September 7, 2018 by Paul G. | Releases, Shield Pro

WP Shield Security – Release 6.9

Shield Image

The latest release for our WordPress security appliance is a big one in many ways.

We’ve added a whole new module that lets you monitor and review all web requests to your WordPress site, added a few new options and enhancements, and made some major improvements and bug fixes throughout the system.

This article will briefly outline the most important improvements.

#1 See Your Site HTTP Traffic With The Traffic Watcher (Pro-only)

Often it’s difficult to know what exactly is going on with your site if you can’t see it. How do you know if you’re getting “hit” if you can’t see the actual traffic?  Sure, if you had access to your Apache access log files, you can see exactly what’s happening.

But not everyone can do that, and not everyone wants to do it.

We often get support requests telling us that someone is being hit by “bots”, when in-fact there’s no way that they could know this. And often, what might appear to be bots, is legitimate traffic that they’re just not aware their site is configured to instigate.

Before you can debug a problem like this and assign meaning to it, you need to see what exactly is happening.

For this purpose, we’ve created the Traffic Watcher system in Shield Security v6.9.  On the surface it quite simple, but we want to very clearly lay out what it is, and what it is not.

Shield’s Traffic Watcher Is Not …

  • A traffic analytics system or any sort of alternative to analytics.  It has nothing to do with analytics.
  • It is not a security feature. It doesn’t secure anything; it doesn’t block anything; it doesn’t allow anything;
  • It is not a log analyser. It doesn’t use your apache/server logs or any other logs.

Shield’s Traffic Watcher Is …

  • A window; a view into your WordPress site traffic and any requests made to your WordPress site.
  • A log of HTTP requests made to your WordPress site that provides a summary of each request including:
    • time
    • IP address (and Geo-location)
    • WP username (if logged-in)
    • request path (including any query parameters)
    • the HTTP response code for the request e.g. 200 (a successful request)
    • whether the request was transgression against the Shield Security plugin

Traffic Watcher Options

This sort of information is great when you need it, but bulky and space-consuming when you don’t. So we have provided some important options to maximise the efficacy and the efficiency of this service.

Probably by-far the most important set of options are the traffic exclusions. This allows you to monitor a specific sub-set of traffic to keep your logs to a minimum with as little “noise” as possible.

Please note that any web requests that match any active exclusion will not be logged in the Traffic Watcher system.

Your possible traffic exclusions are:

  • Simple requests – any requests that do not contain any data parameters either in the GET query, or in the POST data.
  • AJAX
  • Logged-In – any requests made by a user that is considered to be “logged-in” to the WordPress site.
  • WP Cron
  • Search Engine Spiders/Bots – supports Google, Bing, and Duck Duck Go (at the time of writing)
  • Uptime Monitoring services – supports StatusCake, Pingdom, Uptime Robot

As well as having exclusion rules to keep your logs to a minimum, we provided an option to automatically disable the logging system after 1 week.

This is so that you don’t turn it on and then forget about it, leaving the system logs traffic indefinitely, which would be a complete waste of resources.

Note: The Traffic Watcher module is a Pro-only feature.

#2 Multiple Yubikeys Per User Profile (Pro-only)

This is a feature that we’ve had requested many times.

We use Yubikeys here to secure some of our most important services and assets, but as with any Multi-factor authentication device, we’re always nervous if it breaks or gets lost.

This is the same with Yubikeys if you’re using them on your WordPress sites – losing your Yubikey could cause some major headaches.

So with Shield v6.9.0 (pro-only) users can now add as many Yubikey devices to their accounts as they’d like!grea

#3 Other Shield Improvements

Here are some of the more significant improvements with Shield 6.9:

  • Option to delete the Security Admin Access Key.
    – It’s rare that this is needed, but sometimes it’s handy to just remove the access key rather than disable the whole module (especially if you’re using White Label).
  • AJAX Security Admin session checking.
    – If your Security Admin session has timed out, Shield now warns you and prompts you to reload.
  • Password Policies system now redirects users to password reset page.
    – We got feedback that redirecting users to their profile pages was confusing, so instead we direct users to WordPress’ password reset form.
  • Added WooCommerce and Easy Digital Downloads user roles to the Email 2FA settings
    – Now you can enforce email-2FA for your Shop Workers, Managers, and even Customers.
  • Delete ‘forceoff’ from inside the WP admin
    – You no longer need to use your FTP/File browser to remove the ‘forceoff’ file.
  • Audit Trail message improvements
    – Shield now identifies the actual PHP file used to send emails (so you can track it better) and also identifies Post types when posts are updated.
  • Loads of other bug fixes and system improvements
    – We fixed bugs and rewritten and improved our database code, bot-checking javascript code, sessions handling, stats code, login cooldown, plugin/theme guard.

This is a huge release in many ways and has undergone a lot of testing and refinements. But with so many changes, it’s quite possible something gets overlooked.

As always, please drop us a line if there’s something you’d like to see, or if something doesn’t quite as you’d expect.

Hey good-lookin'!

If you're curious about ShieldPRO and would like to explore the powerful features for protecting your WordPress sites, click here to get started today. (14-day satisfaction guarantee!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and so much more.

Try ShieldPRO Today →

ShieldPRO Testimonials
@rankmyhub's Gravatar @rankmyhub

Good Security Plugin

The plugin is very good and offers lots of features, which were missing on some other commonly used plugins. I like CSP and other features in this plugin, which is the main reason for me, to switch to this plugin. Very helpful for someone intrested to implement security headers information,…

@maxpay's Gravatar @maxpay


I am running the free version, works great , I recommend it to my friends

@geoectomy's Gravatar @geoectomy

Way, way under-priced

Seriously. There are plugins out there that are charging fifty dollars for a couple of lines of code. But this one… holy crap! This is the first plugin I’ve purchased. And it’s a subscription plugin at that! The reality is that the OneDollarPlugin team provides an immense amount value for…

@majid966's Gravatar @majid966

its the best : )

easy and great : )

Leave a Comment

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese