I've just upgraded to Pro. What should I do next?

    In this walk-through guide, we are going to explain what the next steps you should take upon upgrading to Pro. 

    The first step to take is activation of the Pro features on your site. To do this, you wont need your license key. Activation is keyless

    You simply log into the site associated to that license, and then:

    1. Open the ShieldPRO section
    2. Be sure to have first activated your site URL (the URL of the site you want to license inside your Shield Security Pro account) by clicking the "Keyless Activation" section > View.
    3. Hit the "Check License" button and all the Pro features will be automatically licensed on the site within 30 seconds.

    Read more about this here.

    Important: If you have any trouble with keyless activation, just click a little "Debug" link beneath the "Check License" button and send us an error you see.

    To learn more about Keyless Activation, read the release article here.

    Then, you can review the all Pro features and enable the ones you want. 

    Each Shield module contains Pro features you may want to use. This is the complete list of the Pro features, what they are used for and how to enable them.

    Please note that enabling/using of any of the ShieldPRO features listed below depends on your personal requirements.

    Shield Module Pro Feature Description Screenshots
    Shield Security extension for MainWP
    Easily integrate Shield Security to help you manage your site security from within MainWP. You don't need to install a separate extension for MainWP.

    You can turn-on Shield's built-in extension for MainWP server and client installations through Shield's Integrations module.

    Important: If this is a MainWP client site, you should add your MainWP Admin Server's IP address to your IP list.


    SPAM detection for contact forms
    Use Shield's built-in SPAM detection system to identify contact form SPAM. Choose the form providers that should be checked for antibot and/ or human SPAM. 

    Integrations Antibot - Custom User Forms Automatically detect Bot requests to custom user forms.

    Select your 3rd party providers to have Shield automatically detect Bot requests to these forms.

    General settings ShieldNET ShieldNET is the all-encompassing term that covers the technology and features that we use to gather security and threat information from across our entire WordPress ecosystem. By collecting information from all active Shield Security plugins, we can offer this information back as threat intelligence to all sites running Shield.

    Read more or watch the video about the ShieldNET here

    General Settings
    Allow WP-CLI
    With WP-CLI you can perform many common actions of the ShieldPRO plugin just as you would with the point-and-click UI.
    More Info

    Common WP-CLI commands for all modules can be found here.

    General Settings CAPTCHA Style 

    Choose your own CAPTCHA style:

    • "light" theme
    • "dark" theme
    • "invisible captcha"

    Before you use this feature, please ensure that Google reCAPTCHA or hCaptcha is enabled.

    This feature is available within the following modules:

    • Shield General (go to CAPTCHA  > CAPTCHA style)
    • Login Guard (go to CAPTCHA > CAPTCHA style)
      More Info

    Note: Captcha is depreciated in Shield. You may want to use the AntiBot Detection Engine (ADE) instead). 

    General Settings Import/Export
    Automatically import options and deploy configurations across your entire security network. You can easily setup the Shield Security plugin on 1 site and have all options replicated to your other sites automatically.

    You can also exclude options you don't want to be imported.

    More Info

    Security Admin Persistent Security Admins
    Specify usernames for Security Admin role.

    Admin users provided will be security admins automatically, without needing the security PIN. 

    Enter admin username, email or ID. 1 entry per-line.

    More Info

    Security Admin
    White Label

    Rename and re-brand the Shield plugin for your client site installations and own your own brand.

    You can also chose your own logo to display on the Two-Factor Authentication login page. The all White Label options are best explained here.

    To activate While Label, make sure that Security Admin system is enabled

    More Info

    Block Bad IPs/Visitors User Auto Unblock With Shield Bot Protection

    Allow your site visitors to automatically unblock themselves from Shield.

    A visitor will only be able to remove themselves from the block list once in a 24 hour period.

    More Info

    Block Bad IPs/Visitors
    User Auto Unblock With Magic Link
    Allow your site logged-in users to automatically unblock themselves from Shield. 

    When logged-in site users get blocked by Shield, they can unblock their IP automatically by using a "magic" link sent by email.

    More Info

    Block Bad IPs/Visitors Request Path Whitelist 

    Prevent requests to particular paths on your site from triggering the IP blacklisting system.

    When a visitor makes a request to your site to the whitelisted URL and triggers the Shield Security system to blacklist or blackmark the visitor IP address, this trigger will be ignored.

    More Info

    Block Bad IPs/Visitors Bot Behaviors
    Shield Security is focused on helping you detect characteristics and behavior commonly associated with illegitimate bots.

    Identify and capture login, probing bots as well as fake web crawlers and empty user agents.

    More Info

    Block Bad IPs/Visitors Manual IP Blacklisting

    Manually add IP you want to blacklist (if needed). These IPs will be permanently blocked. 

    You can add as many IPs as you like. You can also manually block IP address range. Or, you can automatically import a large list of IPs to Whitelist or Blacklist.

    More Info

    Activity Log Auto Clean

    Any activity log entries older than number of days set will be automatically removed from database

    More Info

    Hack Guard Malware Scanner

    Scan and monitor files for Malware infections.

    This scanner monitors and detects presence of Malware signatures. It's a part of the Automatic WordPress File Scanner.

    Keep this scanner turned on, at all times.

    Currently files of the following types are supported: PHP

    More Info

    Hack Guard Plugins & Themes Scanner

    Scan and monitor Plugin & Theme files for changes.

    This scanner is a part of the Automatic WordPress File Scanner.
    It looks for new files added to plugins or themes, and also for changes to existing files.

    Keep this scanner turned on, at all times.

    It doesn't currently detect missing plugin/theme files.

    You can also automatically repair files that have changes, if you want.

    More Info

    Hack Guard  Vulnerability Scanner Regularly scan your list of the installed WordPress plugins and compare their current versions against a list of known plugin vulnerabilities.
    You can also set this scanner to automatically apply updates to items with known vulnerabilities when an update becomes available.

    More Info

    Hack Guard File Locker Lock files against tampering and changes.

    File Locker detects changes to the some of the most important WordPress files as they happen (in realtime). Then, lets you examine contents and revert as required.

    The files covered with File Locker system are:

    WP Config
    Root .htaccess
    Root index.php
    Root Web.Config
    Note: Web.Config is only available for Windows/IIS.

    More Info

    Hack Guard Daily Scan Frequency The default schedule of the automatic scans is once every 24hrs.

    Improve security, increase the schedule of the automated scanners so they run more than once per day.

    More Info

    Hack Guard Show Re-Install Links This feature adds a new link your plugins allowing you to easily re-install a plugin.

    It also adds a message to the "Activate" link letting you re-install the plugin right before activation.
    Plugins & Themes scanner will ensure that the files are clean and original at the time of activation. In this way, plugin files cannot have been compromised or edited in any way.

    Note: These re-install options are only available for plugins that are installed from WordPress.org.

    More Info

    Traffic Watch Custom Exclusions If you want to manually customize exclusions to skip the logging of web requests you know to be legitimate, you can use Custom Exclusions system.This reduces the size of your traffic log and also prevents your logs from filling up with information you might don't need to have logged.

    More Info

    Traffic Watch Traffic Rate Limiting Traffic rate limiting is where you restrict the number of requests a single visitor can make against your site, within a certain period of time.

    Use this feature with care. You could block legitimate visitors who load too many pages in quick succession on your site.

    More Info

    Login Guard 2FA - Allow Any User Allow any user to turn-on Two-Factor Authentication by email.

    Any user can turn on/off 2FA by email from their profile.

    More Info

    Comms SureSend Email SureSend is a dedicated email delivery service from Shield Security. It ensures that you get 2FA email with a verification code so you can complete your login.

    Login Guard Hardware 2FA - Allow U2F Allow users to register U2F devices to complete their login.

    Currently only U2F keys are supported. Built-in fingerprint scanners aren't supported (yet).

    Beta! This may only be used when at least 1 other 2FA option is enabled on a user account.

    More Info

    Login Guard Yubikey multiple keys If you’re using Yubikeys on your WordPress sites – losing your Yubikey could cause some major headaches.

    So with Shield, users can add as many Yubikey devices to their accounts as they’d like.

    More Info

    Login Guard Multi-Factor By-Pass (Remember Me) A user can by-pass Multi-Factor Authentication (MFA) for the set number of days.

    Enter the number of days a user can by-pass future MFA after a successful MFA-login. 0 to disable.

    More Info

    Login Guard Allow Backup Codes Allow users to generate a backup code that can be used to login if MFA factors are unavailable.

    More Info

    User Management User Registration ShieldPRO offers the email validation method for testing new user registration email address. It also allows you to choose how you want Shield to respond when someone tries to register on your site with an invalid email address.

    More Info

    User Management Password Policies Have full control over passwords used by users on the site.

    Once you have Password Policies feature turned on and the password quality requirements set, all users roles (including Security Admin) must meet those requirements - there's no exceptions whatsoever. Otherwise, they will not be able to login. 

    More Info

    User Management User Suspension This feature allows administrators to manually and automatically suspend any user account.

    More Info

    User Management User and Admin Login Notification Email For user login:
    Notification is sent to each user when a successful login occurs for their account.

    For admin login:
    You can supply multiple email addresses for Administrator login notifications.

    More Info

    Comments SPAM Trusted User Roles Protect against comments SPAM by registered users.

    Shield doesn't normally scan comments from logged-in or registered users.

    Specify user roles here that shouldn't be scanned.

    Take a new line for each user role.

    More Info

    Automatic Updates Update Delay Protect your WordPress site against auto-update disasters. 

    This feature forces any automatic upgrade to be delayed for a set number of days. This allows time for killer bugs to be discovered and patched before your site automatically updates.

    So, Shield will delay upgrades until the new update has been available for the set number of days. This helps ensure updates are more stable before they're automatically applied to your site.

    More Info

    HTTP Headers Manual CSP Rules You can add manual CSP rules which are not covered by the rules listed under the CSP Headers section.

    You should test them on your site thoroughly first.

    Take a new line per rule.

    More Info

    Other Shield’s 2FA/MFA UI Add exactly the same user interface as seen in the WordPress admin area, to the frontend with the use of a simple WordPress shortcode.

    We’ve adjusted the UI to ensure that the user experience in either formats (backend or frontend) is identical.

    More Info

    Other 3rd-Party Support The 3rd-Party Support feature works with 3rd party platforms such as WooCommerce, BuddyPress, and Easy Digital Downloads. 

    It provides the following:

    - User Registration & Login Bot Protection
    - 2-Factor Authentication for users and customers
    - Support Woocommerce social logins

    The 3rd-Party Support feature is enabled by default on Pro sites.

    The full list of the compatible WordPress membership plugins can be found here.

    Other Customise 2FA Email Content You can change the content shown to users through the use of custom templates.

    At this moment, you can customise Two-Factor Authentication Code email.

    More Info

    Need Help?

    ShieldPRO support has worked very hard putting together comprehensive guides to troubleshooting. We’ve identified the most common customer questions, and have outlined solutions in many articles in our Help Center here.

    If you can't find the answer to your question in the Help Center, get in touch any time so we can help. For the best place to start with your support ticket submission, please follow this link here.

    Interested in Affiliate Rewards For Shield Security PRO?

    All you need to do is complete the registration form, and soon your sites will be setup for automatic referral links using the plugin badge.

    We go into all the details here.  Also, unlike other referral schemes that only give you once-off rewards, our referrals are for life.