February 22, 2018 by Paul G. | Blog, Features, Shield Pro

The Plugin & Theme Guard For WordPress

Shield Image

Keeping your WordPress sites secure is a never-ending game of cat and mouse.

100% protection against intrusion is impossible. We can do our best to stop it, but we must be ready to deal with any intrusions once they occur.

Shield Security already has several scanners that detect and repair alterations to your WordPress filesystem.

These include:

  • detecting and repairing any changes to Core WordPress files.
  • detecting and removing any files in your Core WordPress folders that are not part of WordPress.

So it looks like we have your WordPress Core covered.

But of course, WordPress is more than just its core files.

Making A Stand To Protect WordPress Plugins and Themes

It’s quite common for site hacks to involve quiet changes to scripts within your plugins and theme folders that can go unnoticed for months.

These are nearly impossible to detect without some sort of automatic scanning.

So with Shield Security 6.4, we’re introducing a brand new scanner that guards against unauthorized changes to your plugins and theme files. It’ll alert you as soon as it detects any changes.

It’s important to understand what this scanner IS and what it IS NOT.

To Help with these, we’ve provided a full explanatory video (below).

Please note that the UI featured in the video demonstrating the Plugin & Theme Guard scanner may differ from the current interface due to updates and improvements made after the time of recording.

Plugins & Themes Guard Explanatory Video

Plugin & Theme Guard: What It Is Not

It is not a malware scanner – it does not detect the presence of malware on your site.

Plugin & Theme Guard: What It Is

It is a change-detection system.

The Guard will take a “snapshot” of your files, and, if they are modified in any way, deleted, or new files are added, the Guard will alert you.

The Guard does not care about what these changes are, whether they’re good, bad, intended, or unintentional. It only cares about changes.

If there’s a change, you will be notified.

The Guard: Important Notes

  • The Guard only monitors active plugins and themes. If a plugin or theme is installed, but remains deactivated, it will not be monitored.
  • The Guard will also monitor the Parent theme, if you’re using a Child theme.
  • The Guard does not take a snapshot when you install a plugin, but only when you activate it. (If you deactivate it, monitoring for that plugin will stop).
  • The Guard will update its snapshot if you use WordPress to install, update or re-install a plugin or theme.
    • If you update a plugin or theme outside of WordPress e.g. using FTP, this will cause the Guard to alert you. The Guard doesn’t know anything about FTP. It only understands changes you make using WordPress.
    • The Guard understands updates made by iControlWP and will update its snapshot correctly.
  • The Guard will send alerts for changes made using WordPress’ built-in Editors. This is by-design.

When Does The Scanner Run?

The Guard’s scanner runs once every 24hrs using the WordPress Cron.

You can of course increase the frequency using the scan frequency setting released with Shield 6.2.

Understanding the File Scan Areas

As you can imagine, scanning the file system for changes can be resource intensive.

To strike a balance between resource usage and protection, the Guard will only scan and monitor the scan areas you select in the settings.

You must understand that increasing the scan areas will cause processing times and resource usage to increase. It is up to you to decide which level of protection you want vs resource allocation.

The Guard: How To Handle Changes

The results of the scanner can be accessed only through the Scan Results section. This is the only way to respond to alerts sent from the Guard.

You will be presented with a clear list of all changes that have been detected. It is your role as the security administrator to decide whether these changes are “ok”, or whether they must be cleaned.

Shield Security can’t make this decision for you.

For plugins, your options include:

  • Re-install / Upgrade. Shield will attempt to re-install (and potentially upgrade if an update is available) a plugin. This is only available for plugins from WordPress.org
  • Repair. Shield can immediately repair the affected plugin
  • Delete. Shield can’t repair unrecognised/unidentified plugin/theme files. You can do that manually only.
  • Ignore Changes. If you feel that the changes detect are legitimate, you can ignore them. Shield wont alert you to these changes again.

For themes, your options include just as with plugins above.

You can make manual modifications in response to the scanner, using FTP for example, and then re-scan your site.

Requirements For The Plugins & Theme Guard

  • Shield Security 6.4+
  • PHP Version 5.4+
  • WordPress 4.0+
  • Shield Pro – upgrade here

Since late 2017, we made the decision to develop new features for Shield using PHP 5.4. To learn more about this decision, please see here.

Comments and Questions?

As always, we’re open to feedback and suggestions. Please feel free to leave your comments below.

Thank you for your support!

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials
@wpcodelearner's Gravatar @wpcodelearner

Really Excellent !

It offer more than you expect from a security plugin. What other should you want?

@twcore's Gravatar @twcore

Very complete and thoughtful plugin

Very complete and thoughtful plugin. Easy to use. Thank you.

@physisbrasil's Gravatar @physisbrasil

BEST FIREWALL AND GOOD SUPPORT

I am Helio from Brazil. Recently searched for a plug-in for WordPress Firewall and opted to use Simple Firewall. It’s a great plug in, and has good support from the developer, sir Paul I use and recommend to everyone.

@nickfmc's Gravatar @nickfmc

all the best parts of other plugins

This Plugin takes the place of 4 other security plugins I was using in a super lightweight package! Also makes auto updates super easy to manage! Something we should all be doing these days

Comments (3)

    Thanks for the video tutorial, it does a much better job at explaining the functionality than text and screenshots. Next time ensure the volume is up.

      Great, glad you liked it. And thanks for the feedback on the volume. We may be able to re-release it with higher volume, so thanks for sharing your thoughts! 🙂

    Great information about keeping your WordPress sites secure.
    Thanks for sharing this useful information..

Leave a Reply to Martin Cancel reply

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese