Hardening WordPress with Shield Security plugin

Learn how to setup Shield Security WordPress plugin to harden your WordPress website and instantly improve security both for users and website itself

What is Shield Security WordPress plugin?

Shield Security WordPress plugin is a full security solution that defends and protects your WordPress site against hackers, malicious users, malicious scripts and hack scanners.
Using Shield Security you can limit login attempts, block brute force attacks and prevent all spam comments from bots and botting softwares.

Shield Security vs other WordPress security plugins

There are many WordPress security solutions available and most of them offers limited features for free, including Shield Security plugin. Main features of Shield Security plugin are:

• Performance. Shield Security automatically blocks bad IP addresses while optimizing performance without slowing down your website, unlike other security solutions with bloated set of features and large IP pool addresses.
• Own network power. ShieldNET is network based intelligence platform which collects possible threats around the globe and work together with Shield Security plugin to improve your site security

Shield Security strategies for site protection

Shield Security uses two simple strategies when it comes to protecting your site:

• Prevention. Shield Security detects bots, malicious scripts, intrusions and hacks before it happens. Malicious bots are primary reason why most of the WordPress websites gets hacked in the first place. These kind of bots are usually fully automated softwares which exploits known vulnerabilities in WordPress themes and plugins and are hard to protect from if your site is vulnerable.
  Shield Security is highly focused on this kind of threats detection and eradication from your site. Blocking malicious bots, scripts and softwares is a best strategy for site security. This plugin works by blocking these kind of threats and disallowing them access to your site completely. This involves analysing different kind of signals, visit paths and more to protect site
• Cure. If you were already hacked, Shield Security block further bots and repairs your WP installation. Using security softwares doesn't make you fully protected against threats, in fact if there is a WordPress core vulnerability, there is a small chance that any security software can help you stay protected. Of course, it all depends on severity of vulnerability and it's risk score. Shield Security is the only plugin currently on the market which offers full and accurate detection of file modifications, both core WordPress files, plugins and themes because of own fingerprinting technology included in plugin. Shield Security can compare all files with the ones in official WordPress repository and successfully check if files were changed.

Shield Security plugin features

• Exclusive AntiBot Detection Engine – The most powerful Bot Detection security system on any WordPress security plugin.
• Automatic Bot & IP Blocking – points-based security system to block bad bots.
• Add Security To Important Forms To Block Bots:
  • Login Security
  • Registration Security
  • Password Reset Security
  • [ShieldPRO] WooCommerce & Easy Digital Downloads Security
  • [ShieldPRO] Memberpress, LearnPress, BuddyPress, WP Members, ProfileBuilder Security
• Brute Force Security Protection, Limit Login Attempts + Login Cooldown Security
• Powerful Firewall Security Rules
• Restricted Security Admin Access
  • Prevents Unauthorized Changes To Site Even By Admins.
• (MFA) Two-Factor / Multi-Factor Login Security Authentication:
  • Email
  • Google Authenticator
  • Yubikey
  • [ShieldPRO] U2F Security Keys
  • [ShieldPRO] Backup Login Security Codes
  • [ShieldPRO] Multiple Yubikey per User
  • [ShieldPRO] Remember Me (reduces 2FA requests for users)
• Block XML-RPC (including Pingbacks and Trackbacks)
• Block Anonymous Rest API
• Block, Bypass and Analyse IP Addresses
  • Automatic IP Address Blocking Using Points-Based Security System
  • Block or Bypass individual IPs
  • Block or Bypass IP Subnets
  • Full IP Security Analysis in 1 place to review activity on your sites
• Comprehensive WordPress File Security Scanner for Intrusions and Hacks
  • Detect File Changes – Scan & Repair WordPress Core Files
  • Detect Unknown/Suspicious PHP Files
  • Detect Abandoned Plugins.
  • [ShieldPRO] Malware Security Scanner – detects known and unknown malware.
  • [ShieldPRO] Plugin and Theme Security Scanning – identify file changes in your plugins/themes.
  • [ShieldPRO] Detect Plugins/Themes With Known Security Vulnerabilities.
• Create a Private Secure Login URL by hiding wp-login.php
• Detect (and Block) Comment SPAM from Bots and Humans.
• reCAPTCHA & hCAPTCHA support
• Never Block Google: Automatic Detection and Bypass for GoogleBot, Bing and other Official Search Engines including:
  • Google
  • Bing,
  • DuckDuckGo
  • Yahoo!
  • Baidu
  • Apple
  • Yandex
• Automatically Detect 3rd Party Services and Prevent Blocking Of:
  • ManageWP / iControlWP / MainWP
  • Pingdom, NodePing, Statuscake, UptimeRobot, GTMetrix
  • Stripe, PayPal IPN
  • CloudFlare, SEMRush
• Full Security Audit Trail – Monitor All Site Activity, including:
  • All login/registration attempts
  • Plugin and Theme installation, activation, deactivation etc.
  • User creation and promotion
  • Page/Post create, update, delete
• Advanced User Sessions Security Control
  • Restrict Multiple User Login
  • Restrict Users Session To IP
  • Block Use Of Pwned Passwords
  • Block User Enumeration (?author=x)
  • [ShieldPRO] User Suspend – manual and automatic.
• Full/Automatic Support for All IP Address Sources including Proxy Support
• Full Traffic Log and Request Monitoring
• HTTP Security Headers & Content Security Policies (CSP)

How to install and configure Shield Security plugin

To install Shield Security plugin go to your WP Dashboard and then "Plugins" and search for wp simple firewall. Now click install and if you did it correctly you will see top level user interface of the plugin as shown in image under


As you can see on image provided above, Shield Security have comprehensive user interface with multiple levels of data splitted into multiple sections. Everything is easy to understand and we believe there is no need to go further into details about main interface.
Top menu IP Lists gives you insights about blocked threats and it's IP addresses with advanced details for all of the blocks. On the right side of the plugin page you can add IP whitelist addresses to allow IP addresses unlimited actions on your installation as seen on image under



Audit Trail page serves as an all activity happening on site that Shield is monitoring and protecting as seen on image under:

Conclusion

Shield Security plugin is an all in one security solution perfect for any WordPress based website and useful for sites already hacked and those which were lucky to stay unharmend and we definitely recommend to try out this plugin.