WordPress security, aligned to your challenges
Pinpoint security challenges. We'll show you the fix.
Identify your security concerns and see how Shield addresses them.
What areas cause you the most concern?
The most common security challenges, and how Shield directly addresses each one.
Protect
Detect
Repair / Recover
Control
One plugin operates across the entire security lifecycle
Each stage of the security lifecycle, and how Shield is prepared for it.
Compare every feature on each plan
The complete feature list, and exactly what each plan includes.
| Feature | Free | Pro | Enterprise/Agency |
|---|---|---|---|
| Protect | |||
| silentCAPTCHA Bot Detection | Yes | Yes | Yes |
| Fully automatic IP blocking | Yes | Yes | Yes |
| Firewall request blocking | Yes | Yes | Yes |
| Rate limiting & DoS protection | No | Yes | Yes |
| 2FA login protection | Yes | Yes | Yes |
| Hide the WordPress login URL | Yes | Yes | Yes |
| Comment & human SPAM blocking | Yes | Yes | Yes |
| Contact-form & custom-form bot detection | No | Yes | Yes |
| Security headers & CSP | No | Yes | Yes |
| Block spam user registrations | No | Yes | Yes |
| Lockdown XML-RPC & REST | Yes | Yes | Yes |
| Detect | |||
| Powerful malware scanner | No | Yes | Yes |
| Vulnerability scanner | No | Yes | Yes |
| WordPress core tamper protection | Yes | Yes | Yes |
| Plugin & theme tamper protection | No | Yes | Yes |
| Unrecognised file detection | Yes | Yes | Yes |
| Abandoned plugin detection | Yes | Yes | Yes |
| More frequent scans | No | Yes | Yes |
| Full activity log | Yes | Yes | Yes |
| Traffic & request monitoring | Yes | Yes | Yes |
| IP management & analysis | Yes | Yes | Yes |
| Third-party plugin activity logging | No | No | Yes |
| Repair / Recover | |||
| Auto-clean WordPress files | Yes | Yes | Yes |
| Plugin/Theme repair from known-good source | No | Yes | Yes |
| Malware delete | No | Yes | Yes |
| ShieldBACKUPS | No | Yes | Yes |
| More frequent backups & longer retention | No | No | Yes |
| Control | |||
| Guided setup wizard | Yes | Yes | Yes |
| Prioritised Actions Queue | Yes | Yes | Yes |
| Security reports | Yes | Yes | Yes |
| User session management | Yes | Yes | Yes |
| Advanced password policies | Yes | Yes | Yes |
| WordPress user suspension | No | Yes | Yes |
| Restricted security admin access | Yes | Yes | Yes |
| MainWP & multi-site management | No | Yes | Yes |
| White-label security | No | Yes | Yes |
| Advanced WP-CLI integration | No | Yes | Yes |
| Import, export & sync | No | Yes | Yes |
| Delay automatic updates | No | Yes | Yes |
| WooCommerce & membership support | No | Yes | Yes |
40 of 40 features · See the full plan comparison →
Common questions
Do I need to be technical to use Shield?
No. Shield ships with safe defaults and a guided setup wizard — most owners are protected within a few minutes.
What's the difference between Free and Pro?
Free covers the essentials in every area; Pro deepens each with AI-powered malware scanning, support for e-Commerce, backups, more frequent scans, reports and more.
Will it slow my site down?
No. Shield does its heavy work efficiently and away from page loads.
What if my site is already hacked?
Shield can scan, clean malicious files and — with ShieldBACKUPS — let you restore a known-good state.
Ready to detect, protect and recover
You've identified your biggest challenges and seen the fixes - here's what one site owner found.
@alcatrazhorizon
WordPress.org review
Hands down the best Security Plugin on the Market
Read the full WordPress.org reviewI tried tentatively with a single licence to test Shield Security out, without holding out much hope. I’ve not had much luck with security plugins. Even the really expensive ones don’t seem to play nicely with my server set up. Well I tried one site, it worked perfectly. Bought the 3 licences and installed on another 2 sites, still not convinced. They also work perfectly, even with slightly different set ups. The modules allow you to tweak each site for its own needs, which is a game changer for me. I just wish I’d of got this plugin earlier. Oh well, better late than never. I’ve just bought 10 licenses to keep me busy for the next few days installing on more client sites. Thanks for this plugin. 👍
Protect your site, whichever plan you choose
You've seen what Shield does — put it to work on your site today.
silentCAPTCHA Bot Detection
Scores every visitor so bad bots are caught without challenging real people.
Fully automatic IP blocking
Repeat offenders are blocked automatically, with auto-unblock for genuine visitors.
Firewall request blocking
Filters malicious requests before WordPress ever has to deal with them.
Rate limiting & DoS protection
Throttles abusive request floods so a single source cannot overwhelm the site.
2FA login protection
Adds strong multi-factor sign-in with custom pages, remember-me and backup codes.
Hide the WordPress login URL
Moves the login page away from the predictable address bots hammer.
Comment & human SPAM blocking
Blocks 100% of bot comment spam and detects human spam, with auto-trust for real commenters.
Contact-form & custom-form bot detection
Extends bot and spam detection to popular contact-form plugins and your own user forms.
Security headers & CSP
Sets advanced security headers and custom content-security policies to harden the browser side.
Block spam user registrations
Stops fake and spam account registrations before they clutter the user list.
Lockdown XML-RPC & REST
Disables XML-RPC and anonymous REST API access that attackers routinely abuse.
Powerful malware scanner
Scans files and suspicious PHP so you can decide what needs action.
Vulnerability scanner
Flags known-vulnerable plugins and themes before they become avoidable incidents.
WordPress core tamper protection
Detects changes to WordPress core files against the known-good originals.
Plugin & theme tamper protection
Watches plugin and theme files for unexpected edits — premium plugins included on Pro.
Unrecognised file detection
Highlights files that should not be there so you can investigate quickly.
Abandoned plugin detection
Warns when an installed plugin is no longer maintained and quietly becoming a risk.
More frequent scans
Runs scans more often so problems are caught hours, not days, after they appear.
Full activity log
Records important security and admin events so alerts have context.
Traffic & request monitoring
Logs requests so you can see the traffic really hitting your site.
IP management & analysis
Inspect, manage and analyse the IPs interacting with your site.
Third-party plugin activity logging
Extends the activity log to changes made by your other plugins.
Auto-clean WordPress files
Automatically restores WordPress core files to their original state.
Plugin/Theme repair from known-good source
Repairs changed files when Shield has a trustworthy source to restore from.
Malware delete
Removes malicious files once a scan result has been reviewed and confirmed.
ShieldBACKUPS
A full recovery path for when individual cleanup is not enough.
More frequent backups & longer retention
Backs up as often as 4 times daily, with retention up to 6 months.
Guided setup wizard
Get protected quickly with safe defaults and a clear, step-by-step setup.
Prioritised Actions Queue
A constantly updated queue of your next security actions, ordered by what matters most right now.
Security reports
Recurring summaries of what Shield handled, ideal for clients and stakeholders.
User session management
See and end active user sessions when account access needs oversight.
Advanced password policies
Set password expectations so accounts follow a stronger baseline.
WordPress user suspension
Suspend accounts instantly without deleting them when something looks wrong.
Restricted security admin access
Stops other admins changing Shield settings without the security PIN.
MainWP & multi-site management
Manage Shield across many sites from a single MainWP dashboard.
White-label security
Present Shield under your own brand to clients.
Advanced WP-CLI integration
Drive Shield from the command line for scripting and bulk operations.
Import, export & sync
Copy a known-good configuration across sites and keep them in sync.
Delay automatic updates
Hold back auto-updates so a bad release cannot break sites the moment it ships.
WooCommerce & membership support
Security tuned for the extra accounts and checkout flows of commerce sites.