I tried several ones, this is the only one that it’s really a WAF, and easy to configure
I have a real reverse proxy/WAF based on nginx/naxsi and another WAF (modsecurity with OWASP conf and on paranoia level 3) embedded on apache. I also have an IPS, based on Suricata, with ETPRO rules. Still Shield Security was able to block some attack attempts that was not detected by the other security layers. This because it’s designed for working with WP, it’s not a generic WAF.

And I can tell you since I opened a “hack contest” on my site, with $300 of reward, and believe me when I tell you there’s a lot of attack attempts. With no success so far 🙂

But this plugin have also a lot of other features, it’s not only a WAF, auto update of WP core and plugins is a killing feature since outdated software is the first think to take care, half of the work is done when you software is up to date. IP block based on customizable number of “offences”, I love this feature.

OTP login: you can enable 2FA with email or google authenticator (any another method I don’t recall, yubi maybe)

I got the PRO version since it’s cheap and have some nice feature added, but the most important feature are already available for free. It’s the only plugin that do this.

Support is great, I had an issue that was caused for a bad conf I placed on PHP conf, they quickly and kindly helped to solve the issue