Introducing Shield – The professional WordPress security solution

Shield Security is the professional security solution for WordPress. It is the most advanced and easy-to-use WordPress security plugin in the world. Per download, Shield Security has the highest 5* rating in the WordPress plugin repository.
If your site is vulnerable to attack, you’re putting your business and your reputation at serious risk. Getting hacked can mean you’re locked out of your site, client data stolen, your website defaced or offline, and Google will penalise you. Shield eliminates that risk and ensures you have the most powerful WordPress security system working for you and protecting your site.

Shield’s goal is also to help you become free from repetitive and complicated security work, allowing you to re-focus and re-dedicate yourself to the work you love to do.

For more information about Shield, visit our website here.

Here are the most important things you should know about Shield Security plugin:

Shield plugin compatibility

Using multiple WordPress security plugins may have unpredictable results. To find out how Shield works when combined with Wordfence, Sucuri, JetPack, read the articles here

Shield installation instructions

This plugin should install as any other WordPress.org repository plugin.

  • Browse to Plugins => Add Plugin
  • Search: Shield
  • Click "Install"
  • Click to Activate

A new menu item will appear on the left-hand side called ‘Shield Security".

Note: If you want to download Shield, you can do that by following this link:
https://wordpress.org/plugins/wp-simple-firewall/

Integrations

Shield automatically integrates with 3rd party plugins, such as MainWP

It can also automatically protect 3rd party contact, login and registration forms against Bots. It uses our exclusive AntiBot Detection Engine to reliably identify bots.

What is the AntiBot Detection Engine (ADE)?

AntiBot Detection Engine (ADE) is ShieldPRO's exclusive bot-detection technology that removes the needs for CAPTCHA and other challenges.

It's best explained in this blog article here.

How to enable/disable Shield Security plugin

Once installed, Shield (with all its modules) is enabled by default. If you want to disable the plugin entirely, you can do that through General Settings (sidebar navigation menu => Configuration => General => Disable Shield).

Note: This plugin contains various different sections/modules of protection for your site and you should choose which you need based on your own requirements. Why this? It’s simple: performance and optimization – there is no reason to automatically turn on features for people that don’t need it as each site and set of requirements is different.

This guide may be helpful for you to get started:
https://getshieldsecurity.com/getting-started-guide/

What are the Shield Security's sections/modules and how do they work?

Shield Security is composed of various different sections / modules, and each one of them has a certain purpose.

  • Shield General Settings section - Designed for plugin basic settings.
  • Security Admin module - Restricts access to the plugin preventing unauthorized changes to your security settings.
  • Block Bad IPs/Visitors module - The Automatic IP Black List system will block the IP addresses of naughty visitors after a specified number of offenses.
  • Audit Trail module - Monitors your WordPress site and for certain specific actions that take place, it will record it in the database for your review, if necessary. 
  • Hack Guard module - This system is a set of tools to warn you and protect you against hacks on your site. 
  • Traffic Watch module - your silent site traffic watcher which you can use to find out what exactly is going on your site.
  • Firewall module - Designed to analyse data sent to your website and block any request that appear to be malicious
  • Login Guard module - Blocks all automated and brute force attempts to log in to your site.
  • User Management module: Offers real user sessions, finer control over user session time-out, and ensures users have logged-in in a correct manner.
  • Comments SPAM module - The Comments Filter can block 100% of automated spam bots and also offer the option to analyse human-generated spam.
  • Reporting module - Receive regular reports from the plugin summarising important events.
  • Third Party Integrations - Shield can automatically integrate with 3rd party plugins.
  • Automatic Updates module - Lets you manage the WordPress automatic updates system (engine) so you choose what exactly gets updated automatically. 
  • HTTP Headers module - Protect visitors to your site by implementing increased security response headers.
  • WP Lockdown module - Helps secure-up certain loosely-controlled WordPress settings on your site.
  • Communications - Use SureSend, Shield's dedicated email delivery service to send the 2FA code

Security Admin PIN

Security Admin module is a critical component to the WordPress Shield Security plugin. When this module is turned on, you limit access to whole Shield plugin. Only administrators that know the authentication key will have access.

If you leave Security Admin PIN field empty, no changes will be made to the key, but if you put anything in this option, it will be saved as the authentication PIN and will be used for future Super Admin session.

Note: The Super Admin protection feature can’t be enabled with an empty authentication PIN. If the authentication PIN is empty the option will be switched off automatically.

If you forget your Security Admin PIN, you could potentially lock yourself out from using this plugin. If that happens, please follow this help article.

For more information on the Security Admin PIN, read the blog article here.

How to setup Google reCAPTCHA or hCaptcha for use across Shield

Google reCAPTCHA and hCaptcha options are available under the General Settings section. 

For example, if you want to use Google reCAPTCHA, there are 2 steps necessary to complete before you can make full use of reCAPTCHA across Shield:

  1. Register for Google reCAPTCHA keys
  2. Enter your "Site" and "Secret" keys for use throughout the Shield

To learn how to setup CAPTCHA, read the article here.

How to monitor your site activities 

If you want to monitor your site activities (or if you are blocked and you want to find out why) the Audit Trail module is the best solution for you. This module will let you see exactly what has been happening on your site so you can easily look back on events and analyse what happened and what may have gone wrong. 

To review your site activities, simply use the Audit Trail Viewer.

Find out how to use the Audit Trail Viewer here.

How to monitor your site traffic

If you want to monitor and review all requests to your site, you can use Traffic Watch module.

Find out how to use Traffic Watch Viewer here.

How to analyse and manage whitelisted and blacklisted IP addresses

To do this, you can use IP Management and Analysis tool.

Find out how to use this tool here.

What is the Shield Security plugin badge?

This is a completely 100% optional plugin  option and it does not come enabled on your site by default. It is a means of promoting the Shield Security plugin to visitors who may not be using a WordPress security plugin.

You can simply enable this option and it will place a small badge on the bottom-left of your website. This badge contains the logo of the plugin along with a link to further information. 

For more information on the Shield Security plugin badge, read the blog article here.

What is the Shield Welcome Wizard?

Welcome Wizard is added in the Shield with the purpose to help you to perform certain actions easier.

You can find more information on this here.

Shield Security Overview

Shield Security Overview is designed to provide a high-level summary of your WordPress site security and Shield activity. 

It provides a real-time, in-depth analysis of your WordPress site to proactively identify threats to security and stability.

You can see a small demo of how this works here.

White Label

White Label system provides you the ability to rename and re-brand the Shield plugin for your client site installations. With this system, you can own your own brand.

It's easy to use and it meets the needs of the small and larger organization. 

Learn more about White Label here.

What is Shield SecurityPRO?

Shield SecurityPRO takes an already established WordPress Security plugin to the level required by businesses and professionals to get the job done better and faster. It optimises your workflow making it easier to implement security across all the sites that you manage.

To find out what the extra features for ShieldPRO are, read the article here.

Note: If you'd like to read more about ShieldPRO and how to purchase, please follow this link here.

Conclusion

Shield is our answer to WordPress security management. We built it to solve a few key issues we found with WordPress security and existing WordPress security plugins, namely:

  • Ease of use (or lack thereof)
  • WordPress and web hosting compatibility (or lack thereof)
  • Effectiveness combined with simplicity (or lack thereof)

In this article, we have covered the most important things you should know about Shield Security plugin. But, we also recommend you to:

In case you want to know what other users say about Shield, please follow this link.

Or, if you are a ShieldPRO customer and you need help, please see here how to contact us