ShieldPRO 12.0 Upgrade Guide

ShieldPRO 12.0 for WordPress sees all new, WordPress Security Audi Log making it much, much easier to see what’s happening on your site and take any corrective actions.

Important: We changed minimum required MySQL version for Shield v12.0+. Shield processed IPv4 and IPv6 addresses and stores them in the MySQL database. With this upgrade, the minimum required MySQL database engine is moving to 5.6. You may find more details about this here.

This guide outlines what have been added/removed, changed, or improved and what fixes we've made.

Firstly, we're going to explain what major changes are made and which options you'd need to review.

Change 1: All-New WordPress Security Audit Log

A full detailed log of each and every event that happens on a WordPress site is critical to knowing what threats the website is facing and if, and how, they’re being handled.

As this is a complete rewrite of the security audit log system for Shield, there have been a number of changes that you may want to be aware of and here are just a few of them:

Security Log Severity Levels

Every single event in the Shield system has a log “level” or “severity”. By default, Shield will switch on Alert, Warning & Notice events. If you’re seeing any issues and you’d like more information about what’s happening on a site, you can enable extra levels as you require.

What logging levels your audit trail is going to log depends on your settings under the Audit Trail module => Configure.

Note: ShieldFREE has access to only DB-based Logging.

If you would like access to filesystem-based logging or any of the future developments in this area, you will need to upgrade to ShieldPRO.

There are x2 types of log destination settings available:

Log to database
Log to file

You can log events to the file system, and you can select which log levels are sent to that location (separately from the DB log levels).

Important: Only events with the levels selected in the setting explained above will be logged.

Under the main menu => View Docs => Event Details you can view all event details and their assigned levels:

Improved Security Log Display

We’ve moved log tables display to our preferred table UI system ( datatables.js) and provided complete search and filtering options so you can drill down into the events on your sites with ease. You’ll be able to filter by IP addresses, log severity, event names, and more.

More Logs For ShieldFREE

In the older audit trail, ShieldFREE logs were limited to 100 entries. We felt this was a little prohibitive and so we’ve changed how the limits are handled. Instead of limiting the quantity, ShieldFREE will be limited to a maximum of 7 days worth of logs.

If you want to store more logs, you’ll need to upgrade.

This means the options for limiting the quantity of DB-stored logs has been completely removed (option Max Trail Length)...

... and replaced with a time-based limit option (above).

For further details on the audit trail changes, please read the release blog post here.

Change 2: Tighter Integration With Traffic Data

The Traffic Watch module offers great insights into the realtime requests being sent to our sites in a way that analytics tools and server logs just can’t provide.

Bringing that data into the Audit Trail has been difficult until now, because of the way Shield’s database and data was being stored.

The Traffic Log system has also been completely rewritten, so that we can easily integrate this data. You’ll now have the option to view the precise request information and parameters for any log entry directly from within the Security Audit Log table.

Traffic logs are no longer limited by amount. They are instead limited by age (in days). Updated configuration options are available.

This means that option for limiting the quantity of DB-stored traffic logs has been completely removed (option Max Log Length):

Only a time-based limit option is available:

Change 3: NotBot JS is always loaded by default

Since many customers are using caching and optimisation plugins that interfere with NotBot JS, it is now loaded for all visitors by default.

An option within the plugin has been provided to revert to the normal optimised loading of the NotBot JS.

Change 4: U2F 2-Factor Authentication bypasses MFA

U2F is a strong 2FA mechanism and so it doesn't really need to be used in conjunction with other factors. When the Chained/MFA option is enabled, when U2F is supplied, this can be done alone without the need for other factors.

Improvements

We've made the following improvements:

12.0 release
- Audit Trail Logs Description
  Logged events now have more descriptive messages along with more meta details for the event.
- Audit Trail Meta Data
  By linking the Audit Trail to the Traffic Log, you can now see request data alongside Audit Logs.
- Plugin Data Storage
  We're adding some smarter data storage to the plugin through more complex and interconnected database tables. This approach reduces repeated and redundant data storage and disk usage.
- Scanning Improvements and Fixes
  Based on customer feedback we've made some adjustments and fixes to the scans and results processing.

Removed options

We removed the following options:

Audit Trail - Max Trail Length
Traffic Watch - Max Log Length and download .csv file

Fixes

We've made the following fixes

12.0.4 release
- Prevent PHP exception being thrown in certain cases.
12.0.8 release
- Ensure Shield runs only on supported MySQL servers.
12.0.9 release
- Error when processing certain types of query strings in the firewall.
- Yubikey 2FA verification was failing with a nonce less than 16 characters.
12.0.11 release
- A few minor fixes, along with slight optimisation of NotBot JS.
- Issue with managing Shield Central profiles.
12.0.13 release
- Improve support for auto-login systems like ManageWP admin login.

For more information about this release, read the blog article here.