ShieldPRO 15.0 Upgrade Guide
Firstly, we're going to explain what major changes are made and which options you'd need to review.
New Added Features
For 15.0 release we added
- Block Username Fishing option
This feature is now a Bot Signal which is recorded in the Activity Log and triggers offenses.
You can use this option to block the ability to discover WordPress usernames based on author IDs. When enabled, any URL requests containing "author=" will be killed.
This option is accessible from within WP Lockdown module > Obscurity:
The new Security Rules Engine is the new foundation of how Shield will handle security for nearly all WordPress requests. It's accessible from within the main navigation menu > Tools section.
This article outlines what brought this about, what the Rules Engine is and does, and how it will inform future development and our approach to WordPress Security.
Change 1: All-New Security Overview page
We’ve broken up the plugin into 7 key areas and gathered configuration options and conditions of the site under each one. We give each component a weighted score and calculate an overall percentage.
You can see your score within each area and click “Analysis” to get a clear breakdown of what constitutes that score.
Example, Site Scanning area:
Important: In the major 15.0.8 release, we adjusted how the security progress meters are displayed and switch to grades instead of percentages.
Change 2: All-New Dashboard Widget
- security overview progress
- recently blocked IPs
- recent offending IPs
- recent user sessions
- jump links to key plugin areas
Change 3: New Template-Based Block Pages
When triggering the Shield defenses, Shield now provides a much more visitor-friendly block page that outlines exactly what’s happened. It’ll provide details of why the block occurred and what the visitor can do about it. Please see below examples of the new blocking pages.
General IP Blocking Page (non-logged in users)
General IP Blocking Page (logged in users)
Firewall Blocking Page
Username Fishing Blocking Page
Change 4: Audit Trail (now renamed to Activity Log), Traffic Log and User Sessions: Direct access to the IP analysis
In the previous plugin release, when you click an IP address from within Audit Trail or Traffic Log, you were directed to the IP Analysis page in a separate tab.
Now, you can analyse IP directly from within Audit Trail (Activity Log), Traffic Log and User Sessions sections. Please see below examples for e.g. Activity Log and Traffic Log.
From Within Audit Trail (Activity Log)
From Within Traffic Log
Change 5: Option Removed: Legacy Comment SPAM Detection
This option can now be adjusted using a WP filter.
Change 8: Audit Trail Renamed to Activity Log
For 15.0 release we've made the following improvements
Improved Plugin Navigation
This release brings further enhancements in this area - the new dynamic page loading and smoother navigation.
Improved Visitor IP Source Detection
Massive Performance Optimisations
As part of our new approach to security with the Security Rules Engine, we’ve taken the opportunity to rip out legacy code and optimise many other areas. We’ve eliminated unnecessary MySQL queries and redesigned core components to be more efficient with how they store data.
New Filters: Adjust scanner notices about plugin/theme update/active status
You can now use filters to adjust whether Shield warns about inactive plugins/themes or those with updates.
A New WP Filter To Add Custom Shield Template Directory
If you're looking to adjust some of our page templates, such as the block pages, you can now provide custom templates more easily using the new filter.
Adjusted how the security progress meters are displayed and switch to grades instead of percentages.
Make automatic Visitor IP Source detection quieter and run more often.
For 15.0 release, we've made the following fixes
- 15.0 release
Broken password reset links in some cases when using hidden login page
Help ensure forward compatibility for sites with newer TWIG libraries also installed
Fix for some scan results browsing errors
- 15.0.4 release
- File scanner alerting to Shield's own file (rules.json) on every scan.
- Tracking Login Block events for statistical purposes wasn't always happening.
- 15.0.5 release
- Prevent a warning being displayed during WP login.
- Prevent a reported fatal error.
- 15.0.6 release
- Fix for reCAPTCHA on login forms not properly rendering.
- 15.0.8 release
- Work around a horrendous Godaddy server 'protection' that was blocking access to the site entirely.
- Prevent an error when handling user meta data.
- Ensure Whitelabel logo is correctly displayed on dashboard widget.
- 15.0.9 release
- More accurate detection of crawlers such as Facebook that interchange IPv6 and IPv4 in their primary IP resolving.
- 15.0.12 release
Prevent error that occurs when rendering the Firewall Block page in some cases.
Prevent error that can occur when assessing whether plugin version is very old.
- 15.0.13 release
- An sporadic error relating to Shield's User Meta.
For more information on Shield 15.0 release, read this blog article here.