scan results tables to include previously processed results.
Normally the following scan results are hidden:
- ignored
- repaired
- deleted
You can now un-hide these results (see the demo below).
#3 Huge Plugin Code Rewrite
The Shield Security plugin dates back to 2013, and it’s undergone many, many changes in that time.
Some of the older, legacy code structures are still in-place and we’re doing a lot of work to refactor and optimise. Given the nature of WordPress and how plugins are upgraded, this process is staged over several releases to ensure upgrades are error-free.
Improvements from these changes will see:
- fewer separate options stored in the WordPress options database table.
- fewer installation files on-disk.
- simplified, reduced code and thereby faster, more reliable code.
Version 19.2 will be the next stage, with a huge amount of legacy code being purged. We urge all our members to upgrade to 19.1 as early as possible. If you attempt to skip 19.1 and upgrade directly from 19.0 to 19.2, you may see errors during the plugin upgrade process (though they won’t cause your site any lasting trouble).
Comments & Suggestions
For the full list of changes, we suggest you review the changelog for the plugin.
As always, we welcome any suggestions and feedback you may have. Please leave any comments below and we’ll get right back to you!