ShieldPRO 19.0 Upgrade Guide

ShieldPRO 19.0 for WordPress is a major release. It delivers on our commitment to empowering admins to take control of their WordPress security by helping you to create any security rule you’ll ever need. Along with our Custom Security Rules Builder – we’ve refined many other areas of the plugin.

This guide outlines what have been added/removed, changed, or improved and what fixes we've made.

Firstly, we're going to explain what major changes are made and which options you'd need to review.

New Added Features

For 19.0 release we added

Shield’s Custom Security Rules Builder will let you design and build (almost) any security rule you want.

It offers a dynamic and flexible approach to security by replacing an extensive set of configuration options with a concise set of rules. Each rule consists of conditions and consequences, defining actions to be taken when specific conditions are met. This streamlined approach eliminates the need for constant configuration updates.

Custom Security Rules Builder is available from within the Shield's Security Dashboard > Rules section:

Here you can build, view, edit, disable or remove your own custom security rules.

Learn more about this here.

Helps you to improve the protection of user sessions against theft and unauthorized access. By configuring the session locks options, you can significantly reduce the risk of user session hijacking.

The options

  1. IP Address
  2. Browser
  3. Hostname

will help prevent these sorts of attacks by locking the session to particular properties of the session when it was created.

User Session lock is available from within the Shield's Security Dashboard > Users section:

Learn more about this here.

  • Support for ShieldPRO extensions

We'll soon release some Shield Security Extensions to build upon the Shield platform.


Change 1: User Session Management options removed

Under the User Management module, we removed the following user Session Management options

  1. Max Simultaneous Sessions
  2. Lock To IP Location

You can now use User Session Lock feature detailed above.

Change 2: User Sessions table

We added filter for User Sessions.

You can (again) filter the user sessions table by usernames including search for username.

Change 3: Comms module and SureSend option

We removed the "Comms" module and the SureSend option is now part of Integrations.

Change 4: Shield Beta Access option moved

This option is now under the "Plugin Defaults" section.

Change 5: Google reCAPTCHA and hCAPTCHA removed

These options are removed form the General Settings and Login Protection > Depreciated.

Change 6: Locale Override option removed

The Locale Override option to set global locale for Shield is completely removed from the General Settings > Plugin Defaults.

Change 7: Sections help links added

We added help links for the following sections:

  • Reports
  • IP Rules
  • Scans
  • Activity Log
  • Site Traffic
  • Rules
  • Site Lockdown
  • Import/Export

These links are placed under the additional actions (gear icon). For example, Import Export:

Change 8: Reset CrowdSec Enrollment option added

This option is added under the Config > Bot Blocking section > additional options:


For 19.0 release we've made the following improvements

  • FileLocker improvements

    Updated the FileLocker system to ensure compatibility with the Shield.NET API.

  • Geolocation

    Added some basic geo-location data that comes from CloudFlare (if you use it) to allow for rules that use Geolocation data. A ShieldPRO extension will be provided at a later date to offer Geolocation data options beyond CloudFlare.

  • Improved reliability of Antibot Detection Javascript
  • Navigation improved so that refreshing a page with tabs will correctly re-open the previously active tab.
  • Link-Cheese feature reliability improved
  • Added the ability to export the entire IP Rules table as CSV
  • Code rewrite & cleaning

    A lot of plugin code has been rewritten to use the newer Rules Engine, improving performance & reliability.


For 19.0 release we've made the following fixes

  • Improved Passkeys platform support

    Ensure Passkeys can be used on hosts that don't have the GMP extension active.

Patch Releases

Patch 19.0.5

  • We fixed various non-critical bugs.

Patch 19.0.6

  • Under the Scans section > Run Manual Scan, we added list of scan areas that will get scanned by the WordPress Filesystem Scan.


  • We improved
    • Set Session Lock default to not lock to IP address.
    • Ensure multiple scans don't run for WPMS sites.
  • We fixed small adjustment to prevent fatal errors when DB has issues inserting new data.

Patch 19.0.7

For more information on Shield 19.0 release, read this blog article here.