ShieldPRO 11.4 Upgrade Guide

With ShieldPRO v11.4 we’re moving full-steam ahead with ShieldNET, which will significantly raise the bar for WordPress security.
ShieldNET is our solution to the challenge of sharing the awareness of threats between individual Shield plugins.
You can get more information about ShieldNET in the release blog post here.
This guide outlines what have been added/removed, changed, or improved and what fixes we've made.
Firstly, we're going to explain what major changes are made and which options you'd need to review.
Change 1:  Begin ShieldNET integration to provide Network Intelligence for Bots & IP addresses
In this release, we’re levelling-up your WordPress security by giving ShieldPRO access to data about threats seen throughout the entire WordPress network.
We’re calling this new platform ShieldNET: WordPress Network Threat Intelligence
You can now start to see ShieldNET scores for IP addresses based on the cumulative intelligence gathered for IP addresses. By combining scores for IP addresses across many different Shield Security installations we can provide a more accurate IP reputation score. These scores won't be used yet to respond to threats on your WordPress site, but this will be the goal.

ShieldNET is enabled by default. You can find this setting under the General Settings => General Options:

Change 2:  A new public IP Bot Or Not Tool  added
There is no shortage of tools out there where you can look up information about an IP address.
We’ve built something similar, but we’ve also added summary information from our ShieldNET database.
Note: Until data starts coming in to us, the availability of IP Score reputation information will be quite limited.
Change 3: An improved navigation bar
We’re continuing with our incremental improvements to Shield’s User Interface. With this release, we’ve reduced the text-heavy look and feel with user-friendly icons and floating sub-menus.

The screenshots below will demonstrate the difference very clearly.

Older, text-heavy navigation with collapsing sub-menus:

Newer, icon-based navigation menu, with floating sub-menus:

Improvements

We've made the following improvements: 

  • 11.4 release
    • WordPress plugins and themes vulnerability scanning
      We announced a couple of months ago that we’d be moving to use Patchstack as our preferred provider of WordPress vulnerabilities data.
      While we haven’t made the switch just yet, we’ve put the updated code in-place so that when we do your Shield plugin won’t be affected in any way, and will continue as normal.
    • Minimum WordPress version changed from 3.5.2 to 3.7.
    • Generating QR codes for Google Authenticator is improved by using the ShieldNET API.

      The code necessary to generate QR Code for Google Authenticator is quite large and required the GD extension to be enabled. Not all WordPress installation offer this, so we've provided a ShieldNET API endpoint to easily generate the QR codes.
    • Capturing and managing of user sessions is improved.
    • Capturing and managing user 2-Factor Authentication is improved.
  • 11.4.2 release
    • Tweaks and adjustments to crowd-sourced hashing.
  • 11.4.3 release
    • Refinements to the ShieldNET cron processing.

Fixes

We've made the following fixes

  • 11.4 release
    • We’ve fixed a few bugs with Shield that were relating user sessions and how reliably Shield was capturing them.
  • 11.4.2 release
    • Certain modules would still run even though 'forceoff' file was present.
    • HTML formatting issue with the 2FA Login Page.
  • 11.4.4 release
    • Prevent a rare fatal error on certain pages.
  • 11.4.5 release
    • Fix for error showing in logs during cron.

For more information on Shield 11.4 release, read the blog article here.