ShieldPRO 11.0 for WordPress is a major release. The main add-on is a brand new Bot-detection engine for Shield Security which involves removing the Captcha and "I'm a human" checkboxes from login/registration/comment forms. We also integrated other contact form plugins (such as Contact Form 7) for SPAM detection.
You can find the all details about the new Antibot Detection Engine in the release blog post here.
This guide outlines what have been added/removed, changed, or improved and what fixes we've made.
Firstly, we're going to explain what major changes are made and which options you'd need to review.
Change 1: The Bot Signals section on the IP Analysis Tool page
You can select IP address you want to analyse and see the bot score - the antibot minimum score (percentage). The information available are as follows:
- Bot signal
- Score (percentage) - likely a bot or not
- When - time activity
You can also see bot score under the General Info section and reset it, if you want:
Note: Reset doesn't mean reset to zero. If you reset and the IP address is on the bypass/block list, it'll pick-up that information again. There are other bits of information it picks up also, like Not-Bot and things like that.
New added features
For 11.0 release we added:
- Antibot Engine - Antibot Minimum Score
Every IP address accessing your site gets its own unique visitor score - the higher the score, the better the visitor i.e. the more likely it's human.
When a bot tries to login, or post a comment, we test its visitor score. If the visitor score fails to meet your Minimum AntiBot Score, we prevent the request. If its higher, we allow it.
This option is added under the Block Bad IPs/Visitors module:
The detailed information about a particular IP address bot score, use the Bot Signals section explained above (Change 1)
- Antibot Detection Engine for detecting bad bots on the login/registration/comment forms
This is a new Antibot detection for Shield Security which involves removing the Captcha and GASP ("I'm a human") checkboxes from login/registration/comment forms.
Note: When you enable Antibot Detection Engine option, both Captcha and Bot Protection (GASP) options will disable automatically. For example, in Login Guard:
The Antibot Detecting Engine option can be found under the Login Guard and Comments SPAM modules:
- [PRO feature] Antibot SPAM Detection For Contact Forms
With the arrival of our AntiBot Detection Engine, we can more easily integrate with 3rd party plugins. You can add Shield's SPAM protection to Elementor PRO Gravity Forms, Contact Form 7, Ninja Forms, and many more.
This built-in Antibot Detection Engine (system) can be used to identify contact form SPAM. The settings can be found under the Integration module:
- [PRO feature] Invalid Script Load
Detect when a bot tries to load WordPress directly from a file that isn't normally used to load WordPress.
This option can be found under the Block Bad IPs/Visitors module: => Probing Bots:
- The ability to download the IPs, Audit Trail logs, and Traffic logs to CSV
IP Lists section:
- New Section added: Reports and Stats (beta)
You can access this from within Security Dashboard or from the main menu:
It displays charts for you to see how Shield is performing over time and in which areas your site has been most impacted. You can chart your desired stats by selecting the Shield event and time interval. You can also select multiple events to display, if you want. Example:To clear the chart, just reload the page.
- New filters and hooks added to allow customisation
For example, you can override the hour at which the Shield crons run, including the scans.
Read more here.
- Allow webmaster to specify certain web crawlers and search engines that aren't automatically whitelisted.
Read more here.
For more information on Shield 11.0 release, read this blog article here.