In this helpdesk article, we are going to answer some of the most common questions asked by Shield's users.


I'm not getting my 2FA code by email. Shield is broken!

Shield is not broken. Email sending for your domain name on your WP site is broken. If you're relying on emails sent from your WordPress websites, then please read the article here.


Shield uses exactly the same email system as every other email sent on your website. But the difference is you're relying on this email to login. If you don't get it, or it's delayed, you're in diffs.


Please read the article here to understand and fix the problem.


2FA: The following message displays: "One Time Password (OTP) was not valid. Please try again."

If you see this message when you try to login but there are no errors being output to the error_log files, then it's possible that the server was off for a while. Please see here.


To learn how the Login Authentication Portal works, read the article here.


Audit Trail Viewer displays that “unidentified” user publishing and updating posts

These could be custom post types from another plugin.

If you’re finding nefarious links, you need to dig into your site and web hosting to find out what’s possibly in there doing this.


If you want to know how Audit Trail viewer works, read the article here.


Does plugin currently detect and ban cryptocurrency miners such as Coinhive?

To detect JS miners (possible malware) on a site you manage, use Shield's Hack Guard module. It runs a couple of scans that help to detect corruption or unwelcome files.


Please see here.


Does "Block Username Fishing" block all type of site visitors?

Block Username Fishing option is a part of the Lockdown module. It only blocks the URL for non-logged-in visitors. If you are logged in, the URL will work as normal.


I have selected X_Real_IP as my IP source but it reverts back to the REMOTE_ADDR


Please see here.


WooCommerce customers are unable to reset passwords

This is because WooCommerce uses their own code for these functions. We've released a Pro version of Shield that better accommodates 3rd party plugins like WooCommerce. Read more about this here.


Will one white listed IP be excluded from all security features in Shield?

Yes. For white listed IP addresses, it’s as if the whole plugin is switched off.


I have more than 1 WordPress 1 on the same domain, do I need to install Shield on each individual site?

If you’re running more than 1 WordPress site within the same folder, then yes, you will need to install Shield on each individual site.


My site is being 'attacked' from overseas. Do I need a country blocker?

If you have the IP Manager system enabled, it has an automatic black list system built into it which will handle bad IP addresses.

Generally, IP blocking and Geolocation blocking doesn't really help with these sorts of problems.  We've written about this a bit here:
https://www.icontrolwp.com/blog/beware-new-security-theat-wordpress-misinformation-virus/

Another layer of security you may want to consider, and it's completely free, is CloudFlare.com.