Shield Security Pro takes an already established WordPress Security plugin to the level required by businesses and professionals to get the job done better and faster. It optimises your workflow making it easier to implement security across all the sites that you manage.


There are plenty of powerful features that are available in ShieldPRO. For example, Malware Scanner, or Plugins/Themes Scanner, Password Policies... 


Please find below list of the all ShieldPRO features you can use to increase your site security.


Pro Feature
Description
Exclusive Customer SupportWe deliver the best possible support experience that our customers demand.

You can see here what other ShieldPRO users say about us.
Easy PRO Activation

No separate Pro plugin using our unique Keyless Activation technology.


You no longer need to manage license keys, just activate your Pro license by providing your site URL in your control panel and hit the "Check License" button.


Pro features will be automatically licensed on the site within 30 seconds.

Allow WP-CLIWith WP-CLI you can perform many common actions of the ShieldPRO plugin just as you would with the point-and-click UI.
Import/Export
  • Setup the Shield Security plugin on 1 site and have all options replicated to your other sites automatically
  • Import/export of Shield settings using files (download and upload)
  • Exclude options you don't want to be imported.
White Label SecurityBuild and strengthen your own brand. Set your own:
  • plugin name and the main menu plugin title 
  • company name
  • plugin description and home page URL
  • main menu icon and dashboard logo
  • 2FA login logo
  • and hide available Shield updates from non-security admins.
Malware Scanner
  • Discovers all sorts of malware patterns embedded in your PHP files, wherever they're hidden on your WordPress site.
  • Applies repair automatically to the malware infected files
Plugins & Themes Scanner
  • Scans and monitors Plugin & Theme files for changes.

This scanner kooks for new files added to plugins or themes, and also for changes to existing files.

  • Applies repair automatically to modified plugins/themes files.
Vulnerability Scanner
  • Regularly scans your WordPress plugins for known security vulnerabilities
  • Elegant display on plugins page of all vulnerabilities
  • Applies updates automatically to vulnerable plugins
File Locker
  • Detects changes to the some of the most important WordPress files as they happen (in realtime). Then, lets you examine contents and revert as required.
  • Lock your WP Config, .htaccess, index.php files against tampering and changes.
  • You can also lock Web.Config file. This is only available for Windows/IIS.
Daily Scan Frequency

The default schedule of the automatic scans is once every 24hrs.


Improve security, increase the schedule of the automated scanners so they run more than once per day.

Show Re-Install Links

When this feature is enabled, it will make 2 changes to your WordPress admin plugins page:

  1. It adds a new link your plugins allowing you to easily re-install a plugin.
  2. It adds a message to the "Activate" link letting you re-install the plugin right before activation.

Plugins & Themes scanner will ensure that the files are clean and original at the time of activation. In this way, plugin files cannot have been compromised or edited in any way.

Reporting

Reporting feature helps you see at a glance how effective the plugin has been.

This is a central "Alerts" and "Info" reporting system.

For example, rather than 1 email per scan, you'll get 1 email per site, as often as you prefer.

And, you'll only ever be notified once per item/result. No more, no less. So you can act on it there and then, or not, but you'll not hear about it again via email.


You can set

  1. Alert Frequency - how often should you be sent important alerts
  2. Info Frequency - how often should you be sent information reports
Update Delay

Protect your WordPress site against auto-update disasters. 


This feature forces any automatic upgrade to be delayed for a set number of days. This allows time for killer bugs to be discovered and patched before your site automatically updates.


So, Shield will delay upgrades until the new update has been available for the set number of days. This helps ensure updates are more stable before they're automatically applied to your site.

Detect & Capture Login Bots

Identify and capture Bot when it tries to login with a non-existent username. This includes the default 'admin' if you've removed that account.


This may indicate a bot’s attempt to login. Since it used a non-existent username, chances are higher that it’s a bot.


You can also decide how you want Shield to respond:

  • Audit Log Only
  • Increment Offense
  • Double Offense
  • Immediate block
Detect & Capture Probing Bots 
  • Identify a bot when it hits a 404 
  • Mouse Trap - tempt a bot with a fake link to follow 
  • Identify a bot when it accesses XML-RPC 

You can also decide how you want Shield to respond:

  • Audit Log Only
  • Increment Offense
  • Double Offense
  • Immediate block
Detect Bot Behaviors
  • Identify a Bot when it presents as an official web crawler, but analysis shows it's fake.
  • Identify a bot when the user agent is not provided. 

You can also decide how you want Shield to respond:

  • Audit Log Only
  • Increment Offense
  • Double Offense
  • Immediate block
User Auto Unblock

Visitors that have had their IP address blocked by Shield have 2 options to unblock their IP address immediately:

  • With Shield Bot Protection - checking the bot protection checkbox
  • Magic Email Links To Unblock Logged-In Users - using auto-unblock link sent by email
Allow Backup Codes

Your users will be able to create recovery codes to be used any time there's a problem with their normal 2FA devices or systems.

Request Path Whitelist

Prevent requests to particular paths on your site from triggering the IP blacklisting system.

Manual IP BlacklistingManually add IP you want to blacklist.
Hardware 2FA - Allow U2F

Use WordPress U2F Authentication for advanced login security.


Currently only U2F keys are supported. Built-in fingerprint scanners aren't supported (yet).


Beta! This may only be used when at least 1 other 2FA option is enabled on a user account.

2FA - Allow Any User

Allow any user to turn-on Two-Factor Authentication by email.


Any user can turn on/off 2FA by email from their profile.

Multiple Yubikeys per user profileUsers can add as many Yubikey devices to their accounts as they’d like.
Multi-Factor By-Pass (Remember Me)Set the number of days that Shield will "remember" a successful 2FA login.
User Registration

Control user registration and prevent SPAM.

  • Validate email addresses when user attempts to register
  • Select email address properties that will be tested
Password Policies
  • Prevents use of ‘pwned passwords’
  • Enforces minimum password length
  • Enforces minimum password strength
  • Enforces existing users to update their passwords if they don't meet requirements, after they next login
  • Expires all passwords forcing all users to reset their passwords after they next login
User Suspension
  • Users may be manually suspended by admins to prevent future login. 
  • Automatically suspends login by users and requires password reset to unsuspend.
  • Automatically suspends login for idle accounts and requires password reset to unsuspend.
  • Automatic suspension for idle accounts to the specified user roles.
User Login Notification EmailA notification is sent to each user when a successful login occurs for their account.
Login Notification Email for Admins

Supply multiple email addresses for administrator login notifications.


Be notified every time an administrator user logs into this WordPress site

Trusted User Roles (Commenter) 

Protection against comments SPAM by registered users.

  • Increase the minimum number of valid comments from one to ‘as many as you like‘.
  • Automatically trust certain user roles

Shield doesn't normally scan comments from logged-in or registered users. Specify user roles that shouldn't be scanned.

Traffic Rate Limiting
  • Any visitor that exceeds the number of requests in the given time period will register an offense against their IP address.
  • Set the time period within which to monitor for multiple requests that exceed the max request limit.
Custom Traffic Log Exclusions

Manually customize exclusions to skip the logging of web requests you know to be legitimate.


This reduces the size of your traffic log and also prevents your logs from filling up with information you might don't need to have logged. 

Max Traffic Log Length

Set the maximum Traffic log length you want to keep. 


When the number is set, DB cleanup will delete logs to maintain this maximum number of records.

Max Audit Trail Length

Set the maximum Audit Trail length you want to keep. 


When the number is set, any audit trail entries will be automatically removed when the given limit is exceeded.

Persistent Security AdminsSpecify usernames for Security Admin role.

Admin users provided will be security admins automatically, without needing to authorize with the security admin PIN. 

Manual CSP RulesAdd manual CSP rules which are not covered by the rules listed under the CSP HTTP Headers section.
CAPTCHA Style

Choose your own Google reCaptcha or hCaptcha style:

  • "light" theme
  • "dark" theme
  • "invisible captcha"

This feature is available within the following modules:

  • Shield General
  • Login Guard
  • Comments SPAM
3rd-Party Support

The 3rd-Party Support feature is a part of the Login Guard module. It works with 3rd party platforms such as WooCommerce, BuddyPress, Easy Digital Downloads and so on. 


It provides the following:

  • User Registration & Login Bot Protection
  • 2-Factor Authentication for users and customers
  • Support Woocommerce social logins


The 3rd-Party Support feature is enabled by default on Pro sites.


The full list of the compatible WordPress membership plugins can be found here.

AntiBot FormsYou can use AntiBot JS includes for custom 3rd party form.

Enter the selectors of the 3rd party login forms for use with AntiBot JS. 

This is experimental. Please contact support for further assistance.
Customise User Messages
  • Firewall Block Message - customize the messages displayed to the user that trigger the firewall
  • GASP Checkbox Text - change the text displayed to the user beside the checkbox
  • GASP Alert Text - change the text displayed to the user in the alert message if they don't check the box
  • Login Failed - customize the message displayed if the visitor fails a login attempt
  • Remaining Offenses - customize the message displayed if the visitor triggered the IP Offense system and reports how many offenses remain before being blocked
Customise 2FA Email Content

You can change the content shown to users through the use of custom templates.


At this moment, you can customise Two-Factor Authentication Code email.


Coming soon:

  • Select individual automatic plugin updates
  • Improved Security Admin features
  • and much, much more...

How to upgrade to ShieldPRO

ShieldPRO is available within our One Dollar Plugin platform. If you want to purchase ShieldPRO please follow this link here.


You can also sign-up for a free ShieldPRO trial.


We’re offering 14-days so you can try out all the ShieldPRO features on any site you’d like to. You’ll get complete, unrestricted access to all PRO features.

The only limitation we have is:

  • 1 trial per person/site

To get started on the free trial, you’ll need to sign-up to it here.

Need Help?

Our team is eager to assist you. If you have any questions, get in touch here so we can help.

Interested in Affiliate Rewards For Shield Security PRO?

All you need to do is complete the registration form, and soon your sites will be setup for automatic referral links using the plugin badge.


We go into all the details here.  Also, unlike other referral schemes that only give you once-off rewards, our referrals are for life.