The Free Version is Useless.

  • peachpit

    (@peachpit)


    1 day, 2 hours ago

    My client picked this plugin, not me. And I just spent 2 days recovering and repairing their website. It was so bad, and that’s why I had to leave a review. We all know that premium versions of security plugins offer more security, in general. I manage around 50 websites currently; all of them are on Free Wordfence security, except this one. None of them have been hacked. Do with that what you will. Take some time to understand what is being restricted and what protection & control you actually have when using this particular plugin’s free version. Nothing is perfect, but this free version was really unnecessarily bad. I couldn’t even run a follow up scan-even THAT is restricted? Yeah, no.

Viewing 1 replies (of 1 total)
  • Plugin Support Jelena

    (@jmisic)

    4 hours, 29 minutes ago

    Hi,

    Thanks for sharing your experience, even though it was clearly a difficult one.

    We’d like to offer some context that we hope brings some clarity, not just in this case, but for anyone reading this.

    Shield Security is built around one core principle: prevention. It works continuously to block attackers, malicious bots, and suspicious traffic at the WordPress application level, stopping the vast majority of threats before they can cause any harm. The free version already provides solid, meaningful protection every single day. It’s also worth considering that a site can arrive already compromised before any security plugin is installed, in which case no plugin ever had the chance to prevent anything. Calling Shield useless overlooks everything it had already blocked.

    Without knowing what actually happened on this site, all we can honestly say is this:

    Security is an ongoing process, and even the most advanced solutions have limits. Compromises that originate below the WordPress application layer, whether through the hosting environment, direct file system access, or a server-level breach, are simply beyond the reach of any WordPress security plugin, free or not, from any provider.

    It’s also why visible symptoms alone are never a reliable measure of safety. The fact is that many compromised sites run completely silently for months, serving malicious content or sending spam to visitors while the admin sees nothing unusual at all. Attackers do this deliberately. Staying hidden means staying in. A quiet site is not always a clean site.

    This is exactly why we strongly recommend all WordPress users: prevention, to perform regular security audits of their sites. A security plugin is one important layer, but It’s worth taking a few minutes each week to perform a site review to catch issues early and wherever possible.

    On scanning: any scans detect damage after it’s already happened. They do not prevent attackers from getting in. Shield includes free real-time scanning for WordPress core file integrity and abandoned plugins, running continuously. Not all free scanners work this way. Some rely on threat definitions that can be weeks out of date, meaning recently introduced threats may pass through completely undetected. A scanner that misses newer threats can create a false sense of security, which is a risk worth being aware of when choosing how to protect your sites.

    Finally, we also want to be transparent: we were never given the chance to help. We had no opportunity to investigate what actually happened, identify the root cause, or guide you through a proper recovery. That is genuinely unfortunate, because that’s exactly what our support is here for. Had you knocked on our door, we’d have been there. That door is always open, and our support forum is always the right first step.

    Regards and sincerely wish you and your client all the best going forward. 🙂

    Jelena, Shield Security Team

Viewing 1 replies (of 1 total)

You must be logged in to reply to this review.