The Most Comprehensive and Highest-Rated Security System for WordPress (formerly the WordPress Simple Firewall).
All-Over WordPress Security Protection
Shield is the most powerful WordPress protection system available. Designed for maximum compatibility with your WordPress sites, it provides a super-simple platform for both beginner and advanced users.
NO more nasty site lockouts! Experience the difference that a great security plugin makes, alongside common-sense security design.
Premium Support For Businesses
Shield, combined with iControlWP, offers professionals and businesses a powerful management platform for website security, automated backups, and business continuity and disaster recovery. Can you afford not to protect your business's most important online assets?
The only WordPress security plugin with a WordPress-independent security key to protect itself. more info
With the Audit Trail you can review all major actions that have taken place on your WordPress site, by all users.
Blocks all web requests to the site that violate the firewall security rules! more info
Provides effective security against Brute Force Hacking and email based Two-Factor Authenticated login. more info
Blocks ALL automatic Bot-SPAM, and catches Human Comments SPAM without sending data to 3rd parties or charging subscription fees. more info
No more manual IP Black lists. This plugin handles the blocking of IP addresses for hosts that are naughty.
Numerous security and protection mechanisms to lock down your WordPress admin area, such as blocking file edits and enforcing SSL.
Take back control of your WordPress Automatic Updates.
The Shield is built to be highly reliable and easy to use by anyone!
Originally built off the WordPress Firewall 2, it now includes much more:
Basic functionality is based on the principles employed by the WordPress Firewall 2 plugin.
Note: Login Protection is a completely independent feature to the Firewall.
With the Login Protection features this plugin will single-handedly prevent brute force login attacks on all your WordPress sites.
It doesn't need IP Address Ban Lists (which are actually useless anyway), and instead puts hard limits on your WordPress site, and force users to verify themselves when they login.
Three core security features provide layers to protect the WordPress Login system.
These options alone will protect and secure your WordPress sites from nearly all forms of Brute Force login attacks.
And you hardly need to configure anything! Simply check the options to turn them on, set a cooldown interval and you're instantly protected.
As of version 1.6, this plugin integrates GASP Spambot Protection.
We have taken this functionality a level further and added the concept of unique, per-page visit, Comment Tokens.
Comment Tokens are unique keys that are created every time a page loads and they are uniquely generated based on 3 factors:
This is all handle automatically and your users will not be affected - they'll still just have a checkbox like the original GASP plugin.
These comment tokens are then embedded in the comment form and must be presented to your WordPress site when a comment is posted. The plugin will then examine the token, the IP address from which the comment is coming, and page upon which the comment is being posted. They must all match before the comment is accepted.
Furthermore, we place a cooldown (i.e. you must wait X seconds before you can post using that token) and an expiration on these comment tokens. The reasons for this are:
This all combines to make it much more difficult for spambots (and also human spammers as they have to now wait) to work their dirty magic :)
Requires: 3.5.0 or higher
Compatible up to: 4.7.2
Last Updated: 1 week ago
Active Installs: 50,000+
9 of 20 support threads in the last two months have been marked resolved.
Got something to say? Need help?