Discover the many ways ShieldPRO protects your WordPress Sites
Elevate your WordPress security to new levels with ShieldPRO.
Free Version
Fully Featured Pro Version
Easy PRO Activation
Using our unique keyless license system, you don't need to install a separate PRO plugin and you don't need to remember or copy-paste license keys. It's all automated.
Exclusive Customer Support
Dedicated premium security support when you go PRO.
Revolutionary AntiBot Detection Engine (ADE)
Identify bad bots vs all your other "good" traffic (humans + good bots) without using those annoying CAPTCHAs or “I’m a human” checkboxes.
DoS Protection With Traffic Rate Limiting
Limit the requests allowed from any single visitor and block abusive bots and hosts.
Restricted Security Admin Access
Lock down your WordPress security with another, WordPress-independent, authentication layer.
Powerful Malware Scanner
The most powerful malware scanner by any WordPress security plugin - detects known, and never-before-seen malware.
Tamper Protection For Critical Files
Also known as the "File Locker" - detects modifications to critical files such as wp-config.php and .htaccess, and lets you review changes as soon as they happen.
Vulnerability Scanner
Scan for the presence of known security vulnerabilities and automatically upgrade affected plugins as soon as patches are available.
Tamper Protection For Plugins & Themes
Protect against one of the most common attack vectors by monitoring plugin and theme files for file tampering and malicious code injection.
Protection For Premium Plugins & Themes
ShieldPRO is the only WordPress security plugin (ever) to accurately scan files of premium plugins and themes.
Delay Automatic Updates
Ensure WordPress automatic updates aren't installed immediately to protect against new release bugs.
More Frequent Scans
The faster an intrusion or malware can be detected, the faster the site hacking can be cleaned and fixed. The longer a hack is left unattended, the worse the situation can become.
MainWP Software Extension
Get the built-in extension to help you manage all your Shield sites from your MainWP control panel.
Advanced WP-CLI Integration
Automate and control your site security using Shield's built-in WP-CLI integration.
Import, Export and Sync
Copy Shield plugin settings from 1 site to many in seconds and even keep all your sites settings synced automatically.
White Label Security
Add your own company branding to the Shield plugin as if it were your own.
SPAM Detection For Contact Form Providers
Detect and eliminate SPAM to your contact form without using CAPTCHAs or “I’m a human” checkboxes.
Bot Detection For Custom User Forms
Spot and easily eliminate bots to your custom user forms without using CAPTCHAs or “I’m a human” checkboxes.
WooCommerce and Membership Sites
Add login/registration/password/checkout protection for the most common membership plugins and also WooCommerce.
Fully Automatic IP Blocking
Are you still manually blocking IP addresses? You’ll use smarter, automatic IP blocking technology to stop malicious visitors once for good.
Powerful Bot Detection Heuristics
Detect and block malicious bots based on their behaviour and site probing, before they have a chance to do damage.
Detect Brute Force Login Bots
Identifies malicious bots designed to target your WordPress login, either with legitimate usernames or fake or an empty usernames.
Detects Fake Web Crawlers
Fake Google bots are extremely common. Shield can identify fake search engine bots for Google, Bing, DuckDuckGo, Huawei, Baidu, Yandex, Yahoo! and more...
User & Visitor Auto Unblock
Reduce visitor and logged-in user frustration by allowing them to automatically unblock themselves if they trigger Shield accidentally.
Advanced 2FA & MFA Login Protection
Setup ‘Email’, ‘Yubikey’, ‘Google Authenticator’ and 'U2F' authentication on your user accounts and have the option to chain them together.
Two-Factor Authentication Remember Me
Strike a balance between added security and a smoother user experience.
Custom 2FA & MFA Pages
Shield’s 2FA & MFA interface was only available in the User Profile UI in the WordPress admin area. But now, you can offer 2FA & MFA UI to your customers and clients in your frontend site or customer area.
Invisible CAPTCHA and Themes
Support for Google reCAPTCHA and hCAPTCHA Invisible and dark CAPTCHA styles.
Hide The WordPress Login URL
Hide your 'wp-login.php' page from brute force attacks and hacking attempts.
Login Backup Codes
Allow users to generate backup login codes that can be used if they lose their 2FA login devices.
Advanced Password Policies
Assign password policies based on password length, strength and age.
WordPress User Suspension
Suspend user accounts that have become dormant or unused. You can do this manually or automatically.
WordPress SPAM User Registrations
Stop the SPAM user registration as early on as possible.
Firewall Blocks Malicious Requests
Protection through high-grade Firewall that stands between your site and all web requests.
Detect and Block Human SPAM
Comment SPAM posted by human actors is notoriously difficult to detect, but Shield's evolving dictionary-based detection will help you filter out the good from the bad.<br />
<br />
Note also that, unlike Akismet, Shield never sends comment spam data to our servers for processing.
Block 100% Bot Comment SPAM
Bot-based comment spam is by-far the most prolific type of WordPress SPAM. Shield's unique protection eliminates all automated comment SPAM.
Auto – Trust Commenters
With Shield you can automatically trust comments posted by logged-in or registered users. Simply specify user roles that will never be scanned.
Advanced Security Headers
Protect your visitors from a wide range of attacks including ClickJacking, Cross-Site Scripting, Cross-Site Injection.
Custom Content Security Policies
A free-form field to supply completely custom Content Security Policies.
Tamper Protection For WordPress Core Files
Protect against file hacks and injection in WordPress core files - one of the most common forms for hacking.
Unrecognised Files Detection
Files secretly added to a WordPress site often represent a serious hack or intrusion. Detecting files that don't belong is a critical component to detecting hacks and maintaining site integrity.
Abandoned Plugin Detection
Running your site using WordPress plugins that have been abandoned is an unnecessary risk. There are nearly always alternatives or workarounds through newer plugins.
Disable XML-RPC & Anonymous REST API
Disabling requests to the REST API that aren't authenticated (i.e. username/password) eliminates abuse of the API. Disabling XML-RPC eliminates possible credential stuffing attacks and any XML-RPC attack vectors.
Block Username Fishing
WordPress reveals a simple way to discover usernames on a site. While this isn't a full security issue, it does allow a would-be attacker to at least know some of the valid usernames on a site for the purposes of trying to gain access.
Disable WP File Editing
By default WordPress allows admins to edit plugin and theme files directly from within the WordPress admin. This feature blocks all access to this WordPress functionality.
Auto-Clean WP Files
Part of hacking a WordPress site involved detecting a WordPress site in the first place. This feature helps by removing unnecessary WordPress files that can be used to detect the presence of a WordPress site.
Full Audit Trail – Monitor All Site Activity
Get full insight into all significant actions taken on your WordPress sites in a real-time.
Full Traffic Log And Request Monitoring
Monitor and review all logs of HTTP requests made to your WordPress site in a real-time.
IP Management And Analysis Tool
Protection begins by detecting bad bots - Review and Analyse all visitor IPs that have an impact on your site.
User Sessions Management
Ever wondered who’s currently logged-in to your WordPress site? Find out who is logged-in, when, from where, and manage user sessions.
Get the most from Shield and keep up-to-date with your WordPress security
FAQS
Frequently Asked Questions
What payment options are available and are they secure?
We provide the option to pay with nearly all types of credit cards and PayPal. We don't personally handle your payment details - we use our payment processors (Stripe and PayPal) to receive and process payments, and have done so for years. Stripe is the best in the business.
Will Shield slow down my site?
Simply put, no, it wont. Any plugin added to a WordPress site adds to the load, but with Shield being so big, we've had to design it to be as efficient and performant as possible. We use it on all our sites too, so the last thing we want is to slow down our sites, nevermind those of our customers. We take performance seriously and have optimised Shield functionality to operate in the background, or after pages have loaded, except when it's a bad bot - then we kill it early!
Could Shield lock ME out of my site?
Shield doesn't play favourites - it assumes all visitors could be a potential threat. This means that if you accidentally trigger Shield's defenses, and you do it repeatedly, you may get locked out. But don't worry, Shield also offers ways to unblock your IP. This is all documented in our helpdesk portal, and with ShieldPRO you'll have access to our team who can guide you every step of the way.
There are a lot of options, where should I get started?
Shield Security is a big WordPress plugin with lots of features and options. It can be overwhelming if you're not familiar with it. But don't worry, you don't have to do everything all at once. Take your time, work through it, explore features, read the help articles and of course, reach out to our support team who can help guide you.
Does Shield change any core files, like .htaccess?
This is one of the founding tenets of Shield - to never edit core WordPress files, like the .htaccess file. Part of our motivation to build Shield was because so many other security plugins didn't take the due care required when modifying critical files like this, and they took down websites when they got it wrong.
What Tax do I have to pay at Checkout?
By law we're required to collect taxes, but only in certain regions. If you're coming from the UK, you'll pay the standard rate of tax (20% at the time of writing).
If you're in Europe, you'll pay the standard rate of tax for your paritcular location. You may supply your registered Tax Number/ID to remove Taxes from your checkout.
