Development Changelog:
Shield Security For WordPress

22.0

Released: May 20, 2026 - Release Announcement | Upgrade Guide 22.0 ↗

Patch Releases

Main Release (22.0.0)

• NEW: A Clearer Picture of What Needs Your Attention
  The dashboard guides you through your security work in a logical order: what to fix, what to investigate, what to configure, and what your reports are telling you. The WordPress dashboard widget shows the same priority items as the Actions Queue, so you always know where things stand without digging.
• NEW: Actions Queue: A New Workspace for Security Tasks
  The Actions Queue separates urgent issues from follow-up work, so you're not wading through a flat list to figure out what actually matters. Scan findings, maintenance tasks, File Locker items, and quick actions are easier to review and act on from one place.
• NEW: Investigate: A New Way To Find Answers
  Investigate has dedicated views for users, IPs, plugins, themes, core files, live traffic, and sessions, so you go straight to what you're looking for. IP analysis shows more at a glance: clearer summaries, identity details, and the actions you actually need.
• NEW: Configure: A New Way To Review Your Security Setup
  Configure shows security coverage, weak settings, and next steps in one place. In-place search helps you find and open settings without losing your place.
• NEW: Reports: A New Workspace for Security Reporting
  Reports gives you clearer summaries, trend charts, and cleaner report management. It's also easier to review and clean up reports you've already run.
• IMPROVED: silentCAPTCHA v3
  silentCAPTCHA now uses a stronger challenge system behind the scenes. Real visitors still don't need to solve puzzles or click image challenges, while bots now face a stronger background challenge before Shield trusts them. Challenge strength can be tuned for your site, with Adaptive mode balancing stronger bot protection against visitor device performance.
• IMPROVED: Live Monitoring and Logs: More Signal, Less Noise
  The dashboard shows a live activity feed so you can see what's happening on your site while you work. Traffic and live logs show more useful detail about each request, while filtering out routine admin noise like AJAX and heartbeat traffic. Less useful logs are cleared sooner, while more useful events are kept longer.
• IMPROVED: Scan Handling
  Scans are faster and more reliable, especially on larger sites and when reviewing results. Scan result pages keep more context while you work through findings. Shield is also better at recognising when scan queues have finished, reducing stuck or incomplete scan states.
• IMPROVED: Safer Admin Actions
  Sensitive admin actions now use clearer confirmation prompts, so it's easier to understand what will happen before you continue.
• IMPROVED: Better Keyboard Navigation and Admin Dialogs
  Keyboard focus is clearer and more consistent across Shield admin pages, tables, settings, dialogs, and MFA controls. Messages, confirmations, and error prompts are easier to follow with keyboard navigation and screen readers.
• IMPROVED: MainWP Site Actions
  MainWP site action controls are more reliable and easier to use, including with keyboard navigation. Common site management actions from MainWP now feel more consistent with the rest of Shield.
• IMPROVED: 2FA: Smoother Login and Passkey Upgrades
  The 2FA verification portal is cleaner and easier to use. Existing passkeys are handled more reliably during upgrades, so registered passkey logins keep working after Shield updates.
• IMPROVED: Improved PHP 8.4 Support
  Reduces PHP 8.4 deprecation warnings on sites running newer PHP versions.
• IMPROVED: Alerts and Reports
  Alerts are now properly distinguished from informational reports. They serve 2 completely different purposes and their content reflects this.
• IMPROVED: Release Stability Improved
  Automated tests and checks catch more issues before release.

21.2

Released: Feb 12, 2026 - Release Announcement | Upgrade Guide 21.2 ↗

Patch Releases

Main Release (21.2.0)

• NEW: Shield is now available in nearly 40 languages
  Translation coverage has been expanded so almost all Shield UI text can be used in your preferred language.
• NEW: On-demand language downloads
  Translations are fetched when needed, which keeps plugin installs leaner and reduces package size.
• NEW: Powerful search for Activity and Traffic Logs
  Use free-text and targeted filters to quickly find events by IP, user, email, event details, and metadata.
• NEW: Built-in search syntax helper
  An in-context guide helps you use advanced search patterns more effectively in log views.
• NEW: Major plugin UI refresh
  We've begun rolling out a UI refresh. Not all elements have been updated; more components will be completed with subsequent releases.
• NEW: Paid Memberships Pro checkout bot protection
  SilentCAPTCHA now protects Paid Memberships Pro checkout requests.
• IMPROVED: Faster and cleaner admin experience
  Dashboard visuals, page performance, and smaller-screen navigation have all been refined.
• IMPROVED: Improved log and scan performance
  Log tables load faster and stale malware scan records are cleaned up automatically.
• IMPROVED: Redesigned security reports and emails
  Reports are clearer, include richer inline insights, and avoid redundant email noise.
• IMPROVED: Biweekly report scheduling
  You can now run scheduled security reports every 2 weeks, in addition to existing reporting intervals.
• IMPROVED: Clearer Activity Log severity labels
  Activity events now use consistent severity labels so filtering and triage are easier.
• IMPROVED: Stronger upgrade and admin workflow reliability
  Upgrade handling, redirects, and WordPress admin notice behavior are more reliable and consistent.

21.0

Released: May 15, 2025 - Release Announcement | Upgrade Guide 21.0 ↗

Patch Releases

Main Release (21.0.0)

• NEW: Support for ShieldBACKUPS
  We're adding a new pro feature to provide vital disaster recovery options for your WordPress sites and data. More Info ↗
• IMPROVED: WooCommerce Bot Protection
  We've improved how Shield works to detect bots on your WooCommerce checkout.
• FIXED: Various small bugfixes

20.1

Released: Dec 10, 2024 - Release Announcement | Upgrade Guide 20.1 ↗

Patch Releases

Main Release (20.1.0)

• NEW: FileLocker Support For Theme functions.php
  We've added FileLocker protection for the the active theme's functions.php file.
• NEW: Security Profiles (beta)
  We've introduced the ability to apply pre-configured security profiles to save time during setup.
• NEW: Automatic Integrations
  Shield can automatically detect when a 3rd party plugin is active for which we have a built-in integration, and switch it on.
• NEW: Added new condition for Custom Rules: Hostname
  You can now check against the hostname of your visitors when creating custom rules.
• NEW: Support For Simple Membership
  Added silentCAPTCHA bot detection support for Simple Membership plugin. More Info ↗
• IMPROVED: PHP 7.4
  We've increased our minimum required PHP version to 7.4.
• IMPROVED: Refactored Login Cooldown System
  We've rewritten and improved the login cooldown system to work more directly with the silentCAPTCHA bot detection.
• IMPROVED: Added Conflict Protection
  Added protection against fatal errors caused by plugin conflicts. When conflict found, Shield is 'paused'. For now only plugin is WP RSS Aggregator.
• FIXED: NinjaForms Integration
  Changes in NinjaForms code meant our silentCAPTCHA integration wasn't firing when it should be.
• REMOVED: Removed Redundant Options Checkbox
  To simplify plugin configuration, we removed an unnecessary option checkbox leaving a single option to control silentCAPTCHA on the WordPress login forms.

20.0

Released: Jul 23, 2024 - Release Announcement | Upgrade Guide 20.0 ↗

Patch Releases

Main Release (20.0.0)

• NEW: Introducing silentCAPTCHA
  silentCAPTCHA is the umbrella term for Shield's built-in malicious bot detection technology. More Info ↗
• IMPROVED: UI Overhaul
  A part of our mission to simplify Shield for all our members, this release see the biggest overhaul of the UI for several years. We've completely removed the dedicated 'Configuration' sections and replaced them with contextual configuration links so you can easily configure the options for each zone independently. We've also removed several legacy options that are no longer practical.
• IMPROVED: Code and Performance Improvements
  We're continuing our efforts to purge Shield of legacy code and improve the codebase making it as fast and efficient as possible.
• IMPROVED: Optimised Autoload Size
  Reduced the size of the autoload option storage by ~50%.
• NEW: Added silentCAPTCHA Support for ARMember and ARForms
• CHANGED: Security Admin Not Required For Whitelabel
  The Security Admin feature no longer needs to be active for Whitelabel to operate.
• REMOVED: Plugin Options Removed
  Removed: email notification setting for automatic updates. Now uses the general plugin reporting email option. Removed: Automatically Update All Plugins & Automatically Update All Themes. Removed: Disable All WordPress Automatic Updates. Removed: WordPress Core Updates (minor/major/never). Removed: Send Report Email for Automatic Updates. Removed: Activity Logging to File. Removed: Force SSL Admin. Removed: Request Firewall options - WP Terms & EXE File Uploads. Removed: Firewall Block Response select. Removed: WP Generator tag removal option. Removed: All GASP JS deprecated options.

19.1

Released: Mar 25, 2024 - Release Announcement | Upgrade Guide 19.1 ↗

Patch Releases

Main Release (19.1.0)

• NEW: Instant Alerts
  You can now configure Shield to send you instant alert notifications for important events. (more events to follow)
• NEW: Scan Results Display Config
  You can now set Shield to display scan results that would normally be hidden because they've already been processed/ignored.
• IMPROVED: Code Rewrite & Cleaning
  Major overhaul of how the plugin works under-the-hood in order to simplify future development and speed-up processing.
• IMPROVED: Some improvements to how Shield handles WPMS
• NEW: Filter to prevent running of the Site Health Security component
  More Info ↗

19.0

Released: Mar 22, 2024 - Release Announcement | Upgrade Guide 19.0 ↗

Patch Releases

Main Release (19.0.0)

• NEW: Security Rules Builder
  The Security Rules Builder lets you design and build your own set of security rules for any security restrictions you desire. More Info ↗
• NEW: Support For ShieldPRO Extensions
  We'll soon release some Shield Security Extensions to build upon the Shield platform.
• NEW: Protection Against Session Theft/Hijacking
  You can now lock user sessions to IP addresses, User Agents, or both. This helps to prevent session theft and hijacking, and re-use of user sessions on other devices. More Info ↗
• IMPROVED: User Sessions Filter By Username
  You can (again) filter the user sessions table by usernames.
• IMPROVED: FileLocker Improvements
  Updated the FileLocker system to ensure compatibility with the Shield.NET API. More Info ↗
• IMPROVED: Geolocation
  Added some basic geo-location data that comes from CloudFlare (if you use it) to allow for rules that use Geolocation data. A ShieldPRO extension will be provided at a later date to offer Geolocation data options beyond CloudFlare.
• FIXED: Improved Passkeys Platform Support
  Ensure Passkeys can be used on hosts that don't have the GMP extension active. More Info ↗
• IMPROVED: Code Rewrite & Cleaning
  A lot of plugin code has been rewritten to use the newer Rules Engine, improving performance & reliability.

18.5

Released: Nov 20, 2023 - Release Announcement | Upgrade Guide 18.5 ↗

Patch Releases

Main Release (18.5.0)

• NEW: Passkey/WebAuthn/FIDO2 Support
  Seamless WordPress Two-Factor Authentication with support for all FIDO2-compliant devices and Passkeys.
• NEW: Email 2FA Auto-Login
  Email 2FA option to provide automatic login links alongside 2FA codes.
• NEW: Site Lockdown
  You can now completely lockdown access to your site to prevent any access whatsoever. All traffic will be met with a block page, except for IP addresses present on the bypass/whitelist.
• NEW: Export IP Rules
  Download all IP Rules as CSV.
• IMPROVED: Complete Javascript Rewrite
  All plugin Javascript code has been completely cleaned & rewritten.
• IMPROVED: Realtime Dashboard Updates
  The dashboard progress meters are automatically updated as settings are changed via Analysis tabs. Further improvements to come.
• IMPROVED: Bot Detection Javascript Improved
  NotBot JS javascript is more reliable and handles page caching nonce-staleness better.
• IMPROVED: Link-Cheese Honeypot Is Improved
  Some improvements have been made to the reliability of the Link-Cheese feature.
• IMPROVED: User Sessions Management
  Users sessions table now uses our new UI.
• IMPROVED: Navigation Improvements
  Automatically selects the previously active navigation tab when page is reloaded.
• IMPROVED: Optimised Plugin Assets
  All plugin JS & CSS are optimised, built and packaged using Webpack.
• REMOVED: Google reCAPTCHA and hCAPTHCA
  reCAPTCHA has been deprecated for over a year already and have finally been removed from the plugin. Consider using Shield's silentCAPTCHA feature.

18.4

Released: Sep 26, 2023 - Release Announcement | Upgrade Guide 18.4 ↗

Patch Releases

Main Release (18.4.0)

• NEW: Improved Page Loading Performance
  Performance improvements for page loading & TTFB through various optimisations.
• NEW: Developers: New Filters
  Provide a filter for admins to adjust the lost password URL for suspended users.
• FIXED: 2FA Login Redirects
  Fixed a rare scenario where the redirect_to flag for WP logins wasn't being completely honoured when 2FA was used.
• FIXED: Google Authenticator QR Codes
  Fixed broken rendering of QR Codes for Google Authenticator.

18.3

Released: Sep 18, 2023 - Release Announcement | Upgrade Guide 18.3 ↗

Patch Releases

Main Release (18.3.0)

• NEW: Custom Reports
  You can now create custom reports on-demand, for any period for which you have data.
• NEW: Live Traffic Log
  You can now temporarily switch the Traffic Log to live logging mode to capture all WordPress requests.
• NEW: Live Traffic Log View
  Live logging tool lets you view all requests sent to the site, and automatically refreshes with the latest requests.
• NEW: Reports Archive
  Automated and manually-created reports are now full HTML pages and are saved/archived for future reference.
• NEW: Enhanced Summary Dashboard
  We've created a brand new dashboard, to be used as a launchpad for many security actions.
• NEW: Traffic Log Download
  All traffic logs can be downloaded to plain-text log files.
• IMPROVED: Breadcrumbs For Better Navigation
  Navigating the plugin and various pages is improved and more intuitive for users.
• IMPROVED: User Sessions Management
  Improved the loading of user sessions to be more thorough.
• IMPROVED: Activity and Traffic Logging Conflicts Resolved
  In the case that logging was disabled where you had a conflicting PHP logging library, logs are now available for you again.
• IMPROVED: Many Code Improvements
  Major reworking and improvements of code for reliability and performance.

18.2

Released: Jul 26, 2023 - Release Announcement | Upgrade Guide 18.2 ↗

Patch Releases

Main Release (18.2.0)

• NEW: Change Reports
  You can now create summary and detailed reports for important changes on your WordPress site. More Info ↗
• NEW: Additional Event Logging
  Shield now captures events such as plugin/theme uninstallation and user password updates. More Info ↗
• NEW: Enhanced Event Logging
  Shield now logs changes to the site that were done 'outside' of the WordPress environment. It can capture changes to critical WordPress core options that were modified directly on WordPress DB, for example. More Info ↗
• NEW: Protect WordPress Permalinks Option
  Security Admin now protects the WordPress Permalinks and the New User Default Role options.

18.1

Released: Jun 8, 2023 - Release Announcement | Upgrade Guide 18.1 ↗

Main Release (18.1.0)

• NEW: Add Bot-Protection Support for more 3rd party plugins
  Plugins include: 'Classified Listing', 'ProfilePress'
• NEW: Support and integration with WP Umbrella
  Ensures that requests coming from WP Umbrella are never interrupted or trigger Shield's defenses. More Info ↗
• IMPROVEMENTS: Huge underlying code cleanup and improvements..
• IMPROVEMENTS: Improved fallback support for Bing Search Engine Bots and SEMRush.
  If your site is having temporary rDNS lookup issues and can't verify the Bing bot, we've provided some fallback mechanisms.
• IMPROVEMENTS: Improvements to Plugin Notifications.
• IMPROVEMENTS: Upgraded Assets, such as Bootstrap to the latest available.
• FIX: Bug: Filelocker wasn't always creating the file lock correctly.
• FIX: Bug: Incorrectly identifying Contact Form 7.
  Shield would report Contact Form 7 is installed, when it wasn't.

18.0

Released: Apr 17, 2023 - Release Announcement | Upgrade Guide 18.0 ↗

Patch Releases

Main Release (18.0.0)

• NEW: MAL{ai} - Artificial Intelligence for WordPress Malware Detection
  More Info ↗
• NEW: File Scan Areas Option
  We've added new scan areas, in particularly the entire /wp-content/ directory, and the WP installation root directory. You can now select these to be scanned - you'll have more results to review, but you'll have more visibility on the files sitting on your site.
• NEW: Added Extra Protection To Security Admin
  We've added some protection against adjustments to the WP Default User Role option within the Security Admin system.
• NEW: Toggle Security Analysis Overview
  Added the option to view your Security Overview as either ShieldFREE or ShieldPRO.
• IMPROVEMENTS: Improved, More Compact Plugin Layout
  We've received a number of piece of feedback about the latest plugin layout and have restructured some elements to be more compact. This cleanup ensures we waste less space on the screen and can display more content that you need to see.
• IMPROVEMENTS: Scan Results Display
  We've continued with our tweaking of the Scan Results pages, making them faster to load and easier to read.
• IMPROVEMENTS: Plugin Code and Performance
  We've continued our code clean-up and code enhancements, following our previous major release.

17.0

Released: Feb 28, 2023 - Release Announcement | Upgrade Guide 17.0 ↗

Patch Releases

Main Release (17.0.0)

• NEW: UI Enhancements
  We've made huge progress forward in improving the Shield Dashboard interface making it easier to get to exactly where you need to. Shield is a big plugin, so organising all the tools and features is a challenge, but this is our best UI yet!
• NEW: WeForms Integration
  We've added native support for protection against contact form SPAM directed against WeForms.
• IMPROVED: Much Improved IP Rules Management
  IP Rules management could be slow as the IP rules table grew, but we've done a lot of work to speed this up.
• IMPROVED: Much Improved File Locker
  The OpenSSL encryption process has been hugely improved in order to run better on newer systems that don't support legacy encryption ciphers.
• IMPROVED: NotBot JS Improvements
  Following some feedback and issues reported with SiteGround, we've made a few enhancement to the NotBot JS code.
• IMPROVED: Filter Tables By Date
  The Activity Log and Traffic Log can now be filtered by date, letting you quickly find the logs you need.
• IMPROVED: Better Security Overview
  We've made some adjustments to how the Overview dashboard is created alongside tweaks to the scoring logic. We've also aligned the Admin dashboard widget score with the overall Shield Dashboard score.
• IMPROVED: Major Code Overhaul
  Nearly all functionality of the plugin has been rewritten and improved.
• NEW: Whitelist/Bypass IP Are Included In Exports
  It is now possible to share Bypass IPs from a master site to its client site using the import/export feature. Only IP addresses added after the upgrade will be included in any subsequent exports.
• IMPROVED: Much Improved Automatic Import/Export
  The process of automatic notification of client sites to import configurations from the master site has been much improved.
• IMPROVED: Better Plugin Search
  We've improved the UI for searching the plugin alongside adding the ability to search for partial IP addresses.
• IMPROVED: Pwned Passwords API
  We've made our implementation of the Pwned Passwords API more forgiving of API errors. Instead of blocking passwords when there's an error with the API, we bypass the test altogether allowing the request to succeed.
• IMPROVED: Plugin Re-Install Feature Improved
  Depending on your particular plugin soup, the plugin reinstall feature could fail.
• CHANGED: Removed Reporting Module
  As part of our focus on simplifying the Shield plugin, we've removed the separate Reporting module. You'll still get email Reports, but the options are now configured under the General Settings module.
• CHANGED: Minimum PHP Version: 7.2
  To stay ahead and on top of the latest developments in our PHP libraries, we've pushed our minimum PHP version to 7.2. More Info ↗
• CHANGED: Minimum WordPress Version: 4.7
  Based on Shield telemetry data, we're pushing our minimum supported WordPress version up to 4.7. We'll continue to push this upwards as usage data suggests it make sense to do so.
• REMOVED: Removed Password Policy Option: Minimum Password Length
  Shield has an option to enforce minimum password strengths, and also an option to enforce minimum length. Enforcing password length is unnecessary when a more holistic password strength meter is also applied.

16.1

Released: Sep 12, 2022 - Release Announcement | Upgrade Guide 16.1 ↗

Patch Releases

Main Release (16.1.0)

• NEW: CrowdSec Partnership
  Shield Security and CrowdSec are now partnered to deliver powerful IP block lists to WordPress sites. More Info ↗
• NEW: Complete Rewrite of IP Rules System
  The previous system for block/black and bypass/white lists was quite old and needed completely upgraded to handle the CrowdSec integration. The new system is far faster and smarter with a much-improved table display.
• NEW: Custom Activity Log Events
  There is now the option to log custom events to Shield's Activity Log. It's impossible that Shield can log every possibly event for every plugin and scenario, so you can now add logging for all your desired site events. This is an advanced option and will require professional software development experience to implement. More Info ↗
• NEW: Super Search Box
  The Super Search Box is accessible and visible from every page inside the plugin. You're currently able to search for configuration options, tools and IP addresses.
• NEW: Improved Scan Results Display
  Eliminated errors and slow processing when displaying scan results pages for large datasets. Shield now uses highly optimised queries to request only the records required to display the current table page.
• NEW: Improved Human Comments SPAM Detection
  Based on some customer feedback we'd improved Human Comment SPAM detection. Shield will now also look at recently posted comments by the same IP addresses when deciding whether a comment is SPAM.
• NEW: Beta Access Option
  A new option is provided to allow easy access to beta version of the Shield Security plugin. More Info ↗
• IMPROVED: Shield Nav Bar
  Shield offer a much better navbar on the dashboard with built-in search, helpdesk links and updates.
• IMPROVED: Protection Against Unauthorised Deactivation
  The Security Admin feature that protects against unauthorised deactivation has been further strengthened with offenses.
• NEW: Logging: App Password Creation
  Shield now captures creation of new Application Passwords in the Activity Log.
• NEW: Removed: Leading Schema Firewall Rule
  This rules flags too many false positives for members.
• CHANGED: Minimum WordPress Version: 4.7
  Based on Shield telemetry data, we're pushing our minimum supported WordPress version up to 4.7. We'll continue to push this upwards as usage data suggests it make sense to do so.
• FIXED: Various Fixes
  • Mitigate a fatal error caused by the latest wpForo plugin passing NULL to locale filters.
  • Bug when specifying a particular list when adding/removing an IP address using WP-CLI.
  • Shield now correctly honours WordPress' built-in 'disallowed keywords' feature when flagging comments for spam.
  • Shield no longer attempts to solve the issue of invalid 'from' email addresses on a WordPress site.

15.1

Released: Jun 6, 2022 - Release Announcement | Upgrade Guide 15.1 ↗

Patch Releases

Main Release (15.1.0)

• NEW: Optimised File Scanning
  Significant optimisation in file scanning with reduction of full file scan times by up to 66%. For example, if a file scan would have normally lasted for 3 minutes, it'll now take less than 1 minute. This means faster scanning, less waiting, and much lighter load on your servers by using fewer resources.
• NEW: Happy Forms
  Full support available for SPAM protection on Happy Forms.
• IMPROVED: Whitelabelling
  We've refactored our white labelling feature to ensure your custom brand displays more consistently throughout the plugin.
• IMPROVED: Automatic Visitor IP Detection
  The 100% fully automatic detection of visitor IP addresses is a lofty goal and with each release we get a bit closer. You can always help Shield by manually setting your Visitor IP source option: Shield > Config > General IP Source.
• IMPROVED: Plugin Loading
  Shield is a large and complex plugin so we've done a lot of work to help ensure it's more reliable when loading.

15.0

Released: May 9, 2022 - Release Announcement | Upgrade Guide 15.0 ↗

Patch Releases

Main Release (15.0.0)

• NEW: Rules Engine
  Massive performance and processing optimisations with a brand new core Shield Rules Engine. All requests are now processed using a unique and customisable (future releases) set of rules. More Info ↗
• NEW: Brand New Shield Block Pages
  We now offer more user-friendly block pages to the visitor for all scenarios: firewall, IP block, username fishing.
• NEW: All-New Dashboard Overview
  The Shield Dashboard Overview provides detailed and actionable insights into your WordPress security and how to improve it.
• NEW: All-New WordPress Dashboard Widget
  The original WordPress Admin Dashboard widget was pretty basic, so we've completely revamped it with some of your latest site activity.
• NEW: Removed: Legacy Comment SPAM Detection
  We've completely removed the older, less reliable comment spam detection using Javascript and CAPTCHAs. Please use the newer silentCAPTCHA.
• IMPROVED: Visitor IP Source Detection
  It's critical that Shield can get the correct visitor IP address. Unfortunately many webhosts drop the ball when it comes to their configurations. We've added a completely automated and highly reliable method of determining the best source for Visitor IP addresses. If it's there, Shield will find it.
• IMPROVED: Shield Dashboard Navigation
  We've done quite a bit of work to smooth out and simplify Shield's admin UI making it easier to navigate and find what you need.
• IMPROVED: Massive Performance Improvements
  Shield has undergone major enhancements and performance improvements.

  • Removed duplicate and unnecessary DB requests.
  • Consolidated and removed many excess WP Transients (fewer DB requests).
  • Optimised several DB queries.
• IMPROVED: Author Discovery/Fishing
  This feature is now a Bot Signal which is recorded in the Activity Log and triggers offenses.
• IMPROVED: New Filters: Adjust scanner notices about plugin/theme update/active status
  You can now use filters to adjust whether Shield warns about inactive plugins/themes or those with updates.
• IMPROVED: A New WP Filter To Add Custom Shield Template Directory
  If you're looking to adjust some of our page templates, such as the block pages, you can now provide custom templates more easily using the new filter.
• CHANGED: Audit Trail Renamed to Activity Log
• CHANGED: Deprecated: Options For CAPTCHA and GASP Bot Checking On WordPress Login Forms
  The options to use CAPTCHA and/or GASP Bot Checking for WordPress Login SPAM has been deprecated. These options are replaced with the silentCAPTCHA and will be completely removed in a future release.
• CHANGED: Option Removed: Auto-Filter Scan Results
  Shield will now filter unnecessary scan results automatically. This option can now be adjusted using a WP filter.
• CHANGED: Option Removed: XML-RPC bypass option
  This option can now be adjusted using a WP filter.
• CHANGED: Options Removed: XML-RPC bypass option
  This option can now be adjusted using a WP filter.
• FIXED: Numerous bug fixes
  • Broken password reset links in some cases when using hidden login page
  • fix for some scan results browsing errors
  • help ensure forward compatibility for sites with newer TWIG libraries also installed

14.1

Released: Mar 14, 2022 - Release Announcement | Upgrade Guide 14.1 ↗

Patch Releases

Main Release (14.1.0)

• NEW: Complete REST API
  Partners and developers can now manage the Shield Security plugin completely with the new REST API.
• NEW: REST API Routes
  New REST API endpoints let you manage many areas of the Shield Security plugin.

  • get/set any single option, or group of options
  • get scan results & status, and start new scans and check their status
  • add/remove IP addresses to/from any list (block or bypass)
  • check for, and remove, ShieldPRO license
  • run Debug to get general site information summary for debug purposes

  More Info ↗
• NEW: Option To Load Shield as a WordPress Must-Use (MU) Plugin
  To prevent unwanted or accidental deactivation of the Shield plugin, Shield can be converted to an MU plugin.
• NEW: Show Recent User Session In Admin Bar
  Show quick links to recently active (10 minutes) user sessions in the admin bar and the most recently active sessions.
• NEW: Support For Application Password Authentication Failures
  Shield detects and logs when application passwords have been used incorrectly and applies offenses.
• IMPROVED: Speed-Up For Audit Trail and Traffic Log Tables
  Audit Trail and Traffic Log tables are usually huge and loading them were slow. They're now entirely AJAX based and fast-loading.
• IMPROVED: Support 3rd Party Traffic Log Handlers
  3rd parties can now easily integrate with Shield's Traffic Log to send log records to any destination.
• IMPROVED: Support 3rd Party Audit Trail Handlers
  3rd parties can now easily integrate with Shield's Audit Trail to send log records to any destination.
• IMPROVED: IP Record Management Error
  When inserting a duplicate IP address record into the database, we now INSERT IGNORE to reduce error messages in logs.
• IMPROVED: Updated Dutch Translations
• CHANGED: Deprecated: Options For CAPTCHA and GASP Bot Checking On WordPress Comments
  The options to use CAPTCHA and/or GASP Bot Checking for WordPress Comment SPAM has been deprecated. These options are replaced with the silentCAPTCHA and will be completely removed in a future release.
• IMPROVED: Display of Shield's Admin Menu Bar items can be controlled using a plugin configuration option.
• FIXED: Shield's REST API supports non-permalinks style requests (?rest_route=), regardless of permalinks configuration.
• FIXED: Fix for non-URL-encoding of password reset URL parameters when using Rename Login feature.
• FIXED: Traffic Request Log wasn't correctly indicating a request was an offense in the log viewer.

14.0

Released: Jan 28, 2022 - Release Announcement | Upgrade Guide 14.0 ↗

Patch Releases

Main Release (14.0.0)

• NEW: WP Login Style 2FA Screen
  Users can complete their 2FA login using the UI they're most familiar with.
• NEW: Custom Redirect For Hide WP Login & Admin
  Rather than display an unfriendly 404 error page for the hidden login page, you can decide to redirect requests to any page you wish.
• NEW: Easier Access To User 2FA Settings with WP Admin Menu
  Users can now update their 2FA account settings from a dedicated WP admin page.
• NEW: Improved 2FA User Experience
  Smoother, faster, more reliable and more secure 2FA experience.
• CHANGED: Multi-factor Authentication Removed
  The option to force users to supply ALL two-factor authentication options has been removed.
• IMPROVED: Dedicated table for User meta information
  This allows for new filters and better user status on the WP Admin User page.
• IMPROVED: Updated Translations - Dutch (thanks J.P.!)
• IMPROVED: Further page caching mitigation for NotBot
• CHANGED: Updated Bootstrap Libraries
• FIXED: Various bugs and errors

13.0

Released: Nov 15, 2021 - Release Announcement | Upgrade Guide 13.0 ↗

Patch Releases

Main Release (13.0.0)

• NEW: Complete Scanning Engine Overhaul
  We've completely rewritten the scanning engine to be faster and more intuitive. Includes improvements to reduce cases where results are reported and then are no longer visible.
• NEW: Scans can now be executed using WP-CLI
  Audit Trail now uses our preferred table UI with built-in, useful search and filter controls. There's also rapid and reliable pagination and data reloading.
• IMPROVED: Support for WP-CLI based cron execution
  Running WP Crons using WP-CLI is full supports automatic scans.
• IMPROVED: Scan Results Management
  Scan results management is improved with historical scan results display and more descriptive messaging.
• IMPROVED: Scan Result Diffs
  Wherever possible scan results will allow you to view a file diff showing any and all file changes clearly. This is available only for official WordPress core files and plugins/themes hosted on WordPress.org.
• IMPROVED: Simplified Scan Options
  Hugely simplified and reduced the configuration options available for scans.
• IMPROVED: Dynamic Search For IP Analyse Tool
  IP Analyse tool use AJAX-based dynamic searching when selecting an IP address on the IP Analyse tool. This makes the tool more practical and performant for sites with large IP datasets.
• IMPROVED: Traffic Logging for WP-CLI requests
  WP-CLI commands and their arguments are logged for WP-CLI requests just as with paths for web requests.
• IMPROVED: Yubikey Device Verification
  Yubikey One-Time Passwords are now verified when attempting to register a Yubikey device to your profile.
• FIXED: Adding/Removing Yubikey Device Reliability
  Adding and removing Yubikey devices to and from your WP user profile is more reliable.

12.0

Released: Sep 16, 2021 - Release Announcement | Upgrade Guide 12.0 ↗

Patch Releases

Main Release (12.0.0)

• NEW: Complete Audit Trail Overhaul
  The Audit Trail and Events system has been completely rewritten. It allows for extensions to log to any destination, severity levels, search and more.
• NEW: New Audit Trail Table & Filters
  Audit Trail now uses our preferred table UI with built-in, useful search and filter controls. There's also rapid and reliable pagination and data reloading.
• NEW: Audit Trail Events With Severity
  All events are given a default severity of 'Alert', 'Warning', 'Info' and 'Debug. Which event categories are logged can be adjusted in the Configuration.
• NEW: Audit Trails Logs To File
  As well as logging to the database, you can elect to log certain events to file.
• IMPROVED: Audit Trail Logs Description
  Logged events now have more descriptive messages along with more meta details for the event.
• IMPROVED: Audit Trail Meta Data
  By linking the Audit Trail to the Traffic Log, you can now see request data alongside Audit Logs.
• IMPROVED: Plugin Data Storage
  We're adding some smarter data storage to the plugin through more complex and interconnected database tables. This approach reduces repeated and redundant data storage and disk usage.
• NEW: Traffic Logging UI.
  The Traffic Log feature now also uses the improved table UI for faster processing and better search.
• IMPROVED: Scanning Improvements and Fixes
  Based on customer feedback we've made some adjustments and fixes to the scans and results processing.
• CHANGED: Traffic Log Limits
  Traffic logs are no longer limited by amount. They are instead limited by age (in days). Updated configuration options are available.
• CHANGED: NotBot JS Is Always Loaded By Default
  Since many customers are using caching and optimisation plugins that interfere with NotBot JS, it is now loaded for all visitors by default. An option within the plugin has been provided to revert to the normal optimised loading of the NotBot JS.
• CHANGED: U2F 2-Factor Authentication Bypasses MFA
  U2F is a strong 2FA mechanism and so it doesn't really need to be used in conjunction with other factors. When the Chained/MFA option is enabled, when U2F is supplied, this can be done alone without the need for other factors.
• CHANGED: Minimum Required MySQL Version
  Shield processed IPv4 and IPv6 addresses and stores them in the MySQL database. With this upgrade, the minimum required MySQL database engine is moving to 5.6. More Info ↗

11.5

Released: Jul 20, 2021 - Release Announcement | Upgrade Guide 11.5 ↗

Patch Releases

Main Release (11.5.0)

• NEW: Brand New Arrangements of Scan Results
  To-date scan results have been presented in tabular format, by listing affected files or assets. This release sees a major reorganisation to display results grouped into logical sections and areas, such as by plugin, theme, WordPress etc.
• NEW: View Scan File Contents In Browser
  We've added the ability to view the contents of any file shown in file results directly within your web browser. There's no longer any need to download the files, though you still can do this of course.
• NEW: Remove 'Empty' PHP Files From Results
  A common problem is where a PHP file that has no executable code in it gets flagged in certain scans. It isn't trivial to detect whether a PHP file has executable code, but we've added detection for this scenario.
• NEW: Scan File and Folder Exclusions
  You can specify files and folder which will be excluded from all file scans. Files can be excluded in bulk using the asterisk (*) wildcard. This option is designed to completely replace the exclusions option under the Unrecognised Files Scanner.
• IMPROVED: Scan Results Management
  We've scrapped the 'WordPress Tables' approach to display results and instead use the powerful DataTables JS plugin. This makes display, pagination, refresh and actions far smoother and completely seamless.
• IMPROVED: Switch To Crowd-Sourced Plugin and Theme Hashes.
  When scanning plugin and theme files for modification, Shield now uses its ShieldNET crowd-source hashes system. This results in more accurate and adaptive hashes accounting for edge-cases better resulting in fewer false positives in scan results.
• IMPROVED: Malware Scanner Uses Crowd-Sourced Hashing Data
  False Positives in malware results are frustrating, so the more we can reduce them, the better. Shield already removes 99% of false positives automatically from results, before you even see them. To improve this, ShieldNET now draws upon Crowd-Source Hashes to eliminate false positives even further.
• IMPROVED: Reporting alert email now lists some repaired/deleted files.
• IMPROVED: WP Admin warning when 2FA by email verification isn't complete.
• NEW: Audit Trail entries for IP addresses are added and removed manually.
• NEW: Audit Trail WordPress filter to allow customisation of event logging.
• IMPROVED: Improved support and fixes for PHP 8 and WordPress 5.8.

11.4

Released: Jul 6, 2021 - Release Announcement | Upgrade Guide 11.4 ↗

Patch Releases

Main Release (11.4.0)

• NEW: Begin ShieldNET Integration To Provide Network Intelligence For Bots & IP Addresses
  You can now start to see ShieldNET scores for IP addresses based on the cumulative intelligence gathered for IP addresses. By combining scores for IP addresses across many different Shield Security installations we can provide a more accurate IP reputation score. These scores won't be used yet to respond to threats on your WordPress site, but this will be the goal.
• IMPROVED: Generating QR codes for Google Authenticator is improved by using the ShieldNET API.
  The code necessary to generate QR Code for Google Authenticator is quite large and required the GD extension to be enabled. Not all WordPress installation offer this, so we've provided a ShieldNET API endpoint to easily generate the QR codes.
• IMPROVED: Scanning for vulnerability in WordPress plugins and themes is improved.
• IMPROVED: Capturing and managing of user sessions is improved.
• IMPROVED: Capturing and managing user 2-Factor Authentication is improved.
• IMPROVED: Added enhancement for when local tests for NotBot JS loading fails, use ShieldNET to test.
• IMPROVED: Tweaks and adjustments to crowd-sourced hashing.
• FIXED: Certain modules would still run even though 'forceoff' file was present.
• FIXED: HTML formatting issue with the 2FA Login Page.
• IMPROVED: Refinements to the ShieldNET cron processing.
• FIXED: Prevent a rare fatal error on certain pages.
• FIXED: Fix for error showing in logs during cron.

11.3

Released: Jun 7, 2021 - Release Announcement | Upgrade Guide 11.3 ↗

Main Release (11.3.0)

• NEW: High IP Reputation Bypass
  Added an option to ensure that IP addresses with a high-enough reputation are never blocked by Shield.
• NEW: Bot Scoring Logic Is Provisioned From ShieldNET API
  To allow for easier and faster updates and improvements to the bot scoring logic, they are served from our ShieldNET API. If, for whatever reason, the API is unavailable the plugin will use its built-in scoring logic.
• NEW: NotBot Javascript Loading Check
  The NotBot Javascript that loads for visitor is critical to Shield's ability to detect bots - we now show a warning when we can't detect it.
• IMPROVED: 404 Bot Signal doesn't trigger Shield offense on certain requests for assets
  404s encountered for requests for assets such as images, javascript and CSS no longer trigger offenses. The 1 exception is if the asset URL is within a plugin/theme directory that doesn't exist on the site.
• CHANGED: Minimum supported WordPress version is now 3.7

11.2

Released: May 24, 2021 - Release Announcement | Upgrade Guide 11.2 ↗

Patch Releases

Main Release (11.2.0)

• NEW: New And Improved Welcome Wizard
  All-New Welcome Wizard designed to get you up and running with Shield quickly and effortlessly.
• NEW: Add Shield's Two-Factor Authentication User Settings Anywhere
  With the use of a WP Shortcode, you can add user configuration pages for 2FA into any page. This is useful if you want to offer 2FA options to your customers.
• IMPROVED: silentCAPTCHA Improvements.
  We've adjusted some of the bot scoring and improved the ability to detect legitimate users based on earlier logins. We've also removed the need for the small cookie that was needed to help track the NotBot status. silentCAPTCHA can now be disabled by setting the minimum reputation score to 0.
• IMPROVED: Google Authenticator QR Codes Are Generated Locally.
  Google's Legacy Chart API wasn't always loading the QR code so we replaced it with a locally generated QR code image.
• IMPROVED: Brand new Knowledgebase Integration.
  We've moved to a brand new Helpdesk/Knowledgebase and this allows us to integrate instant access to docs inside the plugin itself. Simply click the 'Info' link for any option to view documentation within your WordPress admin area.
• NEW: Support For Protecting Subscription Forms in Groundhogg CRM.
  Added support for protecting Groundhogg forms from bots. More Info ↗
• NEW: Support For Protecting Super Forms Contact Forms.
  Added support for protecting contact forms against SPAM in the Super Forms plugin.
• NEW: Support For Protecting User Forms in LifterLMS.
  Added support for protecting LifterLMS login & registration forms from bots.
• FIXED: The tour system would run multiple times.
• FIXED: Some plugin SQL query syntax broke on MySQL 8.
• FIXED: Fatal error when initiating WP-CLI in some cases.
• IMPROVED: Adjust default bot scoring logic to reduce spam.
• FIXED: Some clients reported a fatal error in certain circumstances.

11.1

Released: Mar 25, 2021 - Release Announcement | Upgrade Guide 11.1 ↗

Patch Releases

Main Release (11.1.0)

• NEW: Improved Dashboard UI and Navigation
  Detecting bad bots on your WordPress sites is a huge challenge, but it's notoriously difficult to do this. We have developed an exclusive system for the detection of bad bots and the option to block requests from them. More Info ↗
• NEW: A new Quick Stats screen is available to see the activity of Shield over time.
  The implementation is currently basic, but it forms the foundation of future development and offers users the option to offer suggestions.
• IMPROVED: Code overhaul for Security Admin system to improve reliability and fix various bugs.
• IMPROVED: Automatic User Unblock now makes use of Shield's silentCAPTCHA.
• IMPROVED: File Locker will better handle the scenario where a site is moved/migrated.
  File Locker for wp-config.php files will also better detect when this file is placed 1 directory higher than the site.
• IMPROVED: White Label settings that are empty aren't applied and defaults remain.
• FIXED: Statistics in reporting emails were under-reporting the full stats.
• FIXED: Audit Trail didn't capture all upgrades when upgrading plugins/themes in-bulk.
  The Audit Trial would only capture 1 upgrade when a bulk upgrade was performed.
• FIXED: Exclusions for unrecognised file scanner weren't stored correctly in the case of regular expressions.
• FIXED: In some rare scenarios, user sessions wouldn't be properly created and user automatically logged-out.
• FIXED: WP Config FileLocker bug not correctly maintaining its state and resulting in locks not being created.
• FIXED: The .htaccess file in the root of the Shield plugin directory is only created if its supported.
• FIXED: Whitelabel settings were misleading and didn't properly update the dashboard log.
• FIXED: SPAM detection for Ninja Forms would report as SPAM when not SPAM.
• FIXED: wpForo integration produced a PHP Warning in certain circumstances.

11.0

Released: Mar 25, 2021 - Release Announcement | Upgrade Guide 11.0 ↗

Patch Releases

Main Release (11.0.0)

• NEW: silentCAPTCHA
  Detecting bad bots on your WordPress sites is a huge challenge, but it's notoriously difficult to do this. We have developed an exclusive system for the detection of bad bots and the option to block requests from them. More Info ↗
• NEW: Contact Form SPAM Protection
  With the arrival of our silentCAPTCHA, we can now more easily integrate with 3rd party plugins. You can add Shield's SPAM protection to Elementor PRO Gravity Forms, Contact Form 7, Ninja Forms, and many more.
• NEW: Charts and Stats.
  We've added a page in Shield to allow you to chart some of your favourite Shield Stats.
• NEW: Download Audit Trail, Traffic Log and IP DB as CSV.
  A long-requested feature is the ability to download the raw database data - you can now do this with a single click.
• NEW: Added some new filters and hooks to allow customisation.
  For example, you can override the hour at which the Shield crons run, including the scans. More Info ↗
• NEW: Allow webmaster to specify certain web crawlers and search engines that aren't automatically whitelisted.
  More Info ↗
• IMPROVED: Big improvements in the reliability of Shield's Database handling.
• IMPROVED: Use CDNJS to supply important plugin Javascript/CSS assets.
  Using a CDN to deliver assets reduces the plugin footprint on your site, while also speeding up admin page loading.
• IMPROVED: New and improved guided tour upon plugin activation.
• IMPROVED: Link Cheese Robots additions use enhanced Robots API in WordPress 5.7.
• FIXED: Various bug fixes and enhancements.
  WP-Config FileLocker system is more reliable with requests in the case of database problems Lots of code cleanup
• FIXED: Gravity Form error
• FIXED: Performance issue.
• FIXED: PHP Warning message appears in some scenarios.

10.2

Released: Feb 11, 2021 - Release Announcement | Upgrade Guide 10.2 ↗

Patch Releases

Main Release (10.2.0)

• NEW: Removed Content Security Policy Settings
  Due to the complexity of CSP and the superficial nature of our CSP implementation, we've decided to remove these options. We explore the issue in full detail in our blog post on this topic. More Info ↗
• NEW: Invalid user login tracking covers empty usernames.
  When tracking for bots logging in user invalid usernames (i.e. that don't exist) it'll also trigger an offense on empty usernames.
• IMPROVED: Deleting Malware files doesn't initiate a new scan.
  This addresses a reported UX issue where bulk malware deletion isn't yet available and so instead of a full re-scan, the page just reloads.
• IMPROVED: Malware scanners are more efficient.
  Malware scanning is involved - every PHP file has to be read and then searched using a large set of patterns. So it takes time. Hopefully these tweaks will optimise this process a little and lead to faster scans.
• IMPROVED: Add IP status to information in the traffic viewer.
  The traffic table will now display many offenses or whether the IP address is blocked.
• IMPROVED: Upgrade Bootstrap Library to latest 4.6.0
  Asset enqueuing has been refactored and optimised and also now loading Bootstrap assets from CDNJS.
• IMPROVED: Significant code cleanup.
• IMPROVED: Added cleanup code to remove stale entries in the WP Options table.
• IMPROVED: Added detection of server clock inconsistencies which break Google Authenticator.
• FIXED: U2F/Yubikey Removal Bug
  A javascript issue prevented removal of U2F keys from user profiles.
• FIXED: FileLocker would fail to load file contents if it exceeded 64KB.
  We upgraded the database table definition to allow for much larger files.
• FIXED: Plugin Upgrade Code wasn't always running
  Code designed to automatically run when the plugin is upgraded between version wasn't always running.
• FIXED: Fatal error in some cases
• FIXED: Certain admin JS and CSS assets were loading on the frontend.
• FIXED: Shield would report the server time was out-of-sync when it wasn't.
• FIXED: Replaced corrupted Javascript library (base64.min.js).
• FIXED: Link Cheese shouldn't run if there's an actual robots.txt file present.

10.1

Released: Nov 17, 2020 - Release Announcement | Upgrade Guide 10.1 ↗

Patch Releases

Main Release (10.1.0)

• NEW: Brand New Shield Dashboard
  With the help of some feedback from clients, we've made significant enhancements to the Shield UI. A brand-new Shield dashboard centralises everything related to Shield giving you a consistent, clean launchpad to perform security tasks.
• NEW: MainWP Integration/Extension
  You can now manage your Shield Security plugin directly from within your MainWP WordPress management control panel. The Shield Security Extension page will highlight all sites with any scan issues that need your attention. For now, the functionality is limited to installing, activating and deactivating the Shield plugin. More Info ↗
• NEW: IP Analyse Tool Enhancements
  Based on customer feedback we've added links to the IP Analyse tool to let you quickly perform blocks or bypass on an IP. The identification of a 'known' IP address now also draws information from the IP Bypass labels.
• IMPROVED: Enhanced Plugin Badge
  Based on customer feedback we've added the ability to customize the plugin badge based on Whitelabel settings. You'll may also use a WordPress filter to make fine adjustments to settings and styles of the badge. More Info ↗
• IMPROVED: Huge Codebase Refactor
  With our earlier move to PHP 7.0, we're continuing with our codebase cleanup and optimisations.
• IMPROVED: Shield Overview Styles
  With some feedback and suggestions provided by clients, we've improved our Shield Overview design.
• FIXED: iControlWP Whitelist
  Fix to ensure iControlWP is properly whitelisted.
• FIXED: Bug with PHP Type Error in some cases
• FIXED: Bug with MainWP site actions not working in all cases
• NEW: Full support for Application Passwords arriving with WordPress 5.6
  Part of the purpose of Application Passwords is to allow APIs and 3rd parties to integrate with your WP site. Shield recognises authentication via Application Passwords and doesn't apply restrictions to it, including 2FA. Of course, failed logins attempted through Application Passwords will be treated as an offense against the site, as always.
• IMPROVED: Full support for PHP 8.0
• FIXED: 504 Gateway Timeout error on servers with malconfigured rDNS lookups.
• FIXED: Ensure requests from ManageWP bypass Shield protections, where possible.
• NEW: Add a new WordPress admin notice for when the Shield plugin version gets too old.
• FIXED: Stop notice showing when it's not required.
• FIXED: Prevent warnings and logouts when loading WordPress Site Health tool.

10.0

Released: Oct 21, 2020 - Release Announcement | Upgrade Guide 10.0 ↗

Patch Releases

Main Release (10.0.0)

• NEW: Enhanced Dashboard Overview UI
  The new Dashboard Overview provides a simplified display of all security items on your site. You can quickly discover where your site is doing well, and what areas need immediate attention or improvements. Responsive filters let you filter by individual Shield modules and the current status of each item.
• NEW: SureSend Email Delivery
  Most WordPress sites aren't properly configured to send emails, so sometimes they don't arrive. This is a critical issue when 2-Factor Authentication emails don't go where they should. SureSend uses the ShieldNET API to deliver 2FA emails so that you always get them. More Info ↗
• NEW: IP Analysis Tool
  Discover all the ways an IP address is interacting with your site, in 1 place. Rather than jump around looking at different tables and filtering by IP address, you can see all information in the IP Analyse tool.
• NEW: Force Shield Locale
  An option has been added that lets you force Shield to always display in certain locale. Setting this option will override user's profile locale for anything relating to Shield. This setting doesn't affect the locale for any other part of a WordPress site.
• NEW: Huawei (Petal) Bot Detection
  Added support for detection of Huawei search engine bot/spider.
• NEW: Shield plugin badge URL may be replaced using White Label settings
  The URL used in the Shield plugin badge may be replaced using the Home URL provided in White Label settings.
• IMPROVED: PHP 7+ Only
  PHP 7.0+ is required to run Shield v10. This change in minimum requirements lets us optimise Shield code for PHP 7 and better prepare for PHP 8.
• IMPROVED: More reliable 2FA email codes
  2FA codes generated for email 2FA are more reliable.
• CHANGED: U2F two-factor authentication can now be standalone
  Due to the experimental nature of the U2F implementation, you needed at least one other 2FA factor active on your profile before you could enable U2F.
• FIXED: Server Public IPv6 Detection
  Detection of your WordPress server's public IPv6 address has been fixed.
• FIXED: HTTP loopback tests would timeout
  HTTP loopback request now has a longer timeout to be more reliable for slow sites.
• FIXED: Link Cheese requests could be missed
  Detection of requests to link cheese is improved.
• FIXED: Potential PHP error
  A PHP error has been fixed which would occur in some cases.
• FIXED: Database creation may delete existing tables
  In some cases during plugin upgrade, some table may get inadvertently deleted.
• FIXED: Fatal error when IP address isn't detected
• FIXED: Not correctly identifying GoogleBot.

9.2

Released: Sep 3, 2020 - Release Announcement | Upgrade Guide 9.2 ↗

Patch Releases

Main Release (9.2.0)

• NEW: Automatic Unblock For Logged-In Users
  When a user's IP address is blocked on a site, they may automatically unblock it if they're logged-in. By using a magic unblock-link, users may regain access to a site without intervention from an admin. More Info ↗
• NEW: Auto-Delete Unnecessary WordPress Files
  Files such as wp-config-sample.php, readme.html and license.txt are replaced each time WordPress upgrades. This new option ensures that they are removed each time they are restored to your site after an upgrade. More Info ↗
• NEW: Support for WP Members plugin
  Provide native support for protection on WP Members plugin login/registration forms.
• IMPROVED: Defer to WordPress 5.5 Automatic Updates Changes
  Automatic updates notification email is now only sent if on WordPress < 5.5
• IMPROVED: Integrate with WordPress 5.5 Automatic Updates Changes
  Shield's Automatic updates notification email setting also applies to plugin/theme update emails.
• IMPROVED: Improved Integration with WP Fastest Cache
  Use WP Fastest Cache method to prevent caching of block pages. Whether it makes a difference is another thing.
• IMPROVED: Better Mitigation of Error From Other Plugins
  Prevent spurious output from errors not relating to this plugin from affecting display of our admin pages.
• IMPROVED: Better Detection Of forceoff File
  Detecting the forceoff file is all its many forms is improved.
• IMPROVED: File Locker + open_basedir
  The File Locker is less likely to trigger an open_basedir warning.
• IMPROVED: Lots Of Code Optimisation
• CHANGED: Session Cookie Name Change
  Session cookie renamed from icwp-wpsf to wp-icwp-wpsf.
• CHANGED: Bootstrap Library Updated
  Upgraded shipped Bootstrap libraries to latest available (v4.5.2).
• FIXED: Increased Limit For Counting IP Offenses
  Upgraded the database to support much larger values for the IP offenses counter.
• FIXED: MemberPress Integration Bug
  MemberPress support had a bug where certain forms weren’t checked for bots.
• FIXED: WP-CLI Bugs
  Cleaned some WP-CLI PHP notices on certain commands.
• FIXED: Bug: User Sessions
  User session IDs weren’t cleared correctly.