ShieldPRO 14.1 Upgrade Guide

ShieldPRO 14.1 release brings a huge WordPress REST API integration along with some much-needed tweaks and enhancements.

This guide outlines what have been added/removed, changed, or improved and what fixes we've made.

Firstly, we're going to explain what major changes are made and which options you'd need to review.

Changes

Change 1: Deprecated: Options for CAPTCHA and GASP bot checking on WordPress comments

The options to use CAPTCHA and/or GASP Bot Checking for WordPress Comment SPAM has been deprecated. These options are replaced with the AntiBot Detection Engine and completely removed.

Old settings

New settings (options removed)

The all depreciated Comments SPAM options can be found under the "Depreciated Options" settings here:

New added features

For 14.1 release we added

[Pro] Option to load Shield as a WordPress Must-Use (MU) plugin

To prevent unwanted or accidental deactivation of the Shield plugin, Shield can be converted to an MU plugin.

The setting can be found under the Security Admin module:

Show recent User Session in Admin Bar

Show quick links to recently active (10 minutes) user sessions in the admin bar and the most recently active sessions. For example:

Show recent Offenses in Admin Bar

Show quick links to recently active offenses (IPs) in the admin bar. For example:

When you click the link of a particular offended IP address it'll direct you to the IP Analysis section so you can get a further details about that IP. For example:

WordPress REST API for deep Shield Security integrations

With ShieldPRO 14.1 we released our brand new REST API integration for our WordPress security plugin.

Complete REST API

Partners and developers can now manage the Shield Security plugin completely with the new REST API.

REST API Routes

New REST API endpoints let you manage many areas of the Shield Security plugin.

get/set any single option, or group of options
get scan results & status, and start new scans and check their status
add/remove IP addresses to/from any list (block or bypass)
check for, and remove, ShieldPRO license
run Debug to get general site information summary for debug purposes

For more details about this new REST API integration, please read this blog article here.

Support for Application Password Authentication failures

Shield detects and logs when application passwords have been used incorrectly and applies offenses.

Improvements

For 14.1 release we've made the following improvements

Speed-up for Audit Trail and Traffic Log tables

Audit Trail and Traffic Log tables are usually huge and loading them were slow. They're now entirely AJAX based and fast-loading.
IP record management error

When inserting a duplicate IP address record into the database, we use INSERT IGNORE to reduce error messages in logs.
Support 3rd Party Traffic Log handlers

3rd parties can now easily integrate with Shield's Traffic Log to send log records to any destination.
Support 3rd Party Audit Trail handlers

3rd parties can now easily integrate with Shield's Audit Trail to send log records to any destination.
Allow direct searching of request path in Traffic Log.
Improve the updating Shield user metas to now bypass WP's User Query subsystem that fires massive SQL queries.
Updated Dutch Translations

Fixes

14.1 release
- Firewall didn't always scan all parameters in some cases.
14.1.1 release
- Fix for 'find as you type' in the options search dialog.
- PHP Warning
14.1.2 release
- Audit Trail and Traffic Log search panels didn't always load correctly.
14.1.3 release
- Ensure database upgrade doesn't stall for large traffic logs.
14.1.5 release
- Provide a more robust database migration for large request log tables.
- Adjust the traffic log database to account for very long request paths.
14.1.7 release
- Fix for an error during certain Firewall scanning.

For more information about 14.1 release, please read this blog article here.