With more than 45,000 plugins in the WordPress repo, anytime we publish a review of plugins that meet a specific need the list is shorter than it could be by necessity. We do our best to filter through and bring your attention to some of the best options out there, but the fact is we’re going to miss some great ones from time to time. I currently have a list of revisions and future articles from reader requests I’m working through – I am doing my best to get to all of you!
One such oversight and subsequent request came from the comments of our 7 Top Security Plugins for WordPress article. Mr. Paul Goodchild, author of Shield WordPress Security, put his plugin on our radar. After taking a look at it, it absolutely deserves a mention. So that’s what we’re reviewing today- check it out!
Shield – Not Just for Superheroes Anymore!
If you’ve not watched any Marvel movies in the last few years and don’t get the reference, please do yourself a favor: stop what you’re doing, turn on Netflix, and watch Age of Ultron or something. We’ll be here when you get back.
Shield is a small fish compared to some of the others we reviewed that have hundreds of thousands or millions of active users. They are a relatively new plugin in their niche with a growing subscriber base that’s currently around 40k active installs. Their reviews are absolutely stellar for their size, and the reason why quickly becomes clear as you dig into the plugin itself.
Right off the bat we can see that Shield has a host of configurable features:
It’s not just appearances, either. Shield gives you a remarkable degree of ownership in your website’s defenses. We won’t hit each and every feature here, but let’s take a spin through them now.
What Sets Shield Apart as a WordPress Security Plugin?
Shield WordPress Security Admin
One of the neatest features I see with Shield that I have not seen with any other WordPress security plugin is a layer of security that protects the actual plugin itself in the WordPress Admin:
The WordPress Security Admin locks access to Shield’s settings, requiring an access key to unlock the plugin before any changes can be made. It’s a really neat failsafe- no security system, digital or otherwise, is 100% unbreachable. This feature means that if a malicious entity ever did gain access to your site, they’d have to devote time and effort to defeating your Shield Access Key before they could compromise Shield.
Shield is a Completely Discrete Plugin
Shield as a plugin is separate and distinct from your WordPress installation. While it obviously integrates with and protects your WordPress install, it does it without modifying core files or even .htaccess. This gives you additional options should anything go wrong, like locking yourself out of your site. There are built in recovery options, but should those fail you can completely delete the plugin safely via FTP and not impact your website’s integrity.
All Features Are Standard
Expedited support is Shield’s only premium feature. This means you’re getting features free with Shield that are commonly paid-only features in any other WordPress security plugin. Examples include but are not limited to:
- Google Authenticator and email-based 2-factor authentication
- WordPress core file scanner (and replacement)
- Automatic IP blacklist system
- 100% bot comment spam blocking
Shield Highlighted Features
– Robust login protection including brute force prevention, two-factor authentication, WordPress admin and login page masking, Yubikey authentication, and more
– Comprehensive comment spam protection from both bots and humans
– Ability to regulate or outright block malicious URLs and requests
– And more…
- Premium support for businesses
- Monitor login activity and restrict username sharing
- Audit Trail Log for reviewing admin activity
- Configurable automatic updating for core, themes, and plugins
- Easily togglable firewall
I could go on, and go into quite a bit more detail with the features we have already highlighted pretty easily. Suffice it to say, Shield WordPress Security is a very robust and professional grade WordPress security plugin solution. It is not one of the big name players in WordPress security yet, but it has all the hallmarks of a plugin that will make a long term impact in the WordPress security space. It’s very much worth your time to explore it further!
Bob says
Having run Shield on my site since it was known as WP Simple Firewall. In all sincerity, I can only say that Paul G is a very genuine character, who goes above and beyond the call to fix your issues and questions. Being in a position of having a low IT IQ, I feel confident knowing that my sites are at a safe and reasonable level of security. Currently I am paying customer, but that only comes from my paranoid feelings, that some IT “Ninja” is about to strike my site, and one day i’Il awake to members of the Federal Police asking me about my connections to a notorious African Warlord. Best features for me are the Firewall Lockdown, Auto Backups and the ability to re name your Login Screen so that it slips down a black hole in a parallel universe. LastPass or your favourite password manager is essential plus I am plan on purchasing a Yubikey. Cheers and congrats to Paul G for all his hard work. Yes I know iThemes does the same, it’s just that I like the personal touch and god ol’ fashioned service that Paul G provides, so I guess I am somewhat bias Yes I tried iThemes and had a dozen or so extra security plugins; now I have one security plugin and a much faster site.