Don’t Leave Your Site At Risk If your site is vulnerable to attack, you’re putting your business and your reputation at serious risk. Getting hacked can mean you’re locked out of your site, client data stolen, your website defaced or offline, and Google will penalise you. Why take the risk? Download and install Shield now for FREE so that you have the most powerful WordPress security system working for you and protecting your site. Shield + iControlWP If you have multiple sites, then Shield combined with iControlWP, takes the pain out of managing your websites, and covers your security, daily backup (and restore), and updating plugins/themes All the wonderful features of how we protect you and your site are set out below in detail, but there are a few things about us, that you should know first: We’re on a mission to liberate people who manage websites from unnecessarily repetitive work, and by 2022 we want to be saving our clients over 62.5 million hours per year (and we’d love you to join us in our quest) We have three rules that apply to everything we do, and you’ll see these when you use our products or contact us for help: We make everything as simple and easy-to-use as possible (and no simpler!). We’re reliable â€“ we make sure our products do what they promise. We take ownership for resolving problems – we will solve the problem, or point you towards the solution. So, read on for the detail, or start protecting yourself, your clients and your clients’ customers immediately by downloading and installing Shield now What makes the Shield different? No “Pro” restrictions on security features – it’s ALL there for you. Easy-To-Setup User Interface. It won’t break your website – you’ll never get that horrible, pit-of-your stomach feeling you get with other security plugins when your website doesn’t load anymore. Super Admin Security – the only WordPress Security Plugin that protects against tampering. Exclusive membership to a private security group where you can learn more about WordPress security. Awesome Features Blocks malicious URLs and requests Blocks ALL automated spambot comments. Hide your WordPress Admin and Login page. Prevents brute force attacks on your login and any attempted automatic bot logins. Verify user identity with email-based Two-Factor Authentication Monitor login activity and restrict username sharin, with User Sessions Management Review admin activity with a detailed Audit Trail Log Turn on and turn off WordPress Automatic Updates separately for plugins, themes and Core Easy to use kill switch to temporarily turn off all Firewall Features without disabling the plugin or even logging into WordPress. Super Admin Security Protection The only WordPress security plugin with a WordPress-independent security key to protect itself. more info Audit Trail Activity Monitor With the Audit Trail you can review all major actions that have taken place on your WordPress site, by all users. Firewall Protection Blocks all web requests to the site that violate the firewall security rules! more info Brute Force Login Protection and Two-Factor Authentication Provides effective security against Brute Force Hacking and email based Two-Factor Authenticated login. more info Comment SPAM (Full replacement and upgrade from Akismet) Blocks ALL automatic Bot-SPAM, and catches Human Comments SPAM without sending data to 3rd parties or charging subscription fees. more info FABLE – Fully Automatic Black Listing Engine No more manual IP Black lists. This plugin handles the blocking of IP addresses for hosts that are naughty. WordPress Lock Down Numerous security and protection mechanisms to lock down your WordPress admin area, such as blocking file edits and enforcing SSL. Automatic Updates Take back control of your WordPress Automatic Updates. Shield Security Explained The Shield is built to be highly reliable and easy to use by anyone! Originally built off the WordPress Firewall 2, it now includes much more: 9 effective and clear, Firewall blocking options – pick and choose for ultimate protection and compatibility. Option: Ignore already logged-in Administrators so you don’t firewall yourself as you work on the site. Option: IP Address Whitelist. So you can vet your own IP addresses and 3rd Party Services. Option: Developer option for 3rd Party Services to dynamically add IP Addresses to whitelist (our plugin is built to work with others!) E.g. iControlWP. Option: IP Address Blacklist so you can completely block sites/services based on their IP address. Option: to easily turn on / off the whole firewall without disabling the whole plugin! (so simple, but important) Recovery Option: You can use FTP to manually turn ON/OFF the Firewall. This means if you accidentally lock yourself out, you can forcefully turn off the firewall using FTP. You can also turn back on the firewall using the same method. Performance: When the firewall is running it is processing EVERY page load. So your firewall checking needs to be fast. This plugin is written to cache settings and minimize database access: 1-3 database calls per page load. Logging: Full logging of Firewall (and other options) to analyse and debug your traffic and settings. Option: Email when firewall blocks a page access – with option to specify recipient. Option: Email throttling. If you get hit by a bot you wont get 1000s of email… you can throttle how many emails are sent. useful for 3rd party services that connect to the site using other plugins. Basic functionality is based on the principles employed by the WordPress Firewall 2 plugin. Login and Identity Security Protection – Stops Brute Force Attacks Note: Login Protection is a completely independent feature to the Firewall. With the Login Protection features this plugin will single-handedly prevent brute force login attacks on all your WordPress sites. It doesn’t need IP Address Ban Lists (which are actually useless anyway), and instead puts hard limits on your WordPress site, and force users to verify themselves when they login. Three core security features provide layers to protect the WordPress Login system. Email-based 2-Factor Login Authentication based on IP address! (prevents brute force login attacks) Login Cooldown Interval – WordPress will only process 1 login per interval in seconds (prevents brute force login attacks) GASP Anti-Bot Login Form Protection – Adds 2 protection checks for all WordPress login attempts (prevents brute force login attacks using Bots) These options alone will protect and secure your WordPress sites from nearly all forms of Brute Force login attacks. And you hardly need to configure anything! Simply check the options to turn them on, set a cooldown interval and you’re instantly protected. SPAM and Comments Filtering As of version 1.6, this plugin integrates GASP Spambot Protection. We have taken this functionality a level further and added the concept of unique, per-page visit, Comment Tokens. Comment Tokens are unique keys that are created every time a page loads and they are uniquely generated based on 3 factors: The visitors IP address. The Page they are viewing A unique, random number, generated at the time the page is loaded. This is all handle automatically and your users will not be affected – they’ll still just have a checkbox like the original GASP plugin. These comment tokens are then embedded in the comment form and must be presented to your WordPress site when a comment is posted. The plugin will then examine the token, the IP address from which the comment is coming, and page upon which the comment is being posted. They must all match before the comment is accepted. Furthermore, we place a cooldown (i.e. you must wait X seconds before you can post using that token) and an expiration on these comment tokens. The reasons for this are: Cooldown means that a spambot cannot load a page, read the unique comment token and immediately re-post a comment to that page. It must wait a while. This has the effect of slowing down the spambots, and, if the spambots get it wrong, they’ve wasted that token – as tokens can only be used once. Expirations mean that a spambot cannot get the token and use it whenever it likes, it must use it within the specfied time. This all combines to make it much more difficult for spambots (and also human spammers as they have to now wait) to work their dirty magic ðŸ™?