ShieldPRO 15.0 for WordPress is a major release.
We’ve taken steps to improve the Shield Security Dashboard navigation menu and the Overview section UI making it much easier to secure your WordPress site by quickly identifying areas of improvement. Also, the original WordPress Admin Dashboard widget was pretty basic, so we’ve completely revamped it with some of your latest site activity. This guide outlines what have been added/removed, changed, or improved and what fixes we’ve made.
Firstly, we’re going to explain what major changes are made and which options you’d need to review.
New Added Features
For 15.0 release we added
- Block Username Fishing option
This feature is now a Bot Signal which is recorded in the Activity Log and triggers offenses.
You can use this option to block the ability to discover WordPress usernames based on author IDs. When enabled, any URL requests containing “author=” will be killed.
This option is accessible from within WP Lockdown module > Obscurity:
The new Security Rules Engine is the new foundation of how Shield will handle security for nearly all WordPress requests. It’s accessible from within the main navigation menu > Tools section.
This article outlines what brought this about, what the Rules Engine is and does, and how it will inform future development and our approach to WordPress Security.
Change 1: All-New Security Overview page
We’ve broken up the plugin into 7 key areas and gathered configuration options and conditions of the site under each one. We give each component a weighted score and calculate an overall percentage.
You can see your score within each area and click “Analysis” to get a clear breakdown of what constitutes that score.
Example, Site Scanning area:
Change 2: All-New Dashboard WidgetSimilar to the Security Overview we offer some visibility to the workings of the Shield plugin right on the WordPress Dashboard, using the built-in widget area.Currently it shows your
- security overview progress
- recently blocked IPs
- recent offending IPs
- recent user sessions
- jump links to key plugin areas
Change 3: New Template-Based Block Pages
When triggering the Shield defenses, Shield now provides a much more visitor-friendly block page that outlines exactly what’s happened. It’ll provide details of why the block occurred and what the visitor can do about it. Please see below examples of the new blocking pages.
General IP Blocking Page (non-logged in users)
General IP Blocking Page (logged in users)
Firewall Blocking Page
Username Fishing Blocking Page
Change 4: Audit Trail (now renamed to Activity Log) and Traffic Log: Direct access to the IP analysis
In the previous plugin release, when you click an IP address from within Audit Trail or Traffic Log, you were directed to the IP Analysis page in a separate tab.
Now, you can analyse IP directly from within Audit Trail (Activity Log) Traffic Log. Please see below examples.
From Within Audit Trail (Activity Log)
From Within Traffic Log
Change 5: Option Removed: Legacy Comment SPAM Detection
This option can now be adjusted using a WP filter. Change 7: Deprecated: Options For CAPTCHA and GASP Bot Checking On WordPress Login FormsThe options to use CAPTCHA and/or GASP Bot Checking for WordPress Login SPAM has been deprecated. These options are replaced with the AntiBot Detection Engine and will be completely removed in a future release.
Change 8: Audit Trail Renamed to Activity Log
For 15.0 release we’ve made the following improvements
- Improved Plugin Navigation
This release brings further enhancements in this area – the new dynamic page loading and smoother navigation.
- Improved Visitor IP Source Detection
- Massive Performance Optimisations
As part of our new approach to security with the Security Rules Engine, we’ve taken the opportunity to rip out legacy code and optimise many other areas. We’ve eliminated unnecessary MySQL queries and redesigned core components to be more efficient with how they store data.
- New Filters: Adjust scanner notices about plugin/theme update/active status
You can now use filters to adjust whether Shield warns about inactive plugins/themes or those with updates.
- A New WP Filter To Add Custom Shield Template Directory
If you’re looking to adjust some of our page templates, such as the block pages, you can now provide custom templates more easily using the new filter.
- Option Removed: XML-RPC bypass option, under the General settings:
This option can now be adjusted using a WP filter.
For 15.0 release, we’ve made the following fixes
- 15.0 release
- Broken password reset links in some cases when using hidden login page
- Help ensure forward compatibility for sites with newer TWIG libraries also installed
- Fix for some scan results browsing errors
For more information on Shield 15.0 release, read this blog article here.