As with any software, big changes can introduce a few problems. Thankfully, we didn’t have any major issues to address and everything went generally smoothly.
However, 1 issue seemed to popup for a couple of our clients that we couldn’t ignore – the new malware scanner wasn’t actually running for some people.
So we decided to address this, amongst other things…
#1 Re-Written Scanner Architecture
This might sound familiar – wasn’t that in Shield 8.0?
It was. But we did it again. So what’s different this time around?
In the last release we used the filesystem a lot – we stored most of the data for the scans to files on-disk. We suspected that on certain webhosts, this was problematic and crashed the scanner.
With Shield Pro 8.1, we now use a new database table to setup the data for the scans.
But don’t worry, your database tables wont balloon out of control. As always, we’re extra careful with the data we store, and we purge all unnecessary data right after the scans have finished.
Not only that, since the data is stored in the database, we can now easily update running scans without causing any trouble. For example, let’s say 3 of your scans are running via the Cron, and then you add a manual scan in the middle of this, processing will now continue seamlessly, uninterrupted.
Another huge benefit of the new architecture comes in the setup of new scans. If you’ll remember in Shield 8.0, when you selected several scans and clicked ‘Start’, it could take quite a bit of time before you got a response back to say they’d started.
This was because while the scans ran in the background, the setup of the scans didn’t, as this was done “in the moment”, and you had to wait for the setup to finish. But we’ve pushed that stage into the background as well, so scans kick-off practically instantly. There are also fewer things that can go wrong with this approach, too.
There are so many improvements we could talk about it all day, but we won’t bore you with it. Suffice it to say, our Shield’s scans are the best they’ve ever been.
#2 Dynamic Malware Whitelist
As we’ve discussed, the malware scanner searches for patterns, not malware specifically. This has advantages and disadvantages, as with every approach.
The biggest disadvantage is that perfectly legitimate files can be flagged as potential malware. This is known as a “false positive”, and can cause some alarm and frustration.
We were aware of this problem when we released the scanner, but we had a solution in the works. This solution is now live with Shield 8.1.
We are building a database of false positives which will be flagged by our Malware scanner, and we’re publishing it via our API provided through WP Hashes. We haven’t given out any public details about the API itself, but this will be released in the coming weeks.
The ways it works is:
- Shield’s Malware scanner may identify a file as being potential malware
- Shield will query for the list of false positives using the API
- If the file is found on the list, the item is excluded from your scan results.
Over time, our false positives list will grow, and the number of items you’ll need to deal with will shrink.
And, even better, we’ll be providing the ability for you to submit false positives to us and allow us to update the list dynamically.
#3 Other changes with Shield Pro 8.1
We’ve made a few additional improvements to Shield Pro in this release, including:
Multiple Admin Login Notification Email Addresses
We’ve had a setting that allows you provide an email address to which a notification will be sent every time an Administrator logs into your site.
This setting is almost as old as Shield Security itself.
We recently received a suggestion to allow for multiple email addresses here, and this is now available to Shield Pro customers.
Japanese translations added
From Shield 8.0 we’ve had 9 languages with 100% translation coverage. With 8.1 we’ve added Japanese to the list, though the coverage is only around 15% at this stage. More is on the way though.
Audit Trail Filtering For Specific Events
With the recent changes introduced in the Audit Trail, we can now provide a filter in the Audit Trail viewer so you can see the occurrences of specific events.
A Few Fixes and Cleanup
We were notified that Shield wasn’t honouring the user-specific locale setting and was defaulting to that of the site itself. This is now fixed.
We’ve also be deleting and cleaning lots of old code from Shield keeping it lean and clean.
What To Expect From Shield Security Pro 8.2
Way back in Shield 6.9, we introduced a new feature called the Traffic Watcher.
We had further plans for this module other than just the ability to monitor web requests to a site.
The next Shield release will build upon the traffic monitor and implement a Traffic Limiter. You’ll soon be able to completely throttle traffic to your site so that the same IP address can’t overwhelm your website with repeated requests, no matter what the purposes of those requests are.
And each time the IP address exceeds your throttle, it’ll trigger an “offence”, and enough offenses lead to an IP ban! More on this feature to come…
Question and Suggestions
If you have any questions, comments, or suggestions about anything raised in this article, please do feel free to drop us a message in the comments area below.
Your feedback, suggestions, and even words of encouragement are always welcome.
Of course, if you want to upgrade your Shield Security to Pro, you can upgrade here at any time.