ShieldPRO 20.0 Upgrade Guide

ShieldPRO 20.0 is one of our biggest releases ever. It comes with our all-new silentCAPTCHA v2, as well as a completely revamped navigation that makes WordPress security management easier than ever before.

This guide outlines what have been added/removed, changed, or improved and what fixes we've made.

Firstly, we're going to explain what major changes are made and which options you'd need to review.

New Added Features

For 20.0 release we added

• silentCAPTCHA v2.0 WordPress Bot Detection

This is our own proprietary bot-detection solution that we use to identify the types of visitors that are interacting with your WordPress sites.

You can configure it under the main navigation menu > Security Zones > Bots & IPs Zone > configuration:

We’ve made a number of big improvements to silentCAPTCHA in this release, that you can learn about here.

• [Pro] Added silentCAPTCHA Support for ARMember and ARForms

You can locate these forms configurations under the main Tools menu > Integrations section.

Changes

In this video here we outline some of the most important changes introduced with Shield Security v20, compared to the previous version.

Change 1: All-new navigation menu

Whereas until now the plugin was oriented around modules and their configuration pages, Shield v20 is oriented around high-level groups of security defenses. For now we’re calling them “Security Zones”, and they’re essentially high-level groupings of related security features.

Within each group/zone, you have specific call-outs to sub-features, e.g. Firewall Zone:

Several of these are present on the top-level dashboard navigation, the rest are placed within a dedicated “Tools” menu.

To configure the settings for each of these zones/groups and tools, where applicable, there’s an easy-to-access configuration button on the main menu.

One of the biggest, yet simplest, changes is that access to the configuration for any given security feature, or tool, is provided alongside the tool itself. There is no separate “Configuration” menu to wade through to find the relevant options you need in any given moment.

Example: Security Admin configuration

There are also many other changes and below is the list of the most important ones...

Change 2: Import/Export feature

Actions and configuration are now merged:

Change 3: Hide Login feature

Apart from under the Login Protection Zone, this feature is also added on the Tools menu:

Change 4: Security Admin Zone

The option to disable Security Admin directly in now under the Actions menu:

You can also disable it from within the additional options menu:

Change 5: General Settings

General plugin configuration and option to disable Shield entirely is now under the Dashboard section > configuration:

Change 6: Activity & Traffic logs

Activity Log is renamed to WP Activity Log and Traffic Log is renamed to Request Logging.

They are merged and can be found under the Activity Logs menu. Live Traffic log is added there too.

Traffic Rate Limiting is renamed to Rate Limiting and is now under the Firewall Zone:

Change 7: Reports component

Reports tool and configuration are now under its own "Reports" section:

Change 8: Scans & Integrity Zone: Update Delay option

This option is now under the Vulnerabilities, Plugins, Themes configuration:

Change 9 : Allow WP-CLI option

The option itself has been removed from the Plugin Defaults configuration. Access and control of the Shield plugin via WP-CLI is enabled in the background by default.

Example: Firewall Zone

Change 10: Other important changes

Since we’ve eliminated the modules, the way some features operate has now changed.

• Whitelabelling no longer requires Security Admin to be active
• Option to run Shield as Must-Use plugin no longer requires Security Admin to be active (option is also moved to Plugin Defaults configuration)

Removed Options

The following is a non-exhaustive list of these options:

• All options within the Auto-Updates modules have been purged, except for the “Delay Autoupdates” feature, which has been moved to the Scans & Integrity Zone.

  For relatively new WordPress site installs, this may mean that WordPress Core will be set to auto-upgrade - you'll need to go to WordPress Dashboard > Upgrades and mark only minor upgrades be applied.

  Also, "Shield Self AutoUpdate" option is now under the Dashboard > configuration > Plugin Defaults.

• WP Lockdown module have been removed.

  The options are now under the Firewall Zone.

• Activity Logging to file
• Force SSL Admin
• Firewall Block Response type
• Firewall WordPress Terms, EXE File Uploads, Ignore Administrators options
• WP Generator tag removal
• "Enable ShieldNET" option removed from the Plugin Defaults. It's active by default in the background.
• All GASP JS options (they’ve been deprecated for over 2 years in favour of silentCAPTCHA)
• All options that let you toggle individual modules on/off. Since we’ve removed modules, these are not longer applicable.

Improvements

For 20.0 release we've made the following improvements

• Code and Performance Improvements

  We're continuing our efforts to purge Shield of legacy code and improve the codebase making it as fast and efficient as possible.

• Optimised Autoload Size

  Reduced the size of the autoload option storage by ~50%.

For more information on Shield 20.0 release, read the release blog article here and/or watch the video here.

Patch release v20.0.10

Improvements

• 'Zone Actions' has been simplified into a list of buttons.
• Updated all internal assets to address vulnerabilities reported within dependent libraries.

Fixes

• Remove some unnecessary admin styles.
• Eliminated deprecated PHP notice due to developer not using WP filter correctly.