What are the extra features for ShieldPRO?

Shield Security Pro takes an already established WordPress Security plugin to the level required by businesses and professionals to get the job done better and faster. It optimises your workflow making it easier to implement security across all the sites that you manage.

There are plenty of powerful features that are available in ShieldPRO. For example, Malware Scanner, or Plugins/Themes Scanner, Password Policies... 

Please find below list of the all ShieldPRO features you can use to increase your site security.

Pro Feature
Exclusive Customer Support We deliver the best possible support experience that our customers demand.

You can see here what other ShieldPRO users say about us.
Easy PRO Activation

No separate Pro plugin using our unique Keyless Activation technology.

You no longer need to manage license keys, just activate your Pro license by providing your site URL in your control panel and hit the "Check License" button.

Pro features will be automatically licensed on the site within 30 seconds.

ShieldNET is the all-encompassing term that covers the technology and features that we use to gather security and threat information from across our entire WordPress ecosystem. By collecting information from all active Shield Security plugins, we can offer this information back as threat intelligence to all sites running Shield.

The responsibility of identifying threats is then shifted away from individual sites to the collective.

A single site only knows what it knows. But when 10,000 sites get together and share information, they each know what 10,000 sites know.

This is massive. It completely transforms what’s possible when mitigating threats to our WordPress sites.
For more information about ShieldNET, read the release blog post or watch the video here
CrowdSec Integration With the CrowdSec integration enabled, Shield will track malicious visitors and then shares this information with CrowdSec, which ultimately then shares the data with other WordPress sites. 
More Info
Custom Activity Logs and Events There is the option to log custom events to Shield's Activity Log. It's impossible that Shield can log every possibly event for every plugin and scenario, so you can now add logging for all your desired site events. This is an advanced option and will require professional software development experience to implement. 
Shield Security extension for MainWP
Easily integrate Shield Security to help you manage your site security from within MainWP. You don't need to install a separate extension for MainWP.

You can turn-on Shield's built-in extension for MainWP server and client installations through Shield's Integrations module.
Allow WP-CLI
With WP-CLI you can perform many common actions of the ShieldPRO plugin just as you would with the point-and-click UI.
  • Setup the Shield Security plugin on 1 site and have all options replicated to your other sites automatically
  • Import/export of Shield settings using files (download and upload)
  • Exclude options you don't want to be imported.
White Label Security
Build and strengthen your own brand . Set your own:

  • plugin name and the main menu plugin title 
  • company name
  • plugin description and home page URL
  • main menu icon and dashboard logo
  • 2FA login logo
  • and hide available Shield updates from non-security admins.
Malware Scanner
  • Discovers all sorts of malware patterns embedded in your PHP files, wherever they're hidden on your WordPress site.
  • Applies repair automatically to the malware infected files
Plugins & Themes Scanner
  • Scans and monitors Plugin & Theme files for changes.
    This scanner kooks for new files added to plugins or themes, and also for changes to existing files.
  • Applies repair automatically to modified plugins/themes files.
Vulnerability Scanner
  • Regularly scans your WordPress plugins for known security vulnerabilities
  • Elegant display on plugins page of all vulnerabilities
  • Applies updates automatically to vulnerable plugins
File Locker
  • Detects changes to the some of the most important WordPress files as they happen (in realtime). Then, lets you examine contents and revert as required.
  • Lock your WP Config, .htaccess, index.php files against tampering and changes.
  • You can also lock Web.Config file. This is only available for Windows/IIS.
Daily Scan Frequency

The default schedule of the automatic scans is once every 24hrs.

Improve security, increase the schedule of the automated scanners so they run more than once per day.

Show Re-Install Links

When this feature is enabled, it will make 2 changes to your WordPress admin plugins page:

  1. It adds a new link your plugins allowing you to easily re-install a plugin.
  2. It adds a message to the "Activate" link letting you re-install the plugin right before activation.

Plugins & Themes scanner will ensure that the files are clean and original at the time of activation. In this way, plugin files cannot have been compromised or edited in any way.

Scan Exclusions
You can use this option to automatically exclude files and folders from scans.

Reporting feature helps you see at a glance how effective the plugin has been.

This is a central "Alerts" and "Info" reporting system.

For example, rather than 1 email per scan, you'll get 1 email per site, as often as you prefer.

And, you'll only ever be notified once per item/result. No more, no less. So you can act on it there and then, or not, but you'll not hear about it again via email.

You can set

  1. Alert Frequency - how often should you be sent important alerts
  2. Info Frequency - how often should you be sent information reports
Update Delay

Protect your WordPress site against auto-update disasters. 

This feature forces any automatic upgrade to be delayed for a set number of days. This allows time for killer bugs to be discovered and patched before your site automatically updates.

So, Shield will delay upgrades until the new update has been available for the set number of days. This helps ensure updates are more stable before they're automatically applied to your site.

Detect & Capture Login Bots

Identify and capture Bot when it tries to login with a non-existent username. This includes the default 'admin' if you've removed that account.

This may indicate a bot’s attempt to login. Since it used a non-existent username, chances are higher that it’s a bot.

You can also decide how you want Shield to respond:

  • Audit Log Only
  • Increment Offense
  • Double Offense
  • Immediate block
Detect & Capture Probing Bots
  • Identify a bot when it hits a 404 
  • Mouse Trap - tempt a bot with a fake link to follow 
  • Identify a bot when it accesses XML-RPC 
  • Detect when a bot tries to load WordPress directly from a file that isn't normally used to load WordPress.

You can also decide how you want Shield to respond:

  • Audit Log Only
  • Increment Offense
  • Double Offense
  • Immediate block
Detect Bot Behaviors
  • Identify a Bot when it presents as an official web crawler, but analysis shows it's fake.
  • Identify a bot when the user agent is not provided. 

You can also decide how you want Shield to respond:

  • Audit Log Only
  • Increment Offense
  • Double Offense
  • Immediate block
Antibot and Human SPAM Detection for Contact Form Providers (Contact Form 7, etc.) 

Use Shield's built-in SPAM detection system to identify contact form SPAM. Choose the form providers that should be checked for antibot and/ or human SPAM. 

Antibot - Custom User Forms  Automatically detect Bot requests to custom user forms.

Select your 3rd party providers to have Shield automatically detect Bot requests to these forms.
User Auto Unblock

Visitors that have had their IP address blocked by Shield have 2 options to unblock their IP address immediately:

  • With Shield Bot Protection - checking the bot protection checkbox
  • Magic Email Links To Unblock Logged-In Users - using auto-unblock link sent by email
Allow Backup Codes

Your users will be able to create recovery codes to be used any time there's a problem with their normal 2FA devices or systems.

Request Path Whitelist

Prevent requests to particular paths on your site from triggering the IP blacklisting system.

Hardware 2FA - Allow U2F

Use WordPress U2F Authentication for advanced login security.

Currently only U2F keys are supported. Built-in fingerprint scanners aren't supported (yet).

Beta! This may only be used when at least 1 other 2FA option is enabled on a user account.

2FA - Allow Any User

Allow any user to turn-on Two-Factor Authentication by email.

Any user can turn on/off 2FA by email from their profile.

SureSend Email
Sure dedicated email delivery service from Shield Security. It ensures that you get 2FA email with a verification code so you can complete your login.
Multiple Yubikeys per user profile
Users can add as many Yubikey devices to their accounts as they’d like.
Multi-Factor By-Pass (Remember Me)
Set the number of days that Shield will "remember" a successful 2FA login.
User Registration

Control user registration and prevent SPAM.

  • Validate email addresses when user attempts to register
  • Select email address properties that will be tested
Password Policies 
  • Prevents use of ‘pwned passwords’
  • Enforces minimum password length
  • Enforces minimum password strength
  • Enforces existing users to update their passwords if they don't meet requirements, after they next login
  • Expires all passwords forcing all users to reset their passwords after they next login
User Suspension
  • Users may be manually suspended by admins to prevent future login. 
  • Automatically suspends login by users and requires password reset to unsuspend.
  • Automatically suspends login for idle accounts and requires password reset to unsuspend.
  • Automatic suspension for idle accounts to the specified user roles.
User Login Notification Email
Users notification is sent to each user when a successful login occurs for their account.
Login Notification Email for Admins

Supply multiple email addresses for administrator login notifications.

Be notified every time an administrator user logs into this WordPress site

Trusted User Roles (Commenter) 

Protection against comments SPAM by registered users.

  • Increase the minimum number of valid comments from one to ‘as many as you like‘.
  • Automatically trust certain user roles

Shield doesn't normally scan comments from logged-in or registered users. Specify user roles that shouldn't be scanned.

Traffic Rate Limiting
  • Any visitor that exceeds the number of requests in the given time period will register an offense against their IP address.
  • Set the time period within which to monitor for multiple requests that exceed the max request limit.
Custom Traffic Log Exclusions

Manually customize exclusions to skip the logging of web requests you know to be legitimate.

This reduces the size of your traffic log and also prevents your logs from filling up with information you might don't need to have logged. 

Persistent Security Admins
Specify usernames for Security Admin role.

Admin users provided will be security admins automatically, without needing to authorize with the security admin PIN. 

Manual CSP Rules
Add manual CSP rules which are not covered by the rules listed under the CSP HTTP Headers section.

Choose your own Google reCaptcha or hCaptcha style:

  • "light" theme
  • "dark" theme
  • "invisible captcha"

This feature is available within the following modules:

  • Shield General
  • Login Guard
  • Comments SPAM
3rd-Party Support

The 3rd-Party Support feature is a part of the Login Guard module. It works with 3rd party platforms such as WooCommerce, BuddyPress, Easy Digital Downloads and so on. 

It provides the following:

  • User Registration & Login Bot Protection
  • 2-Factor Authentication for users and customers
    (free option)
  • Support Woocommerce social logins

The 3rd-Party Support feature is enabled by default on Pro sites.

The full list of the compatible WordPress membership plugins can be found here.

AntiBot JS
You can use AntiBot JS includes for custom 3rd party form.

Enter the selectors of the 3rd party login forms for use with AntiBot JS. 

This is experimental. Please contact support for further assistance. For the best place to start with your support ticket submission, please follow this link here.
Shield’s 2FA/MFA UI Add exactly the same user interface as seen in the WordPress admin area, to the frontend with the use of a simple WordPress shortcode.

We’ve adjusted the UI to ensure that the user experience in either formats (backend or frontend) is identical.
Customise User Messages
  • Firewall Block Message - customize the messages displayed to the user that trigger the firewall
  • GASP Checkbox Text - change the text displayed to the user beside the checkbox
  • GASP Alert Text - change the text displayed to the user in the alert message if they don't check the box
  • Login Failed - customize the message displayed if the visitor fails a login attempt
  • Remaining Offenses - customize the message displayed if the visitor triggered the IP Offense system and reports how many offenses remain before being blocked
Customise 2FA Email Content

You can change the content shown to users through the use of custom templates.

At this moment, you can customise Two-Factor Authentication Code email.

Coming soon:

  • Select individual automatic plugin updates
  • Improved Security Admin features
  • and much, much more...

How to upgrade to ShieldPRO

ShieldPRO is available within our Shield Security Pro website. If you want to purchase ShieldPRO please follow this link here.

You can also sign-up for a free ShieldPRO trial.

We’re offering 14-days so you can try out all the ShieldPRO features on any site you’d like to. You’ll get complete, unrestricted access to all PRO features.

The only limitation we have is:

  • 1 trial per person/site

To get started on the free trial, you’ll need to sign-up to it here.

Need Help?

Our team is eager to assist you. If you have any questions, get in touch here so we can help.

Interested in Affiliate Rewards For Shield Security PRO?

All you need to do is complete the registration form, and soon your sites will be setup for automatic referral links using the plugin badge.

We go into all the details here.  Also, unlike other referral schemes that only give you once-off rewards, our referrals are for life.