Shield Security is the professional security solution for WordPress. It is the most advanced and easy-to-use WordPress security plugin in the world, currently protecting 80,000+ WordPress sites.

If your site is vulnerable to attack, you’re putting your business and your reputation at serious risk. Getting hacked can mean you’re locked out of your site, client data stolen, your website defaced or offline, and Google will penalise you. Shield eliminates that risk and ensures you have the most powerful WordPress security system working for you and protecting your site.

For more information about Shield, visit our website here.

Here are the most important things you should know about Shield Security plugin:

Shield plugin compatibility

Using multiple WordPress security plugins may have unpredictable results. To find out how Shield works when combined with Wordfence, Sucuri, JetPack, read the articles here

Shield installation instructions

This plugin should install as any other repository plugin.

  • Browse to Plugins => Add Plugin
  • Search: Shield
  • Click "Install"
  • Click to Activate

A new menu item will appear on the left-hand side called ‘Shield Security".

Note: If you want to download Shield, you can do that by following this link:

How to enable / disable Shield Security plugin

Once installed, Shield (and all its modules) is enabled by default. To disable Shield and all its modules, select "General" section from the Shield main tab => Disable Shield and move the slider to disable it.

Note: This plugin contains various different sections / modules of protection for your site and you should choose which you need based on your own requirements. Why this? It’s simple: performance and optimization – there is no reason to automatically turn on features for people that don’t need it as each site and set of requirements is different.

What are the Shield Security's sections / modules and how do they work?

Shield Security is composed of various different sections / modules, and each one of them has a certain purpose.

  • Shield General Settings section - Designed for plugin basic settings.
  • Security Admin module - Restricts access to the plugin preventing unauthorized changes to your security settings.
  • Firewall module - Designed to analyse data sent to your website and block any request that appear to be malicious
  • Login Guard module - Blocks all automated and brute force attempts to log in to your site.
  • User Management module: Offers real user sessions, finer control over user session time-out, and ensures users have logged-in in a correct manner.
  • Comments SPAM module - The Comments Filter can block 100% of automated spam bots and also offer the option to analyse human-generated spam.
  • Automatic Updates module - Lets you manage the WordPress automatic updates system (engine) so you choose what exactly gets updated automatically. 
  • Hack Guard module - This system is a set of tools to warn you and protect you against hacks on your site. 
  • HTTP Headers module - Protect visitors to your site by implementing increased security response headers.
  • Lockdown module - Helps secure-up certain loosely-controlled WordPress settings on your site.
  • IP Manager module - Allows you to whitelist, blacklist and configure auto-blacklist rules.
  • Audit Trail module - Monitors your WordPress site and for certain specific actions that take place, it will record it in the database for your review, if necessary. 
  • Traffic Watch module - your silent site traffic watcher which you can use to find out what exactly is going on your site.

Security Admin access key

Security Admin module is a critical component to the WordPress Shield Security plugin. When this module is turned on, you limit access to whole Shield plugin. Only administrators that know the authentication key will have access.

If you leave Security Admin Access Key field empty, no changes will be made to the key, but if you put anything in this option, it will be saved as the authentication key and will be used for future Super Admin session.

Note: The Super Admin protection feature can’t be enabled with an empty authentication key. If the authentication key is empty the option will be switched off automatically.

If you forget your Security Admin access key, you could potentially lock yourself out from using this plugin. If that happens, please follow this help article.

For more information on the Security Admin access key, read the blog article here.

How to setup Google reCAPTCHA for us across Shield

Google reCAPTCHA option is available within Shield main menu, under the General tab. 

There are 2 steps necessary to complete before you can make full use of reCAPTCHA across Shield:

  1. Register for Google reCAPTCHA keys
  2. Enter your "Site" and "Secret" keys for use throughout the Shield

To learn how to setup Google reCAPTCHA, read the article here.

How to monitor your site activities 

If you want to monitor your site activities (or if you are blocked and you want to find out why) the Audit Trail module is the best solution for you. This module will let you see exactly what has been happening on your site so you can easily look back on events and analyse what happened and what may have gone wrong. 

To review your site activities, simply use the Audit Trail Viewer. Find out how to use the Audit Trail Viewer here.

How to manage whitelisted and blacklisted IP addresses

To manage these IPs, you can use IP Lists Management tool available within the Shield's IP Manager module. 

Find out how to use this tool here.

What is the Shield Security plugin badge?

This is a completely 100% optional plugin option and it does not come enabled on your site by default. It is a means of promoting the Shield Security plugin to visitors who may not be using a WordPress security plugin.

You can simply enable this option and it will place a small badge on the bottom-left of your website. This badge contains the logo of the plugin along with a link to further information. 

For more information on the Shield Security plugin badge, read the blog article here.

What is the Shield Welcome Wizards?

Welcome Wizard is added in the Shield with the purpose to help you to perform certain actions easier.

Read more about this here.

Shield Security Dashboard

Shield Security Dashboard is designed to provide a high-level summary of your WordPress site security and Shield activity. 

It provides a real-time, in-depth analysis of your WordPress site to proactively identify threats to security and stability.

Read more about this here.

White Label

White Label system provides you the ability to rename and re-brand the Shield plugin for your client site installations. With this system, you can own your own brand.

It's easy to use and it meets the needs of the small and larger organization. 

Read more about White Label here.

What is Shield Security Pro?

Shield Security Pro takes an already established WordPress Security plugin to the level required by businesses and professionals to get the job done better and faster. It optimises your workflow making it easier to implement security across all the sites that you manage.

To find out what the extra features for Shield Pro are, read the article here.

Note: Shield Security Pro is available within our new One Dollar Plugin platform. We’ve made it affordable for absolutely everyone by offering it for just $1/month. If you want to purchase Shield Pro - $1 Plugin, please follow this link.


Shield is our answer to WordPress security management. We built it to solve a few key issues we found with WordPress security and existing WordPress security plugins, namely:

  • Ease of use (or lack thereof)
  • WordPress and web hosting compatibility (or lack thereof)
  • Effectiveness combined with simplicity (or lack thereof)

In this article, we have covered the most important things you should know about Shield Security plugin. But, we also recommend you to:

In case you want to know what other users say about Shield, please follow this link.