It’s been a few months in the making, but it’s finally here – our most exciting release (yet again!) of Shield Security for WordPress.
This release is absolutely packed with goodies and our headline feature – integration with CrowdSec – deserves an article all to itself.
Here you’ll discover all the exciting things we’ve packed into ShieldPRO v16 and why you should be upgrading as soon as it’s out.
Let’s dig into all the new goodies…
#1 Partnership with CrowdSec for Crowd-Sourced IP Intelligence
This is, to our mind, one of the most exciting developments for WordPress security for a very long time.
We’ve wanted to achieve this level of protection against bots for years, as we firmly believe that good WordPress security starts with intelligent blocking malicious IP addresses.
Shield does an effective job of this already with its automatic block list system, but we’ve now achieved group intelligence so all WordPress sites running on Shield will benefit from the experiences of all the other websites running Shield.
This is a big topic so we’ve dedicated a whole article to it – learn about the new partnership here.
#2 Brand New IP Rules and Blocking Engine
IP Blocking has been a part of ShieldPRO, practically from the outset. It’s core to our WordPress security philosophy.
With such a long-standing feature, you can imagine that the knowledge and experience used to create that original system isn’t as thorough as it is today. We’ve come a long way, I can promise you.
This release, spurred on by the new CrowdSec integration, sees the much-needed overhaul of our IP management system. It’s smarter and more versatile, and altogether much faster!
Shield must lookup a visitor’s IP address on every single request to a WordPress site. If we can improve the speed of that lookup, we improve Shield performance overall.
#3 Improved UI
Shield has a number of different subsystems, many of which are related. The scan results page is linked to the scanner configuration page, for example.
To-date when you wanted to view any section of the plugin, it would reload the entire page. We’ve done some work to reduce full page reloads so that you can stay “where you are” while viewing the contents of another page.
In particular we’re referring to “Configuration” pages. Links to such areas will now open in an overlay, letting you keep your current page active while you review and adjust settings.
Another UI enhancement is a new title bar across every page of the plugin, letting you see more clearly where you are, along with important links to help resources.
This title bar also includes our brand new “super search box”…
#4 Shield’s Super Search Box
We mentioned UI improvements already, but this deserves a section all to itself.
To say Shield is a large plugin is understating it. There are many options pages, as well tools, tables, data, and charts etc.
Finding your way around can be a bit tricky. Since we built it, we know it inside out. But for everyone that uses it as a tool to protect their sites, it’s not always obvious where to go to find the “thing” you need.
With Shield’s “Super Search Box”, you can find almost anything you need, and jump directly to it. Currently you can search for:
- Specific configuration options
- Tools such as Import/Export, Admin Notes, Debug
- Logs such as Activity Logs and Traffic Logs
- IP Rules
- IP addresses – it’ll open a popup to review the data Shield holds on any particular IP
- External links such as Shield’s homepage, Facebook page, helpdesk, crowdsec etc.
We’ll develop this a bit more over time as we get feedback from you on what you’d like to see in there.
#5 Lighter, Faster Scan Results Display
Shield’s scans can turn up a lot of results and some customers have reported trouble on some servers with limited resources.
We’ve redesigned how the scan results are built, so it’s faster and lighter on both your browser and the WordPress server.
#6 Improved Human SPAM Detection
After working with a customer on some issues she faced with Human SPAM, we’ve developed enhancements to how Shield will detect repeated human spam comments.
For example, a SPAMer may post a comment and trigger our human SPAM scanner. But then they’ll fire off more comments which might bypass the same scanner. We’ll now use previous SPAM detections by Shield to inform future comments, too.
We also squashed a bug where Shield wasn’t properly honouring the “disallowed keywords” option built into WordPress itself.
#7 Custom Activity Logs and Events
Shield covers a lot of areas when it comes to monitoring events that happen on a WordPress site. But we typically don’t cover 3rd party plugins.
So, based on the feedback from a number of interested customers, we’ve added the ability for any PHP developer to add custom events to Shield’s Activity Logs.
When might you find that useful?
You could, for example, track WooCommerce orders, or you could be facing a particularly menacing visitor that repeats an undesireable action on your site that’s not covered by Shield, and decide to block their IP.
You can do whatever you want with this, though you should always take care when allocating offenses to actions as you may inadvertently block legitimate users.
#8 All-New Guided Setup Wizard
When first installing a platform like Shield Security for WordPress, it can be a little overwhelming. Shield is a large plugin, with many features, tools and options.
We’ve had a “Welcome Wizard” in Shield for a while, but it was a little rough around the edges. For this release we decided to revamp it and provide a new guided setup wizard, helping newcomers get up-to-speed more quickly.
Anyone can access the Guided Setup from the Super Search Box (search: “Wizard”), or from the Shield > Tools menu.
A Change To Minimum Supported WordPress Version
We try to make Shield Security as backward-compatible as possible, while it makes sense to do so.
However, this means that our code development and testing must reflect this and means that the burden of support increases the farther back we support older versions.
Our Telemetry data suggests that there are no WordPress sites below version 4.7 running the Shield plugin. Of course, we can only go on what data has been sent to us. But we have to draw the line somewhere, and with Shield v16, we’re drawing the line at WordPress 4.7.
As more data comes through and time marches on, we’ll gradually increase our minimum requirements so we strongly suggest you keep your WordPress sites, and hosting platforms as up-to-date as possible.
Comments, Feedback and Suggestions
A lot of work has gone into this release that will, we hope, improve security for all users by making it much easier to see what’s going on and what areas need improved. The Security Rules Engine is one of our most exciting developments to-date and we can hardly wait to get the first iteration into your hands and start further development on it.
As always, we welcome your thoughts and feedback so please do feel free to leave your comments and suggestions below.