ShieldPRO 20.1 brings many improvements to our security platform, not least of which is our move to PHP 7.4. The biggest enhancements you’ll see immediately are in our UI, where we’ve further simplified and removed clutter.

For newer members, we’ve released the first version of our “Security Profiles” feature, where you can instantly setup the plugin to a specific configuration in seconds.

Read on to discover all our new features and enhancements.

#1 Expansion of FileLocker to include functions.php

Shield’s FileLocker technology protects critical WordPress files from hacking and corruption. By tracking the contents of certain file in realtime, Shield can alert WordPress admins to changes (unwanted or desired) to these critical files instantly.

As we’ve said many time, an important part of keeping your WordPress sites secure is being aware of the changes that happen silently in the background so that you can take any corrective action as soon as possible.

FileLocker now protects the following files:

  • NEW functions.php for your active theme –
  • wp-config.php
  • index.php (in the WP root directory)
  • .htaccess (in the WP root directory)
  • Web.Config (if you’re running IIS)

The purpose of FileLocker is to added protection around files that are often modified or are used to add ad-hoc customisations to a WordPress site. Since they’re so often changed, it’s easy to lose track of these changes or even miss them altogether.

By expanding FileLocker to track the `functions.php` file, you can help ensure that another critical WordPress file doesn’t become compromised without your knowledge.

#2 Security Profiles (beta) for Instant Shield Setup

Shield Security is a big plugin – it’s packed with many features and there’s a lot to learn. This can make it a bit overwhelming the first time you try it out and this discourages potential users.

We wanted a system that’ll help first-time (and experienced), users get started as quickly as possible.

This system is called Security Profiles.

Screenshot: Shield Security Profiles selection screen

The screenshot above shows how the feature appears in our current release. We’ve provided 3 built-in profiles for you to choose from:

  • Light
  • Medium
  • Strong

The names are self-explanatory and they let you immediately position your security in a way that suits your site. From there you’ll be free to tweak other settings to get it just how you would like.

The first column, labelled “Current”, shows how your site is configured right now, so you can compare this with our standard profiles.

We plan to expand this feature over the next few releases so, as always, please share your ideas on how you’d like to see this evolve.

#3 Automatic Integrations

An issue that’s popped up here and there with our members is that they’d like to have Shield detect when a 3rd party integration is possible, and activate it automatically in Shield.

For example, if you installed Contact Form 7, then ideally Shield would detect this and activate the integration without any extra work for you.

We’ve made this a configurable option in this release. Shield also won’t try to detect 3rd party plugins on every WordPress page load, so you’ll need to wait up to 60 seconds for an integration to be automatically activated.

#4 Minimum PHP: 7.4

As we outlined earlier in the year, we’ve increased our minimum supported PHP version to PHP 7.4. We outline the details and rationale for this change in the article, so if you have any questions that’ll be the place to get answers.

#5 Other Important Changes

We’ve added the following changes to this release.

  • Removed a redundant setting for controlling silentCAPTCHA on WordPress’ login forms. This is now simply controlled by checking the appropriate bot on the login, registration, lost password option.
  • Added “Conflict Protection” – some plugins because of how they’re constructed technically, introduce conflicts with our code and can cause PHP Fatal Errors and bring a site offline. To mitigate this we’ve introduced a system to pause Shield before this can happen. Currently on RSS Aggregator plugin is the only item for which we handle this for, but others will be added as-needed.
  • “WooCommerce Checkout” option is removed and this is automatically applied if the WooCommerce integration is switched-on.
  • Added a new Condition to the Custom Security Rules feature where you can query the hostname of a visitor (using Reverse DNS lookups). This may caused problems on some hosts without a reliable DNS system so we highly recommend using this rule alongside and operating after other Rule Conditions so that it’s only executed if absolutely required.

For further details on all changes, we recommend reviewing the Upgrade Guide that accompanies this release (as for all major releases).

Comments & Suggestions

For the full list of changes, we suggest you review the changelog for the plugin after the plugin has been released (due mid-December 2024).

As always, we welcome any feedback you may have. Please leave any comments below and we’ll get right back to you!