What are the extra features for ShieldPRO?

No separate Pro plugin using our unique Keyless Activation technology.

You no longer need to manage license keys, just activate your Pro license by providing your site URL in your control panel and hit the "Check License" button.

Pro features will be automatically licensed on the site within 30 seconds.

• Setup the Shield Security plugin on 1 site and have all options replicated to your other sites automatically
• Import/export of Shield settings using files (download and upload)
• Exclude options you don't want to be imported.

• plugin name and the main menu plugin title 
• company name
• plugin description and home page URL
• main menu icon and dashboard logo
• 2FA login logo
• and hide available Shield updates from non-security admins.

• Discovers all sorts of malware patterns embedded in your PHP files, wherever they're hidden on your WordPress site.
• Applies repair automatically to the malware infected files

• Scans and monitors Plugin & Theme files for changes.
  This scanner kooks for new files added to plugins or themes, and also for changes to existing files.

• Applies repair automatically to modified plugins/themes files.

• Regularly scans your WordPress plugins for known security vulnerabilities
• Elegant display on plugins page of all vulnerabilities
• Applies updates automatically to vulnerable plugins

• Detects changes to the some of the most important WordPress files as they happen (in realtime). Then, lets you examine contents and revert as required.
• Lock your WP Config, .htaccess, index.php files against tampering and changes.
• You can also lock Web.Config file. This is only available for Windows/IIS.

The default schedule of the automatic scans is once every 24hrs.

Improve security, increase the schedule of the automated scanners so they run more than once per day.

When this feature is enabled, it will make 2 changes to your WordPress admin plugins page:

1. It adds a new link your plugins allowing you to easily re-install a plugin.
2. It adds a message to the "Activate" link letting you re-install the plugin right before activation.

Plugins & Themes scanner will ensure that the files are clean and original at the time of activation. In this way, plugin files cannot have been compromised or edited in any way.

Reporting feature helps you see at a glance how effective the plugin has been.

This is a central "Alerts" and "Info" reporting system.

For example, rather than 1 email per scan, you'll get 1 email per site, as often as you prefer.

And, you'll only ever be notified once per item/result. No more, no less. So you can act on it there and then, or not, but you'll not hear about it again via email.

You can set

1. Alert Frequency - how often should you be sent important alerts
   
2. Info Frequency - how often should you be sent information reports

Protect your WordPress site against auto-update disasters. 

This feature forces any automatic upgrade to be delayed for a set number of days. This allows time for killer bugs to be discovered and patched before your site automatically updates.

So, Shield will delay upgrades until the new update has been available for the set number of days. This helps ensure updates are more stable before they're automatically applied to your site.

Identify and capture Bot when it tries to login with a non-existent username. This includes the default 'admin' if you've removed that account.

This may indicate a bot’s attempt to login. Since it used a non-existent username, chances are higher that it’s a bot.

You can also decide how you want Shield to respond:

• Audit Log Only
• Increment Offense
• Double Offense
• Immediate block

• Identify a bot when it hits a 404 
• Mouse Trap - tempt a bot with a fake link to follow 
• Identify a bot when it accesses XML-RPC 
• Detect when a bot tries to load WordPress directly from a file that isn't normally used to load WordPress.

You can also decide how you want Shield to respond:

• Audit Log Only
• Increment Offense
• Double Offense
• Immediate block

• Identify a Bot when it presents as an official web crawler, but analysis shows it's fake.
• Identify a bot when the user agent is not provided. 

You can also decide how you want Shield to respond:

• Audit Log Only
• Increment Offense
• Double Offense
• Immediate block

Use Shield's built-in SPAM detection system to identify contact form SPAM. Choose the form providers that should be checked for antibot and/ or human SPAM. 

Visitors that have had their IP address blocked by Shield have 2 options to unblock their IP address immediately:

• With Shield Bot Protection - checking the bot protection checkbox
  
• Magic Email Links To Unblock Logged-In Users - using auto-unblock link sent by email
  

Your users will be able to create recovery codes to be used any time there's a problem with their normal 2FA devices or systems.

Prevent requests to particular paths on your site from triggering the IP blacklisting system.

Use WordPress U2F Authentication for advanced login security.

Currently only U2F keys are supported. Built-in fingerprint scanners aren't supported (yet).

Beta! This may only be used when at least 1 other 2FA option is enabled on a user account.

Allow any user to turn-on Two-Factor Authentication by email.

Any user can turn on/off 2FA by email from their profile.

Control user registration and prevent SPAM.

• Validate email addresses when user attempts to register
• Select email address properties that will be tested

• Prevents use of ‘pwned passwords’
• Enforces minimum password length
• Enforces minimum password strength
• Enforces existing users to update their passwords if they don't meet requirements, after they next login
• Expires all passwords forcing all users to reset their passwords after they next login

• Users may be manually suspended by admins to prevent future login. 
• Automatically suspends login by users and requires password reset to unsuspend.
• Automatically suspends login for idle accounts and requires password reset to unsuspend.
• Automatic suspension for idle accounts to the specified user roles.

Supply multiple email addresses for administrator login notifications.

Be notified every time an administrator user logs into this WordPress site

Protection against comments SPAM by registered users.

• Increase the minimum number of valid comments from one to ‘as many as you like‘.
• Automatically trust certain user roles

Shield doesn't normally scan comments from logged-in or registered users. Specify user roles that shouldn't be scanned.

• Any visitor that exceeds the number of requests in the given time period will register an offense against their IP address.
• Set the time period within which to monitor for multiple requests that exceed the max request limit.

Manually customize exclusions to skip the logging of web requests you know to be legitimate.

This reduces the size of your traffic log and also prevents your logs from filling up with information you might don't need to have logged. 

Admin users provided will be security admins automatically, without needing to authorize with the security admin PIN. 

Choose your own Google reCaptcha or hCaptcha style:

• "light" theme
• "dark" theme
• "invisible captcha"

This feature is available within the following modules:

• Shield General
• Login Guard
• Comments SPAM

The 3rd-Party Support feature is a part of the Login Guard module. It works with 3rd party platforms such as WooCommerce, BuddyPress, Easy Digital Downloads and so on. 

It provides the following:

• User Registration & Login Bot Protection
• 2-Factor Authentication for users and customers
  (free option)
• Support Woocommerce social logins

The 3rd-Party Support feature is enabled by default on Pro sites.

The full list of the compatible WordPress membership plugins can be found here.

• Firewall Block Message - customize the messages displayed to the user that trigger the firewall
• GASP Checkbox Text - change the text displayed to the user beside the checkbox
• GASP Alert Text - change the text displayed to the user in the alert message if they don't check the box
• Login Failed - customize the message displayed if the visitor fails a login attempt
• Remaining Offenses - customize the message displayed if the visitor triggered the IP Offense system and reports how many offenses remain before being blocked

You can change the content shown to users through the use of custom templates.

At this moment, you can customise Two-Factor Authentication Code email.