Shield Security Pro 7.4 brings a few wonderful improvements to our ability to control WordPress users.
Until now Shield has helped us regain more control of user sessions and how they operate. But until now we’ve had no way to control user account from a higher level.
In this article, we’ll outline the added features you now have to control users and also some bonus options when it comes to users and comments they post to your site.
#1 Manually Suspend WordPress Users
Until now, WordPress user accounts are either on, or non-existent. There’s been no option to suspend user account such that they’re still on your site, but login isn’t permitted.
Shield 7.4 brings the option for any admin to suspend a user and prevent any further login. It doesn’t delete the user, or affect their posts or change any other aspect of the account.
It simply prevent authentication by that user and thereby no login is possible.
Only the admin may un-suspend these accounts.
#2 Automatically Suspend Inactive Users
The real power of security plugins like Shield is automation. Manually suspending an account is useful when it needs to be done at a certain point of time, but this doesn’t scale.
So you need the ability to suspend users once certain conditions are met – for example expired passwords, or inactivity.
#3 Comments SPAM and Building Better Trust With Visitors
WordPress has this option available to help manage WordPress comments:
This works on the following simple principle:
- A person has previously posted one comment and it was approved by an admin.
- The approval whitelists this visitor as being trusted to post comments in the future.
- All future comments from this visitor/user will be automatically approved.
Sounds fair, right?
This presents a problem because there’s nothing to say that because a person posts 1 comment that wasn’t considered spam, their future comments will be acceptable.
In-fact, 1 strategy that spammers can take is to post a harmless comment, have it approved, and then come back later and post more spammy comments knowing that they’ll be accepted automatically.
This issue can now be mitigated by Shield Security by increasing the minimum number of valid comments from one to ‘as many as you like‘. Even increasing this to two will go a long way to reducing spam and helping you identify spammers that employ the tactics above.
#4 Protecting Against Comments SPAM By Registered Users
Until now Shield has automatically bypassed scanning of comments by visitors who are logged-into a site. The idea is that since a registered user has been vetted, then they’re not likely to be spammers.
Experience has taught us and our clients that this isn’t in-fact the case.
Now, with Shield Security Pro, you can set Shield to automatically trust certain user roles, and not others. In this way, “subscribers” on your site will also have their comments vetted in exactly the same way as non-registered visitors.
Both this option, and the one above for minimum comments can be access from the Comments SPAM module and will look like this:
Sneak Peak to Shield Pro 7.5 – Malware Scanning
For each release, we try to bring a bit of a sneak-peak to the upcoming features for future Shield releases.
We’ve been working away at a few different features for Shield Pro and the next one to be released, hopefully for early
June July 2019, is a brand-new Malware scanner.
To begin, it will focus on the following:
ABSPATH‘ – this is the directory that contains your
- automatic repair of WordPress core files
- automatic repair of WordPress.org plugins
- scanning of page/post content will not be available for the first release but coming soon after.
Comments, Questions and Suggestions
If you have any questions about these new features or anything else to do with Shield 7.4, please do post them below.
Some of these options are available on the free version of Shield, and some are only available with Shield Pro. To get access to our customer support team, these new features and all our Shield Pro features, you can upgrade here at any time.
5 Stars is not enough; HIS GOES TO 11, and the plug-in is Great Too!!!
Simple is as Simple does
I like the simplicity of the tool and it’s reporting capabilities. I had a web developer put up our website on the 11/25/15 and by 11/28/15, it had been hacked by a brute force attack. The developer was building a new site for us and unbelievably put our site up…
Great Plugin and Even Better Support
I had an issue getting the Rename Login setting to work. I posted to their support forums and got immediate and constant responses. They even provided an updated version of the plugin to help with my troubleshooting. In the end it turned out to be an issue with my Apache…