Jelena
Forum Replies Created
-
Since we haven’t heard from you in over a week, we’ll assume the issue is resolved and will go ahead and close this thread for now. If you need any further help, feel free to reopen the conversation.
Hi,
Thanks for your question.
The ‘Enforce Email Authentication’ option is located under the main Security Zones menu. Select ‘Login’ (click the gear icon next to it), then go to the ‘2FA: Email’ tab.
In your case, make sure the ‘administrator’ user role is included in the ‘Enforce Email Authentication’ list field.
We also have a complete guide on this here.
Hope this helps.
Jelena
Hi,
Sorry to hear about the troubles you’re having.
wp_icwp_wpsf_req_logs is a request/Traffic Request logs table and wp_icwp_wpsf_at_logs is the Activity Logs table.
The Activity Log relies on the Traffic Request logs. So if there’s an entry in the Activity Log, there’ll be an entry in the Traffic Log also for that record. Entries in the Traffic Log that aren’t related to Activity log entries will be purged. But those entries that are required will be kept for as long as the logging retention configuration requires.Here’s a quick overview of the Shield database tables and other info you may find helpful:
https://help.getshieldsecurity.com/article/791-understanding-the-shield-database-tablesIf you can’t truncate the table in question, it could be that there is some form of database caching on the site such that the site is using old data and isn’t taking into consideration the updates to the table. In this case, you can try to truncate again and purge the cache.
If that doesn’t help, then you can try to delete both wp_icwp_wpsf_at_logs and wp_icwp_wpsf_req_logs tables.As for the issue with the log settings reverting, this shouldn’t happen. It may be caused by caching, or cron. You could try disabling both the Activity Logs and the Traffic Logs — or keep them enabled and set them to 1 day (Log Retention options for both) and simply limit what gets logged. Activity Logs can be filtered by type (e.g. select only Alert and Warning), allowing you to reduce the amount of logged data. Traffic Logs can also be excluded based on the type of request. Then, try saving the settings again after clearing any site or object cache.
Hope this helps.
Hi,
Thanks so much for your thoughtful and supportive review! 🙂
We’re really glad Shield is making a difference for your site and that you’ve had a positive experience with both the features and our support. Feedback like yours motivates us to keep improving.
Thank you especially for suggesting geo-location blocking in Shield — we’ve definitely noted it for review.
Geo-blocking is based on IP addresses, which aren’t always reliable. That’s why Shield doesn’t offer country-based IP blocking—IP addresses can be spoofed, and botnets often use thousands of different IPs and we block them automatically.
If you want to block traffic from certain countries, you may check if your hosting provider supports server-level GeoIP blocking—they may be able to set it up for you.
Additionally, you can combine Shield’s automatic IP blocking with Cloudflare’s geo-blocking and CDN. Shield blocks malicious IPs, while Cloudflare improves performance and filters traffic by region. Together, they create a strong defense against threats and improve sites performance by stopping harmful traffic before it reaches your site.
Hope you find this helpful in some way…Regards and we truly appreciate you being part of the Shield community.
The Shield Security Team 🛡️ 🙂Hi Amanda,
Since it’s been more than 10 days without a response, I’ll assume everything is sorted and close this thread. If that’s not the case, you’re welcome to reopen the conversation.
Thanks.
Jelena
Hi Amanda,
Sorry to hear about the continued trouble with this.
Since the issue was previously resolved by disabling Shield’s HTTP Headers options, it’s possible that something has changed after that—such as a WordPress update or another plugin/theme—that’s causing the issue to return.
Here’s what you can try:
Confirm Header Settings: Re-check if the HTTP Headers settings are still disabled in Shield. If they were re-enabled, disabling them again might fix the issue.
Clear and Disable Cache: Sometimes, caching can cause outdated settings or pages to load. If you’re using a caching plugin or browser, consider clearing cache and temporarily disabling it, force refresh the site (F5) and testing the issue again.
Check for Plugin or Theme Updates: If any other plugins or theme were updated just before the problem reappeared, there could be a compatibility issue affecting the Customizer’s functionality.
Review Console & Network Tab: Checking the browser console and network tab (as previously suggested) might reveal new errors that weren’t there before.
Test on a Different Theme: If the issue is theme-related, switching to a default theme could help determine if the theme itself is conflicting with Shield.
Temporarily Disable Other Plugins: Even though Shield’s HTTP Headers were previously identified as the cause, another factor—such as a recent plugin or theme update—might now be contributing to the issue. I recommend disabling one plugin at a time and testing the Customizer after each deactivation to see if the issue is resolved. You can do the same with themes. This can help pinpoint if any other plugin/theme is causing the conflict.
Let me know how it goes,
Thanks.
Hi Alvaro,
It’s been a few days since we last heard from you, so I’ll be closing this thread for now. If you have any further questions, you’re welcome to reopen the conversation.
Thanks 🙂
Jelena
Hi Alvaro,
The CrowdSec should be automatically cleaned. If it’s not, then there’s likely an issue with the site’s cron jobs not running correctly. You should check for errors in the server logs and use a tool like WP Crontrol to monitor and debug any cron issues.
You can cleanup the Crowdsec table manually by using a tool like phpMyAdmin, which is available in most web hosting control panels. Access the database for the site in question and locate the table named wp_icwp_wpsf_crowdsec_signals. Then, “truncate” the table (this will clear its data but keep the table structure intact). Again, this should be processed by a correctly functioning of WP Cron.
Also, may see some errors in the logs for up to ~30 seconds after truncating the table, as Shield detects that the table is empty. It will then automatically rebuild the table, and you should be back to normal.Jelena
Hi,
Thanks for your post! Since this is related to our earlier discussion here, I’ve replied to your question there so we can keep everything in one place and make it easier to follow.
I’ll close this thread for now, but feel free to continue the conversation in your original post.
Many thanks for your understanding.No, snapshots isn’t a separate feature and can’t be disabled because that’s a part of the Shield’s functionality.
When Shield is running, it creates 1 set of tables for the site, around 20 tables.
The more features, the more tables that are required; the less features, the less tables are needed. The number of entries in those tables will depend on your site’s activities. We run a very tight ship, however, and we designed these tables and how Shield queries the database with performance in-mind.
Regarding your related question about the wp_icwp_wpsf_crowdsec_signals table here, if it’s causing issues with overloading your database, you can disable Crowdsec feature from Security Zones main menu > Bots & IPs zone > Crowdsec IP Blocking.
Additionally, if your site is buys (active), perhaps you can also use the Log Retention option to automatically purge WordPress Activity and Request Logging (traffic) entries from the related tables – events older than the set period will be removed from the database automatically.
(If you’re using the free version of Shield, the max retention is 7 days. You can set it to 2 or 3 days if needed.)
Please also note that the Request Logging (traffic) expiry will depend on the WordPress Activity Log as the Activity Log relies on data from the traffic log too.Hope this helps.
Hi,
The “snapshots” in Shield captures various actions on your site, including security events and activities like managing posts. These records are stored in the DB, helping Shield monitor activities and protect your site effectively. Without these snapshots, Shield wouldn’t be able to function properly.
Could you check if you have a large number of posts or custom post types, please?
It might also be worth temporarily increasing the memory limit on your site, as this can often help with memory exhaustion issues. There are many guides available on WP.org to help you with this, such as:
https://developer.wordpress.org/advanced-administration/wordpress/wp-config/#increasing-memory-allocated-to-phpWe’ll also look at seeing if we can investigate and mitigate the problem with large numbers of posts in the future.
Thanks.
It’s been three days since your last message, so I’ll close this out for now. If you still have any questions about Shield, you can always reopen the conversation.
Thanks.
Hi Manish,
Thanks for your question.
Shield doesn’t have an option to disable right click because, while content theft is a concern, it’s not a security issue in the same sense.
In the context of security, the main focus is on securing your site from broader threats that can cause more harm to your site’s overall safety and functionality.Shield helps protect your site by monitoring visitor activity, preventing unauthorized access, and various type of attacks, and breaches, such as from hackers, malicious users, bot-driven attacks with its own silentCAPTCHA technology. By prioritizing security, it ensures your site stays safe and operational, which is more important but also helps protect your content scraping in the process.
Content theft, on the other hand (while important to address too), refers to unauthorized use or duplication of your content, which is more about protecting your intellectual property and online assets rather than security. While disabling right-click can deter basic copying, it doesn’t prevent other methods of accessing your content, such as viewing the page source or using the browser’s developer tools to access the HTML of the page, which includes all the text and image URLs.
While it’s impossible to completely prevent content theft, you can make copying more difficult and discourage casual copying. Some WordPress plugins, like WP Content Copy Protection & No Right Click, can block right-clicking, text selection, and image dragging. For images, adding watermarks ensures your branding stays visible even if they’re reused elsewhere.
You can also include a copyright notice at the bottom of your pages to remind visitors that your content is protected – add a polite but firm disclaimer, such as “All content on this site is protected under copyright. Unauthorized reproduction or distribution is strictly prohibited.”Hope this helps.
Jelena
Hi Raffaella,
If you’re able to delete some tables but not others, it’s likely due to permission or database-specific issues (restrictions) with those particular tables.
I suggest checking with your web host to see if this is the case, or asking them to remove the tables for you, including the autoload.Hi Raffaella,
It’s been over 2 days since we last heard from you, so I’ll go ahead and close this for now. But if you still need a hand, feel free to reopen the conversation.
Cheers!
Jelena