Title: Jelena's Replies | WordPress.org --- # Jelena [ ](https://wordpress.org/support/users/jmisic/) * [Profile](https://wordpress.org/support/users/jmisic/) * [Topics Started](https://wordpress.org/support/users/jmisic/topics/) * [Replies Created](https://wordpress.org/support/users/jmisic/replies/) * [Reviews Written](https://wordpress.org/support/users/jmisic/reviews/) * [Topics Replied To](https://wordpress.org/support/users/jmisic/replied-to/) * [Engagements](https://wordpress.org/support/users/jmisic/engagements/) * [Favorites](https://wordpress.org/support/users/jmisic/favorites/) Search replies: ## Forum Replies Created Viewing 15 replies - 1 through 15 (of 311 total) 1 [2](https://wordpress.org/support/users/jmisic/replies/page/2/?output_format=md) [3](https://wordpress.org/support/users/jmisic/replies/page/3/?output_format=md)… [19](https://wordpress.org/support/users/jmisic/replies/page/19/?output_format=md) [20](https://wordpress.org/support/users/jmisic/replies/page/20/?output_format=md) [21](https://wordpress.org/support/users/jmisic/replies/page/21/?output_format=md) [→](https://wordpress.org/support/users/jmisic/replies/page/2/?output_format=md) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Shield: Blocks Bots, Protects Users, and Prevents Security Breaches] Many wp-json/shield/v1/action/capture_not_bot appearing in Google Search Console](https://wordpress.org/support/topic/many-wp-json-shield-v1-action-capture_not_bot-appearing-in-google-search-console/) * Plugin Support [Jelena](https://wordpress.org/support/users/jmisic/) * (@jmisic) * [2 months, 1 week ago](https://wordpress.org/support/topic/many-wp-json-shield-v1-action-capture_not_bot-appearing-in-google-search-console/#post-18840774) * Since we haven’t heard from you in over 4 days, I assume that it’s sorted out so I’ll go ahead and close this thread for now. If you need any further help, feel free to reopen the conversation. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Shield: Blocks Bots, Protects Users, and Prevents Security Breaches] Many wp-json/shield/v1/action/capture_not_bot appearing in Google Search Console](https://wordpress.org/support/topic/many-wp-json-shield-v1-action-capture_not_bot-appearing-in-google-search-console/) * Plugin Support [Jelena](https://wordpress.org/support/users/jmisic/) * (@jmisic) * [2 months, 2 weeks ago](https://wordpress.org/support/topic/many-wp-json-shield-v1-action-capture_not_bot-appearing-in-google-search-console/#post-18836103) * Hi there, * Thanks for such a good question and for outlining exactly what you’re seeing, it’s much appreciated. * The addresses you’re seeing belong to Shield’s internal security API. They’re used by our [silentCAPTCHA AntiBot system](https://getshieldsecurity.com/blog/silentcaptcha-wordpress/) to quietly confirm that a visitor is a real human and not a bot. This is normal behaviour for Shield when bot protection is active. * In Google Search Console, the status “Crawled – currently not indexed” means Google can reach those technical URLs but has decided not to add them to the index. For internal API endpoints like this, that’s expected, because they’re not real pages and aren’t meant to appear in search results. * So what you’re seeing there is normal and not a problem caused by Shield. There’s nothing you need to change in the plugin for this specific case. If those entries are just noisy in your reports, you can filter out the internal Shield API URLs in Google Search Console so you can focus on your real pages. * Hope this helps. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Shield: Blocks Bots, Protects Users, and Prevents Security Breaches] WordPress Login Issue and Shield Security File Errors](https://wordpress.org/support/topic/wordpress-login-issue-and-shield-security-file-errors/) * Plugin Support [Jelena](https://wordpress.org/support/users/jmisic/) * (@jmisic) * [4 months, 3 weeks ago](https://wordpress.org/support/topic/wordpress-login-issue-and-shield-security-file-errors/#post-18762004) * You’re very welcome! 🙂 Glad it’s all resolved now. * And thank you as well for the thorough explanation and logs. These were incredibly helpful. * Cheers! * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Shield: Blocks Bots, Protects Users, and Prevents Security Breaches] WordPress Login Issue and Shield Security File Errors](https://wordpress.org/support/topic/wordpress-login-issue-and-shield-security-file-errors/) * Plugin Support [Jelena](https://wordpress.org/support/users/jmisic/) * (@jmisic) * [4 months, 3 weeks ago](https://wordpress.org/support/topic/wordpress-login-issue-and-shield-security-file-errors/#post-18760701) * To function correctly, Shield will try to write to its own plugin directory, as well as 1 of: **wp-content/shield/wp-content/uploads/shield/ * Based on what you described, the issue is likely occurring because Shield is unable to write and then read its required test files in any of its supported storage locations: the plugin directory, wp-content/shield/, or wp-content/uploads/ shield/. * When this happens, Shield treats the environment as unstable and repeatedly triggers re-authentication, which causes the redirect back to the homepage with reauth =1 instead of allowing access to the WordPress admin. The specific error in your log shows that Shield tried to read a test file in wp-content/uploads/shield/, but the file was not found, which indicates the initial write test failed. * Even if permissions on the folders appear correct, Shield can still fail its file tests if the PHP process cannot actually write to the folder, if server security restrictions block file creation, or if the folder doesn’t exist or is partially damaged for some reason. This could explain why checking permissions alone wasn’t enough to resolve the issue… * To fix this, you can remove both **wp-content/shield/** and **wp-content/uploads/ shield/**. It’s safest to do this while Shield is deactivated, but even if the plugin is active, removing these folders is generally safe and shouldn’t affect your site or content. After removing them, simply re-enable Shield and it will automatically recreate the folder and its test file. Once this is successful, the login redirect issue and related errors should stop. * If the folders are not recreated after re-enabling Shield, this usually indicates that the server environment is preventing the plugin from writing its own files. Common causes include file system restrictions set by the hosting environment, security modules that block file writes, or the PHP process not having permission to write to the WordPress directories. In this case, you may need to check with your hosting provider to ensure Shield can write to one of its supported storage locations. * Also, make sure that caching isn’t causing the troubles. * Hope this helps. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Shield: Blocks Bots, Protects Users, and Prevents Security Breaches] Whitelists?](https://wordpress.org/support/topic/whitelists/) * Plugin Support [Jelena](https://wordpress.org/support/users/jmisic/) * (@jmisic) * [8 months, 1 week ago](https://wordpress.org/support/topic/whitelists/#post-18631895) * Hi, * You can whitelist an IP by following this [guide here](https://help.getshieldsecurity.com/article/212-bots-ip-rules-ip-management-and-analysis-tool). _Section “How to add IP to the bypass/whitelist”_That guide walks you through the exact steps in the current Shield interface. * And if you ever need help with anything else, our [Helpdesk](https://help.getshieldsecurity.com/) has all the guides in one place, so you’ll always find what you need there. * Cheers! * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Shield: Blocks Bots, Protects Users, and Prevents Security Breaches] Possible Problem](https://wordpress.org/support/topic/possible-problem-6/) * Plugin Support [Jelena](https://wordpress.org/support/users/jmisic/) * (@jmisic) * [8 months, 2 weeks ago](https://wordpress.org/support/topic/possible-problem-6/#post-18622240) * Since there’s been no activity for a few days, we’ll be closing this thread. Thanks for joining in, and we hope everything’s going well. * Regards, Jelena * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Shield: Blocks Bots, Protects Users, and Prevents Security Breaches] Possible Problem](https://wordpress.org/support/topic/possible-problem-6/) * Plugin Support [Jelena](https://wordpress.org/support/users/jmisic/) * (@jmisic) * [8 months, 2 weeks ago](https://wordpress.org/support/topic/possible-problem-6/#post-18615362) * Hi there, * I understand your frustration with encountering a block while saving a post, but let me explain what happened and why. * The **Aggressive Block Data** option is designed to detect potentially malicious requests, but it’s very strict and can cause false-positive blocks, which is why it is disabled by default and comes with a clear warning that it may cause false-positive blocks. The warning is indicated in the option description and in our [help documentation](https://help.getshieldsecurity.com/article/333-request-firewall-options-explanations). For example, in the option description: * ![](https://i0.wp.com/jtesting.hostliketoast.com/wp-content/uploads/2025/08/firewall- warning.png?ssl=1) * By choosing to enable this option, normal actions — like saving a post — can trigger a block, which is what happened in your case. It’s important to note that Shield did not enable this option for you; it was a choice made in your site’s configuration. * The firewall block page clearly shows which firewall rule and request parameter were triggered. For example: * ![](https://i0.wp.com/jtesting.hostliketoast.com/wp-content/uploads/2025/08/firewall- block-page.png?ssl=1) * The same details can be found in the [WP Activity Log](https://help.getshieldsecurity.com/article/238-review-your-site-activities-with-the-activity-log-viewer) too. * As the site admin, you have full control over your security configuration. In this case, you can disable the Aggressive Block Data option or whitelist the specific parameter to stop the block and solve the problem quickly. Detailed instructions and explanations for handling these blocks are also available in our [documentation here](https://help.getshieldsecurity.com/article/254-shield-firewall-block-firewall-terminated-the-request-because-it-triggered-a-firewall-rule) and through the Help/Info links inside the plugin. * So Shield isn’t dictating which settings you can or cannot use. Site admins always control how Shield behaves, and you can decide how strict — or less strict — you want the firewall to be. The plugin just provides the tools, shows what was blocked and leaves the choice to you. * Also, if Shield ever blocks you,  [WP Activity Log](https://help.getshieldsecurity.com/article/238-review-your-site-activities-with-the-activity-log-viewer) can be your best ally. It monitors and records your site in real-time and tracks specific actions. It will show you the exact type of block that was triggered so you can adjust Shield’s settings to prevent it from happening again. * I hope this clarifies things a little bit for you. * Regards, * Jelena * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Shield: Blocks Bots, Protects Users, and Prevents Security Breaches] Popular Posts Plugin Stopped Working](https://wordpress.org/support/topic/popular-posts-plugin-syopped-working/) * Plugin Support [Jelena](https://wordpress.org/support/users/jmisic/) * (@jmisic) * [8 months, 3 weeks ago](https://wordpress.org/support/topic/popular-posts-plugin-syopped-working/#post-18612064) * Hi [@deeveearr](https://wordpress.org/support/users/deeveearr/), I’m really glad to hear you managed to get everything working again. * And huge thanks to [@hcabrera](https://wordpress.org/support/users/hcabrera/) for pointing you in exactly the right direction. 🙂 * Just to add a little extra context: Shield’s “**Anonymous REST API**” setting is designed to block unauthenticated requests to the REST API. This can be a great security measure, but as you’ve seen, it can also block legitimate plugins( like WordPress Popular Posts) that rely on those requests. * That’s why we also provide an exclusions option — this lets you whitelist specific API endpoints so your important plugins can keep working smoothly, while still keeping the rest of your site locked down. * So, you’ve got 2 easy ways forward here: 1. **Keep the option disabled** — which is perfectly fine if you don’t need that particular protection. 2. **Use the [‘Rest API Exclusions’ list](https://help.getshieldsecurity.com/article/413-firewall-api-xmlrpc-options)**— this lets you re-enable the option, but still allow anonymous access for the specific API endpoints used by plugins like Popular Posts. That way you keep the protection in place for everything else. * Either approach works, so it’s really down to what feels best for your setup. * Thanks again to you both, awesome teamwork! * Jelena * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Shield: Blocks Bots, Protects Users, and Prevents Security Breaches] 2FA by email not showing roles config](https://wordpress.org/support/topic/2fa-by-email-not-showing-roles-config/) * Plugin Support [Jelena](https://wordpress.org/support/users/jmisic/) * (@jmisic) * [8 months, 3 weeks ago](https://wordpress.org/support/topic/2fa-by-email-not-showing-roles-config/#post-18607764) * Hi Rob, * Sorry to hear about the troubles you’re having. * 2FA Email is a free feature and yes, it should work for you without any restrictions. * Please see below answers to you questions. * 1) This link is intentionally formatted as plain text to ensure maximum deliverability and avoid being flagged as spam. While many email clients automatically convert plain text URLs into clickable links, some don’t. * The email sending verification URL isn’t clickable because of how your email client is handling plain-text emails. Some email clients or specific account settings restrictions can prevent plain-text URLs from becoming clickable, even if other links in the same email appear clickable. * 2) If you’ve confirmed that your site can send emails but emails are not being sent to users with the “subscriber” role (2FA not applied for them), this is because that role isn’t included in the ‘Enforce Email Authentication’ option list. We don’t list “subscriber” role by default, you’ll need to add it manually into the option field. * The ‘Enforce Email Authentication’ option is located under the main Security Zones navigation menu > click a gear icon next to Login zone > select 2FA: Email tab > Enforce-Email Authentication: * ![](https://i0.wp.com/jtesting.hostliketoast.com/wp-content/uploads/2025/08/2fa- user-roles.png?ssl=1) * We also have a complete guide on this [here](https://help.getshieldsecurity.com/article/243-how-to-enforce-email-2fa-for-your-users). * Hope this helps. * Thanks. * Jelena * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Shield: Blocks Bots, Protects Users, and Prevents Security Breaches] DB Tables left behind](https://wordpress.org/support/topic/db-tables-left-behind/) * Plugin Support [Jelena](https://wordpress.org/support/users/jmisic/) * (@jmisic) * [8 months, 4 weeks ago](https://wordpress.org/support/topic/db-tables-left-behind/#post-18602402) * Hi, * It’s been a few days since we last heard from you, so I’ll be closing this thread for now. If you have any further questions, you’re welcome to reopen the conversation. * Thanks. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Shield: Blocks Bots, Protects Users, and Prevents Security Breaches] DB Tables left behind](https://wordpress.org/support/topic/db-tables-left-behind/) * Plugin Support [Jelena](https://wordpress.org/support/users/jmisic/) * (@jmisic) * [9 months ago](https://wordpress.org/support/topic/db-tables-left-behind/#post-18595392) * Shield leaves some database entries behind so if you ever reinstall it, your settings and data are still there. This happens particularly if you removed it without the “Delete on Deactivate” option enabled. Many WordPress plugins (especially complex ones) keep database entries after uninstall. it’s a common way to make sure you don’t lose your setup by accident. * If you need to remove Shield entries, please check these discussions [here](https://wordpress.org/support/topic/shield-options-in-database-after-uninstall/) and [here](https://wordpress.org/support/topic/deleting-database-tables-3/). * You can find the list of Shield’s database tables [here](https://help.getshieldsecurity.com/article/791-understanding-the-shield-database-tables). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Shield: Blocks Bots, Protects Users, and Prevents Security Breaches] Hide log in not working](https://wordpress.org/support/topic/hide-log-in-not-working/) * Plugin Support [Jelena](https://wordpress.org/support/users/jmisic/) * (@jmisic) * [10 months, 1 week ago](https://wordpress.org/support/topic/hide-log-in-not-working/#post-18551137) * Do you have your IP whitelisted in Shield? Can you double-check that that’s not the case? * Thanks. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Shield: Blocks Bots, Protects Users, and Prevents Security Breaches] Astra theme conflict](https://wordpress.org/support/topic/astra-theme-conflict-2/) * Plugin Support [Jelena](https://wordpress.org/support/users/jmisic/) * (@jmisic) * [10 months, 2 weeks ago](https://wordpress.org/support/topic/astra-theme-conflict-2/#post-18531769) * Hi, Thanks so much for providing the problem details and your concerns here as well. Highlighting both the issues and solutions can be very helpful to the entire community. * Since we’ve been in direct contact through our support system and have been working closely with you and your hosting provider to investigate and resolve the situation, I’ll go ahead and close this thread now. * If anyone experiences a similar issue, here’s just a quick overview: The site crashed because some files and database references from the Gutenverse child theme and Gutenverse Addons plugin were not fully removed. As a result, WordPress tried to load missing components, which caused the site crash.During this, some Shield plugin files were also missing or not properly loaded, which led to Shield being referenced in the error logs. Shield wasn’t the cause of the crash — it was affected by the same file-related disruptions but did not trigger the failure itself.The issue was resolved by fully cleaning up the leftover data, reinstalling Shield and switching to the Astra theme. * [@hbk747](https://wordpress.org/support/users/hbk747/) , thanks again for such great cooperation! 🙂 * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Shield: Blocks Bots, Protects Users, and Prevents Security Breaches] wp_icwp_wpsf_req_logs – 300mb](https://wordpress.org/support/topic/wp_icwp_wpsf_req_logs-300mb/) * Plugin Support [Jelena](https://wordpress.org/support/users/jmisic/) * (@jmisic) * [10 months, 3 weeks ago](https://wordpress.org/support/topic/wp_icwp_wpsf_req_logs-300mb/#post-18521723) * No problem at all. Great to know things are running smoother now. * Regarding autoloads: * It’s normal to see autoloaded options related to Shield, especially if the plugin was used across different versions. These can add up and take some space. * You can safely delete all entries starting with **_shield\_mod\_config\_\*_** as these hold configuration data for Shield features. Don’t worry, if any are needed again, Shield will automatically rebuild them as required. So if they start building up again, you can just run the delete command again to clear them out. * There aren’t specific Shield options that must stay autoloaded for the plugin to work properly. Shield dynamically loads only what it needs. * Also, these autoloaded options generally have minimal impact on site speed or performance because they’re loaded in one SQL query. So while cleaning them up reduces autoload size, it likely won’t make a big difference in speed. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Shield: Blocks Bots, Protects Users, and Prevents Security Breaches] Do not have Enforce- Email authentication option](https://wordpress.org/support/topic/do-not-have-enforce-email-authentication-option/) * Plugin Support [Jelena](https://wordpress.org/support/users/jmisic/) * (@jmisic) * [11 months ago](https://wordpress.org/support/topic/do-not-have-enforce-email-authentication-option/#post-18514988) * It looks like this issue might be resolved since we haven’t heard back in more than a week. We’re closing the thread, but you’re welcome to reopen it anytime for more help. Viewing 15 replies - 1 through 15 (of 311 total) 1 [2](https://wordpress.org/support/users/jmisic/replies/page/2/?output_format=md) [3](https://wordpress.org/support/users/jmisic/replies/page/3/?output_format=md)… [19](https://wordpress.org/support/users/jmisic/replies/page/19/?output_format=md) [20](https://wordpress.org/support/users/jmisic/replies/page/20/?output_format=md) [21](https://wordpress.org/support/users/jmisic/replies/page/21/?output_format=md) [→](https://wordpress.org/support/users/jmisic/replies/page/2/?output_format=md)