Title: Hacker protection Last modified: January 31, 2017 --- # Hacker protection * Resolved [wsoftware](https://wordpress.org/support/users/wsoftware/) * (@wsoftware) * [9 years, 3 months ago](https://wordpress.org/support/topic/hacker-protection/) * I have used Shield on all my sites for quite some time and have been pleased with it. But today I made a sad discovery that I have infected files all over my sites. * Isn’t Shield supposed to protect againt that? It looks like someone have both been adding new files in different places and infected many other files on the sites and that should Shield notice, right? * I now have a hell of a job to clean the sites but the question is if I have to change security plugin or if you can make me trust Shield again? Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [Paul](https://wordpress.org/support/users/paultgoodchild/) * (@paultgoodchild) * [9 years, 3 months ago](https://wordpress.org/support/topic/hacker-protection/#post-8725324) * Shield is but one part of your overall security for your site. Shield blocks certain malicious requests, offer administrative user protection, user login protection, user session management and even scans WordPress core files for content that shouldn’t be there. * But as I said, it’s only 1 part of the puzzle and often you’ll need to look beyond your WordPress site to your actually hosting account, hosting server, plugins, themes, hosting in isolation (or not)… many many things. * If you don’t trust Shield any longer, then as you suggest, you should grab another plugin. But your original problem remains – a fully holistic approach to security that factors in every layer of WordPress site hosting. * Really sorry to hear about your troubles and I hope you get it sorted. There is definitely more that we can do with Shield, and we’re actually working on new developments coming down the line, but again, it’s only one facet of the task that we must undertake… * Thread Starter [wsoftware](https://wordpress.org/support/users/wsoftware/) * (@wsoftware) * [9 years, 3 months ago](https://wordpress.org/support/topic/hacker-protection/#post-8726629) * I understand that it is more then just one plugin to keep the shit out but I thought that Shields Core file scanner should alert me if there was infected files. Here it hasn’t done that on any site. Is there some conditions when it can’t discover infections? * After yesterdays investigation I think I will use Wordfence for cleaning and scanning my sites but I think Shield will remain for spam, user and login protection. That part I’m satisfied with. * Plugin Author [Paul](https://wordpress.org/support/users/paultgoodchild/) * (@paultgoodchild) * [9 years, 3 months ago](https://wordpress.org/support/topic/hacker-protection/#post-8726811) * the only reason I can see the core file scanner not working is if your crons aren’t working, or the files in question weren’t core files. * Scanning for the presence of non-core files isn’t part of the scanner… that’s another feature we are building. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Hacker protection’ is closed to new replies. * ![](https://ps.w.org/wp-simple-firewall/assets/icon-256x256.png?rev=3054572) * [Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning](https://wordpress.org/plugins/wp-simple-firewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-simple-firewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-simple-firewall/) * [Active Topics](https://wordpress.org/support/plugin/wp-simple-firewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-simple-firewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-simple-firewall/reviews/) * 3 replies * 2 participants * Last reply from: [Paul](https://wordpress.org/support/users/paultgoodchild/) * Last activity: [9 years, 3 months ago](https://wordpress.org/support/topic/hacker-protection/#post-8726811) * Status: resolved