ShieldPRO 10.1 Upgrade Guide

ShieldPRO 10.1 for WordPress is a major release. We added MainWP integration which is built directly into the Shield plugin itself so you have nothing new to install.

We've also made significant enhancements to the Shield UI. A brand-new Shield dashboard centralises everything related to Shield giving you a consistent, clean launchpad to perform security tasks.

Of particular note is that you can now signup for a free ShieldPRO trial directly from within Security Dashboard.

This guide outlines what have been added/removed, changed, or improved and what fixes we've made.

Firstly, we're going to explain what major changes are made and which options you'd need to review.

Change 1: Shield Security Dashboard

We've been making vast improvements to our Shield UI. The main change is that we've done away with the omnipresent top-menu, and replaced it with a Dashboard / Launchpad for jumping straight to your desired section.

We’ve created a Security Dashboard, from which you can reach almost any part of the plugin in 1 click. It summarises all the main security features letting you jump to either:

  • settings
  • information
  • tables,
  • or tools

… for each feature or element in the plugin.

You may find more details below about the main UI changes we made.

  1. Main top menu is replaced with 1 single Dashboard.

    The old top menu:

    A new Dashboard

    The list of sections available in the new Dashboard are as follows:

    1. Security Overview
      Review your entire Shield Security configuration at a glance to see what's working and what's not.
    2. Shield Settings
      Shield settings are arranged into modules. You can choose the module you need from the drop-down or search for plugin option.
    3. Scans and Protection
      Use Shield Scans to automatically detect and repair intrusions on your site.
      You can run scans or go to the scans & Hack Guard settings directly from within this section.
    4. Security Admin
      Restrict access to Shield itself and prevent unwanted changes to your site by other administrators.
      You can go to the Security Admin settings directly from within this section.
    5. IP Blocking and Bypass
      Shield automatically detects and blocks bad IP addresses based on your security settings.
      You can go to Analyse & Manage IPs or IP Blocking settings directly from within this section.
    6. Audit Trail
      Provides in-depth logging for all major WordPress events.
      You can view Audit Log or go to the Audit Trail settings directly from within this section.
    7. Traffic Logging
      Use traffic logging to monitor visitor requests to your site.
      Traffic Rate Limiting lets you throttle requests from any single visitor.
      You can view Traffic Log or go to the Traffic Log settings directly from within this section.
    8. WordPress Users
      Adds fine control over user sessions, account re-use, password strength and expiration, and user suspension.
      You can go to the User settings or manage User Sessions directly from within this section.
    9. Comment SPAM
      Shield blocks 100% of all automated comments by bots (the most common type of SPAM). The Human SPAM filter will look for common spam words and content.
      Privacy Note: Unlike Akismet, your comments and data are never sent off-site for analysis.
      You can go to the Bot SPAM and Human SPAM settings directly from within this section.
    10. Import/Export
      Use the import/export feature to quickly setup a new site based on the settings of another site.
      You can also setup automatic syncing of settings between sites.
      You can run Import/Export or go to the Import/Export settings directly from within this section.
    11. 3rd Party Integrations
      Shield integrates with 3rd party plugins and services.
      Determine what integrations Shield should use and manage the settings for them.
      You can go to manage integrations directly from within this section.
    12. Admin Notes
      Use these to keep note of important items or to-dos.
      You can also see the most recent note here.
      You can go to manage Admin Notes directly from within this section.
    13. Whitelabel
      Re-brand the Shield Security plugin your image.
      Use this to enhance and solidify your brand with your clients and visitors.
      You can go to manage White Label directly from within this section.
    14. Docs
      Important information about Shield releases and changes.
      You can go to view Docs directly from within this section.
    15. Debug Info
      If you contact support, they may ask you to show them your Debug Information page.
      It's also an interesting place to see a summary of your WordPress configuration in 1 place.
      You can go to view Debug Info and some of the most recent Shield events directly from within this section.
    16. Go PRO!
      By upgrading to ShieldPRO, you support ongoing Shield development and get access to exclusive PRO features.
      You can go to manage PRO or see exclusive ShieldPRO features directly from within this section.

Additionally, if you don't have PRO activated on that particular site, you'll have the opportunity to subscribe for a ShieldPRO or a free PRO trial directly from within Security Dashboard:

Change 2: Shortcut links to each module

We added shortcut links to each module so you can navigate through plugin settings easier. For example:

Change 3: Main tab of the Shield modules

We replaced this tab with a drop-down menu for each of the modules. Example:

Old tab

New drop-down menu

Change 4: Main Shield menu on the WP dashboard

Apart from "Security Dashboard" section, we made some of the most used plugin sections easy accessible by adding them on the main Shield menu of your WP dashboard. The list of items you can find there is:

  • Settings
    This is General settings of the plugin
  • IP Lists
    Analyse and manage IPs
  • Audit Trail
    View Audit Trail log
  • Scans
    Run scans.
  • Traffic Log
    View Traffic log

Change 5: Audit Trail contexts

We've completely removed the Audit Trail options for "contexts". These were options to select whether you log plugins, themes, WordPress, users, etc.

Now we just log everything.

Change 6: Stats graph

This is removed:

Change 7: Admin Notes option

This is no longer pro-only option. Admin Notes section can be found in the Shield Security Dashboard.

New added features

For 10.1 release we added

  • [PRO feature] Shield Security extension for MainWP
    You can now manage your Shield Security plugin directly from within your MainWP WordPress management control panel. The Shield Security Extension page will highlight all sites with any scan issues that need your attention. For now, the functionality is limited to installing, activating and deactivating the Shield plugin.

    You can turn-on Shield's built-in extension for MainWP server and client installations through Shield's Integrations module:

    Important: If this is a MainWP client site, you should add your MainWP Admin Server's IP address to your IP bypass list.

  • New added module: Integrations
    Shield can automatically integrate with 3rd party plugins. You can review built-in Shield integration settings here, such as MainWP (see above).
  • IP Analyse Tool Enhancements
    Based on customer feedback we've added links to the IP Analyse tool to let you quickly perform blocks or bypass on an IP.

    The identification of a 'known' IP address now also draws information from the IP Bypass labels.

For 10.1.4 release we added

  • Full support for Application Passwords arriving with WordPress 5.6
    Part of the purpose of Application Passwords is to allow APIs and 3rd parties to integrate with your WP site. Shield recognises authentication via Application Passwords and doesn't apply restrictions to it, including 2FA. Of course, failed logins attempted through Application Passwords will be treated as an offense against the site, as always.

    Read more about this here.
  • A new WordPress admin notice for when the Shield plugin version gets too old.

Improvements

We've made the following improvements: 

  • 10.1 release
    • Plugin Badge enhancements
      The Shield plugin badge lets you demonstrate to your clients and visitors that you take your security, and theirs, seriously. But it’s been a fairly static feature with little room for customisation, until now.
      ShieldPRO 10.1 now lets you apply your Whitelabel settings (though this will overwrite your affiliate link settings) and even use a WordPress filter to finely tune the plugin badge style and design.
    • Major code refactor and improvements
      Shield’s code structure improved immeasurably in the past 12-18 months, particularly as we drop support for older versions of PHP.
      With Shield 10, we dropped support for PHP 5 and this has afforded us the opportunity to develop more robust and reliable code.
      We’ve continued these improvements with Shield 10.1 allowing us to move completely away from our outdated codebase.
    • Plugins/themes update Audit Trail log added.
      Example: Plugin "Classic Editor" was upgraded from version 1.0 to version 1.6.
    • Shield Overview Styles
      With some feedback and suggestions provided by clients, we've improved our Shield Overview design.
  • 10.1.4 release
    • Full support for PHP 8.0

Fixes

We've made the following fixes: 

  • 10.1.1 release
    • Fix to ensure iControlWP is properly whitelisted.
  • 10.1.2 release
    • Bug with PHP Type Error in some cases.
  • 10.1.3 release
    • Bug with MainWP site actions not working in all cases.
  • 10.1.4 release 
    • 504 Gateway Timeout error on servers with malconfigured rDNS lookups.
    • Ensure requests from ManageWP bypass Shield protections, where possible.
  • 10.1.5 release
    • Stop admin notice showing (for when the Shield plugin version gets too old) when it's not required. 
  • 10.1.6 release
    • Prevent warnings and logouts when loading WordPress Site Health tool.

For more information on Shield 10.1 release, read this blog article here.