Shield Security Pro 8.0 is a massive release for everyone.
It’s taken over 3 months to build and test all the changes because so much has changed. When you look at the UI, you’ll not see too much difference, but the changes under-the-hood are extensive.
In this release article we’re going to dig a bit deeper into what’s new and changed, and what exciting things this will bring for the future.
#1 All-New WordPress Malware Scanner
Infections in the WordPress filesystem is a huge problem and seems to be ever-growing.
Shield Security has had tools to combat this problem, and while they fulfil their role very well, they are none-the-less limited in their scope.
To-date, Shield has been able to:
- detect modifications to WordPress core files (as this would indicate some sort of injection into the file).
- detect any files in the core WordPress directories that don’t belong there.
- detect changes to plugins and theme files (as this would also indicate some sort of file injection)
These detection features are great, and they serve a valuable purpose, but they’re each limited for the same reason: they can only scan files where Shield can determine which files should or should not be there legitimately, and what their content should be.
But what about every other file on your WordPress site?
This is what the new Malware scanner is designed to work on – a complete file scanner which examines every PHP file within your core WordPress directory looking for common malware patterns.
To learn all about the new Malware scanner, please see this article here.
#2 Brand New Shield Events System
This feature is a little meta, but it now is core to practically everything Shield Security does.
We want to bring meaningful statistics and reporting to Shield, but the current platform just didn’t have the structure necessary to do this well.
Until now, Shield was tracking audit trail events, and also tracking transgressions/offenses against the site which allows Shield to then ultimately blacklist a visitor/IP address.
These 2 systems were completely independent and so you had the case where some events were being logged in the Audit Trail but not marking offenses against IPs, and then the other way about.
We wanted to complicate matters even further by adding a 3rd tracking system for statistics.
It was going to be a nightmare.
Instead, we decided to make the necessary investment. We scrapped the current implementation entirely and rewrote it from the ground-up.
It was tough going, but in the end in paid off.
It’s given us a flexible events system into which we could plug our IP blocking, Audit Trail, and Statistics modules. And that’s not all. With the redevelopment we were able to optimise the Audit Trail database too so that instead of saving events into the database as “text”, we now save “keys” which then reference the necessary text.
Shield then use these keys, feeds them through the WordPress translation/localisation system and provides a fully localized Audit Trail (even after you switch languages!).
If English isn’t your native language then perhaps this isn’t a big deal for you, but it now means all our international clients can view the Audit Trail consistently in the language of their choice (where translations have been made available).
#3 Full Translations for 9 Languages
As part of the #2 above we mentioned great benefits to the Audit Trail. But that’s not much good unless we have the translations in-place to take advantage of it.
So we decided to do something about the state of our Shield translations for this release. So with Shield 8.0, we’ll have 100% (or near-100%) translations for the following languages:
We’re going to continue adding translations, but we think 100% for these languages is a wonderful start for our international clients.
#4 New Scanning Architecture
With many web hosting platforms, there’s a hard limit on the maximum time a PHP process can run. We’ve seen it go as low as 15 seconds.
That means, if your webpage doesn’t finish loading within 15 seconds, the web host will kill the entire process. Yes. Kill it, dead.
This is fine if your site loads within that time window. But for other purposes, such as file scanning, this is a huge problem.
To address this, we completely rebuilt Shield’s scanning architecture. The new scan system runs asynchronously so that when a scan is scheduled, it runs in the background while you wait.
#5 Better Admin Notices
You may have found that when you create/login-as a new admin user, you get repeated Shield admin notices at the top of the dashboard.
This was because of the way Shield was tracking these notices – it was on a per-user basis. This meant that any new admins got all the same notices every other admin had already seen or dismissed.
We’ve completely redesigned our notices so that they:
- only appear once in the lifetime of the plugin installation, if they only ever need to be shown once; and
- they appear only in Shield’s admin screens, and outside of these screens wherever this is most appropriate.
While not ground-breaking, these improvements will make the admin life feel a little less cluttered.
#6 Much, Much More With Prep For The Future
Suffice it to say, this is one of our biggest releases to-date. A lot’s changed and we’ve only covered some of the most significant items here.
Github reports: 488 changed files with 28,915 additions and 37,533 deletions.
Some of the new features, like the events system (#2) wont appear to change your experience at-first, but it opens up the door to statistics and reporting, which we know many of you are looking forward to.
We’ve got heaps more coming even before the end of the year, but for now, we trust that with all these new features, you’ll feel that Shield Security Pro 8.0 has been worth the wait!
If you want to upgrade your Shield Security to Pro, you can upgrade here at any time.
Shield gives me peace of mind
Love this plug in to help secure my wordpress websites. Easy to install and use.
This is a neat security plugin. Gets the job done quickly and easily.
Excellent Security Plugin!
I’ve been using Shield Security on my 15+ sites for quite some time. Has many top security features, but is not overly complicated to configure like some security plugins. The email support is very commendable. Also has a great UI with good explanations for each feature.
Great plugin for security. Definitely recommend it!