WP Shield Security PRO – Release 10

ShieldPRO 10 is our best security plugin for WordPress so far.

There are major changes in this release, but most important are the UI enhancements helping you assess security issues as quickly as possible.

Feature #1: Improved Dashboard Overview

We wanted the Shield Dashboard to be a 1-stop-shop for all important security items that need your attention. But it got a little cluttered over time, so that finding important information became more difficult.

ShieldPRO‘s Overview is now simplified down to 1 single function:

to show you clearly what’s working, and what’s not working

To achieve this goal, we’ve broken down nearly all ShieldPRO elements into colour-coded cards, sorted into modules and by security status.

Each item is assigned a security status from the following list:

• Good
• Info
• Warning
• Danger

You can see a small demo of how this works below:

The new Overview page completely reworks and combines separate UI elements from earlier versions of Shield, into 1 display system.

Feature #2: IP Analysis Tool

When an entry appears in the Audit Trail, you may decide to investigate the particular IP address in more detail. You’ll want to know everything about it, as it relates to your site.

Before now, you had to jump around to different sections of the Shield UI and search for the IP address within the Audit Trail, the Users Sessions, Traffic Monitoring, and the IP Block/Bypass Lists.

ShieldPRO 10 now provides a convenient tool to gather together all information for an IP address. Not only that, the links for IP addresses in tables such as the Audit Trail, now link directly to this IP Analyse tool.

The goal is to reduce the time you’d spend jumping back and forth in investigating how a particular IP address is interacting with your site.

Feature #3: SureSend Email Delivery

We’ve been banging the drum for a long time about how WordPress sites aren’t designed to send emails reliably.

We get a lot of pushback on this, and we’re not entirely sure why. Afterall, this is how SPAMers work – they setup an app on a server and blast out emails. This is no different to setting up WordPress site and sending emails.

Sometimes it works, often it doesn’t.

The biggest problem we see is where users get stuck at the 2FA login screen because their email never arrives. This is a site email configuration problem, not a Shield fault.

However, to help alleviate this suffering, we’re introducing a new service, which we’re calling “SureSend“. The purpose of this service is to ensure critical emails, like 2FA codes, are received when they’re needed.

Please read the introductory article on this new feature to learn more.

Feature #4: PHP 7+ Optimised

As announced, we’re dropping support for PHP 5 (finally!). Your WordPress site must be running PHP 7+ to use ShieldPRO 10.

This is a massive step! It means we can bake-in much more reliable code, take advantage of modern coding practices and updated libraries, and also prepare Shield to support PHP 8, when it’s released in a few weeks.

Improved: Two-Factor Authentication

There has been a few significant changes to 2FA with this release. As we mentioned earlier, you can improve delivery of your 2FA email codes using SureSend.

We’ve also changed Shield’s U2F implementation slightly. When we first released this feature, we wanted to ensure admins wouldn’t get locked-out if our code broke. To do this, we restricted turning-on this feature to user profiles that had 1 other factor active (just in case U2F didn’t work as expected). There has been no issues reported, so we’ve removed that restriction altogether.

Another change we’ve made is how email 2FA codes are generated. In earlier versions, there was only ever 1 code generated at a time. Now, we allow multiple codes to be simultaneously created. This fixes a reliability issue reported in some cases where 2FA codes weren’t working.

Other Enhancements and Improvements

A lot of under-the-hood changes have been brought to ShieldPRO 10. Most of these make the Shield code more reliable. An overview of these smaller changes are highlighted below:

• Much-improved database implementation making it easier to upgrade and adjust database tables between upgrades.
• Added an option to force Shield UI/emails to always use a specific locale e.g. forcing Shield to always display and send emails in English.
• Upgrading the Bootstrap library that ships with Shield to latest (v4.5.3)
• Enhanced IPv6 detection for host server.
• Added detection of Huawei (Petal) bots/spiders.
• The HTTP Loopback test sometimes failed on slower websites

The full changelog for all Shield releases may be found here.

Questions, Comments and Suggestions Are Welcome

There’s a lot that’s changed in this release and with our move to PHP 7 it sets us up to add some exciting new features.

As always, we welcome your comments and suggestions on any items in this article, and any other articles. Please feel free to leave your comments below.

As always, thank you!