We’re continuing our improvements to Shield’s WordPress malware scanner, while also introducing simple reporting from the statistics module.
#1 What’s new in the WordPress Malware Scanner?
If you’ve been following along, you know Shield’s malware scanner is becoming progressively smarter with each release.
And Shield Security Pro 8.4 is no different!
In the last release, we brought in a huge feature where alongside gathering information about whole files, the Shield Network now gathers data on individual lines of code that trigger the scanner.
This helps the scanner work out that if a file has changed, but the critical line of code that triggers the scanner hasn’t changed, we can filter these results from those that you see.
This means that even fewer false positives will make their way into your results. And this means less for you, as the WordPress admin, to manage and analyse.
If that was brought in with Shield 8.3, why are we talking about it here? Because, with information on whole files, and lines of code, Shield’s Network Intelligence allows us to make “inferences”, or predictions if you like, about code that Shield has never seen before.
Wait… what? How?
Let’s work through this scenario:
- Shield’s malware scanner captures a suscipious line of code.
- The admin examines it, and determines that yes, it is in-fact malware.
- This gets sent to the Shield network. The information that gets sent is:
- filename, for example,
wp-hack.php
- an SHA1 hash of the file, for this example we’ll say it’s
ABC123
- an SHA1 hash of the line of malicious code, we’ll say,
DEF456
- filename, for example,
- Then let’s say another site scans a file, with a different filename and discovers a suspicious line with the same hash as above:
DEF456
- The Shield network can’t say for certain it’s malicious, but it’s been spotted before in a different file and which was known to be malicious. So when our API is queried, we can provide a confidence score that indicates whether it’s malware.
This means that it’s far less likely a file with the same line of code will remain undiscovered on a WordPress site.
The same can be said in reverse. If a line of code that seems to be malicious, but isn’t – a false positive – appears within files of different names, the API can lend confidence to the probability that it really is a false positive, and filter it from results automatically.
As we mentioned in our previous article, knowing whether a file is a “false positive” is just as important as knowing whether it really is malware.
The ability to infer confidence to unknown/unseen code, based on other “known” malware or false positives, is the new feature that comes with 8.4.
In summary: Shield’s WordPress malware scanner is just plain smarter than ever!
#2 Statistics and Charts
With the release of the Shield 8.0 series, we introduced a huge number of enhancements under-the-hood.
One of those features was a completely rewritten auditing and event tracking system.
The Shield Security plugin has, since its 8.0 release, been counting the occurrence of every event on every site it’s installed on. It’s all stored on your sites’ database, ready and waiting to be used.
And Shield 8.4 is going to start using them. It’s a small step for now, but more is coming.
You can see these charts for each of your sites on the Overview screen of the Shield Security dashboard.
We’re presenting some simple charts for now that cover the most important events on a site, and only for the past 7 days. It demonstrates the power that the new event-tracking system has in reporting to you the level of protection that Shield is providing for all of your sites.
Shield 8.5 and beyond will expand upon this and begin to provide more in-depth reporting for our Pro customers.
#3 Refactored Comments SPAM Protection
Ever since we released our comments spam feature (many years ago!) it’s been implemented as in-line Javascript. That means that the code is inserted straight into the page source code.
This is far from ideal and it can mess a little bit if you want restriction on Javascript code with your Content Security Policy.
So we decided to rewrite it, clean it up, optimise it a bit and generally make it a better experience.
For those that want to know the details, you’ll now see that:
- there’s a new JS file included on your posts:
shield-comments.js
- this should only be included if there is a comment form on the particular page.
- the automated bot-thwarting part comes in 2 stages:
- the checkbox generation (a Javascript-generated checkbox)
- the unique comment token required to successfully submit a comment is only generated and requested when a visitor clicks this checkbox. (This is different where before now the token was generated on each page load and included in the page source).
#4 Further Shield Security Improvements
In this release there is a huge raft of code cleanup being undertaken. This stems from the huge changes brought in with Shield 8.0 where much of the code was completely rewritten.
This makes the Shield plugin a bit smaller, cleaner, and altogether tighter than ever. Our best Shield Security release to-date!
If you have any other questions about this release, or you’d like clarification on anything we’ve raised here, please do let us know in the comments below.
Thank you as always for your support!