Today we’re thrilled to announce our new partnership with CrowdSec.
This is easily one of the most exciting developments in WordPress security for a long time, and it aligns with our goals to make Shield Security the best WordPress security solution, for everyone.
Our #1 mission with Shield is to deliver the most powerful security for WordPress sites. We’re not out to make millions in sales and scare you into upgrading to ShieldPRO because we have KPI targets.
We’re here simply to protect people and their businesses.
Our partnership with CrowdSec helps us fulfill that aspiration as we’re convinced it’ll deliver major security enhancements for every WordPress site running on Shield Security.
We hope you’ll be as excited as we are, after you learn about this collaboration!
In this article you’ll discover:
- What CrowdSec is.
- Why we decided to partner with CrowdSec.
- How your WordPress security is enhanced with this integration.
- How the CrowdSec integration differs between ShieldPRO and ShieldFREE
What Is CrowdSec?
By gathering threat data about bots from millions of different sources, Crowdsec can build and share reliable intelligence about malicious bots (their IP addresses).
As a subscriber to CrowdSec, they’ll notify you about bad IP addresses, so that when those IPs send requests to your site/app, you can take action to block them immediately.
The reason this is so powerful is that when you block an IP address that you know is “bad”, you block all security threats from that IP completely. So the more quickly you can know about those bad IPs, the safer your sites will be.
Summary: Crowdsec offers you faster identification of bad IP addresses based on information gathered from other sites/servers across the globe.
So Why Partner With CrowdSec?
We’ve wanted to build this type of intelligence network for Shield, for a long time.
It’s a complex system and we were working our way through it when we stumbled upon CrowdSec. It immediately piqued our interest since their focus is somewhat similar to our own.
We figured that if we could get their knowledge fed into Shield, then our customers could indentify bad bots more quickly and thereby instantly increase their protection.
We reached out to them to discuss whether there was scope for collaboration and they could immediately see, in-principle, that there was potential for mutual benefit.
Afterall, if Shield can give them access to data points about bad IPs from across 60,000+ WordPress websites, it’d be a huge addition to their network.
And conversely, if WordPress sites running Shield can access shared intelligence from all those sites and other websites/apps/platforms, our customers will also benefit.
What’s not to like about this idea?
They agreed that a collaboration between was definitely beneficial, and so here we are today!
How Does the CrowdSec Partnership Enhance Your WordPress Security?
We briefly touched upon this topic already, but we’ll go into a bit more below.
On any given WordPress site, Shield’s Automatic IP blocking system gathers intelligence about IP addresses that send requests to the site. It keeps track of bad IPs using a counter of “offenses” and when that IP has exceeded the allowed limit, it’s blocked from further access.
Basically a bad bot has 10 chances before it’s completely blocked. (10 is configurable)
This means there’s a small “window” open to any IP address to probe, attack or exploit your site, before Shield can be sure that they’re malicious.
With the CrowdSec integration, your WordPress sites will have access to intelligence about malicious IP addresses before they’ve ever accessed your website. (This intelligence will have already been gathered for you by other websites.)
This reduces that “window” available to malicious bots to zero.
Reducing the time window to zero means a malicious bot can’t:
- probe your site
- exploit known/unknown vulnerabilities
- inject malware and/or exploit malware previously injected
- register users
- create fake WooCommerce orders
- steal your data or customers’ data
- consume your server/hosting resources
- etc. etc.
Of course, this IP intelligence is formed through the activity of IP addresses on other websites, and sometimes your own.
With CrowdSec’s integration switched on, Shield will share its internal offenses-tracking with CrowdSec, which ultimately then shares the data with other WordPress sites.
This all happens seamlessly with zero effort or configuration needed by the security admin.
So in a nutshell, CrowdSec gives us a head-start against malicious bots and lets us block IPs before your Shield plugin needs to perform any assessments, relying on tracking already done by other Shield plugins, elsewhere on the Internet.
How Does The CrowdSec Integration Differ Between ShieldPRO and ShieldFREE?
ShieldPRO is designed to protect businesses and mission critical WordPress sites. If your WordPress site plays a critical role in your business, or even your personal endeavours, then ShieldPRO is definitely something you should consider.
If, however, your website isn’t so important, or you’re comfortable with restoring a website quickly from a backup after a hack, or you have other security systems in-place and feel you don’t need the extra protection that ShieldPRO offers, then ShieldFREE will go a long way to protecting your sites and users and offering useful extra features like Two-Factor Authentication.
The CrowdSec integration with Shield reflects this. When you’re running ShieldPRO you’ll get access to much more IP intelligence data, and also IP data from sources that reflect business or mission-critical websites, such as e-commerce stores etc.
As well receiving more relevant IP data, and at higher volumes, ShieldPRO installations will receive IP data more frequently. The current implementation is “every 2 hours” for ShieldPRO and “every week” for ShieldFREE.
This simply means that if you’re running ShieldFREE, your IP intelligence data will become increasingly stale, but you’ll be refreshed with the latest data each week.
We may adjust these settings over time.
If you need or desire greater protection based on the nature and purpose of the WordPress sites you’re operating, then we strongly urge you to move to the extra protection afforded to you by ShieldPRO.
CrowdSec and GDPR Compliance
Like ourselves, CrowdSec is commited to full compliance with privacy regulations, such as GDPR.
You can see more details on their GDPR compliance here.
Please note, also, that CrowdSec integration is completely voluntary – you can switch it off on your Shield website at any time with no impact on your performance or security. Shield will continue to protect your site as it’s always done.
Future Plans For Our Partnership
You can already create a free account with CrowdSec over on their homepage. And once our Shield integration has been released, you’ll able to link your WordPress sites into your CrowdSec App account and view the data being sent to the network from all your sites.
We have a few further things under consideration to deepen our integration with CrowdSec, but we’ll annouce these as the integration progresses.
When Can You Get ShieldPRO + CrowdSec?
We’re getting set to release v16 of Shield Security in the coming weeks. Stay tuned to the newsletter or the changelog to get further details as they are published.
Thoughts, Suggestions and Feedback?
As always, we encourge our clients to share their thoughts with us when at any time, and in particular when we release a new feature such as this. Please feel free to leave your comments in the section below.