Description
RankShield defends your site against the bot attacks that quietly damage your search rankings and waste your ad spend:
- CTR manipulation & sitemap-sweep attacks — bots that pull your sitemap and run your pages through fake impressions and fast click-and-bounce sessions to poison Google’s engagement signals.
- Ad click fraud — bots and competitors clicking your Google Search Ads to drain your budget. RankShield ties on-site behavior to each paid click and builds a ready-to-apply IP exclusion list for your ads team.
- Real-customer safety first — flagged traffic gets a one-second JavaScript challenge, never a hard block. Logged-in users and visitors who already passed are never challenged. Shared/residential networks are never auto-excluded.
A live security dashboard shows protection status, threats stopped, the per-URL attack story, and your ad click-fraud overview.
External services
This plugin connects to the RankShield protection service (an external SaaS operated by SEO Elite Agency) to detect and block attacks. Detection and threat intelligence run on the RankShield servers; the plugin enforces the decisions on your site.
Service: RankShield API — https://sea-shield-production.up.railway.app
What is sent, and when:
* On each page view, the plugin sends anonymized behavioral signals (time on page, mouse/scroll/keystroke counts, a bot score, the request URL/path, and — for visitors arriving from a paid ad — the ad click identifier such as gclid) so attacks can be scored. The visitor’s IP is read server-side for attribution and is never exposed in the browser.
* Periodically, the plugin requests the current block rules and your protection dashboard data using your site’s API key.
* When an attack is confirmed on your site, the attacker’s network indicator (e.g. IP / IP range) is contributed to the RankShield Network (RankShield’s shared threat-intelligence network) so other protected sites can be defended — this is how the network protects everyone. Paid plans additionally receive the full RankShield Network feed for instant immunity.
* Your API key is used to authenticate these requests and is never exposed to the public front-end.
This service is required for the plugin to function. By installing and activating the plugin you agree to the RankShield Terms of Service and Privacy Policy:
* Terms of Service: https://portal.seoeliteagency.com/terms
* Privacy Policy: https://portal.seoeliteagency.com/privacy
Installation
- Install and activate the plugin.
- Open RankShield Dashboard and click Activate free protection — no account or payment required. (If you have a paid plan, paste your API key instead.)
- Protection begins immediately. Open RankShield Dashboard to see live status.
FAQ
-
Do I need a paid account?
-
No. The plugin is fully functional for free: it detects and actively blocks/challenges attacks on your site using the RankShield service’s threat decisions. A paid RankShield subscription expands the service — the full RankShield Network (instant immunity from attackers confirmed on any other protected site), Google Search Ads click-fraud IP exclusions, and advanced reporting — all of which are processed on the RankShield servers.
-
Will it block my real customers?
-
No. RankShield uses a one-second JavaScript challenge instead of hard blocks, never challenges logged-in or already-verified visitors, and never auto-excludes shared/residential networks. Clicks that convert are always treated as real customers.
-
Does it work without Cloudflare?
-
Yes. The plugin is fully standalone; an optional Cloudflare edge worker is a bonus, not a requirement.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“RankShield — Ranking & Ad-Spend Attack Protection” is open source software. The following people have contributed to this plugin.
Contributors
Translate “RankShield — Ranking & Ad-Spend Attack Protection” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
2.3.2
- Google Search Console: once connected, the dashboard now shows a live Search performance panel — 90-day clicks, impressions, CTR, average position, a clicks-over-time chart, and your top-ranking keywords.
2.3.1
- Dashboard now shows a 30-day “threats stopped” trend chart so you can see your protection at a glance.
2.3.0
- Verify-challenge page now loads its CSS/JS through the WordPress enqueue system (wp_register/enqueue_style/script) instead of hardcoded tags.
- Decision dedupe uses the object cache instead of transients (no wp_options row growth under heavy bot traffic).
2.2.0
- Wordfence-style security console: Dashboard, Live Traffic, and Ad Protection sections.
- Ad click-fraud protection with a copyable, ready-to-apply IP exclusion list.