• Sun. Oct 17th, 2021

Plugin Update – Shield WordPress Security 5.5.2

WordPress Security Shield plugin image

WordPress Simple Firewall Now Shield WordPress Security

Claiming itself to be the “Most Comprehensive and Highest-Rated Security System” Sheild WordPress Security plugin is often missed during  a search of  WordPress security plugins. This however does not mean that it isn’t a great plugin, just not as great at SEO. 🙂

It would truly be better for this plugin if it did actually come up during the first few pages of a plugin search for topics like firewall or security, but I don’t control that aspect of the site. With 40,000+ installations it definitely has some popularity and a loyal following.


But what if you have never heard of Shield WordPress Security?

Well, consider giving it a try. This one security plugin does offer a lot of features. By far as many if not more then more commonly used plugins such as WordFence or WP Better Security. So what does it have going for it? Well, here is a brief list of the more important features:

What makes the Shield different?

  • No “Pro” restrictions on security features – it’s ALL there for you.
  • Easy-To-Setup User Interface.
  • It won’t break your website – you’ll never get that horrible, pit-of-your stomach feeling you get with other security plugins when your website doesn’t load anymore.
  • Super Admin Security – the only WordPress Security Plugin that protects against tampering.
  • Exclusive membership to a private security group where you can learn more about WordPress security.

Awesome Features

  • Blocks malicious URLs and requests
  • Blocks ALL automated spambot comments.
  • Hide your WordPress Admin and Login page.
  • Prevents brute force attacks on your login and any attempted automatic bot logins.
  • Verify user identity with email-based Two-Factor Authentication
  • Monitor login activity and restrict username sharin, with User Sessions Management
  • Review admin activity with a detailed Audit Trail Log
  • Turn on and turn off WordPress Automatic Updates separately for plugins, themes and Core
  • Easy to use kill switch to temporarily turn off all Firewall Features without disabling the plugin or even logging into WordPress.


Several of these features would normally be taken up by other plugins, such as Akismet for spam control, WordFence for the firewall features or others. This plugin does add a few features that other plugins have yet to incorporate.

Several of the features Shield WordPress Security plugin uses could be considered to be “leading the pack”. These include the following:

  • Super Admin Security Protection – uses a special authentication key to protect admin access.
  • Audit Trail Activity Monitor – track user activity.
  • Two-Factor Authentication – One of the few plugins to offer cookie or IP address authentication.

While these features are now often available in other plugins, Shield WordPress Security was one of the first to offer these features. The author stays on top of support tickets as there are only a total of 12 tickets over the last few months as of this post.

This is one of those cases where your security options will be very close in comparison to the other plugins I have used and recommended.

One nice feature the plugin does do is to provide a shield image for your homepage. But this could be purely aesthetics.  While some customers may like to see a security image on your homepage, anyone can install an image without installing a plugin. So this feature alone should not make you trust a site.

A key component that I really do like is the ability to limit users based upon their activity log. One issue I do have with activity log trackers is that the db or files that are being used to track this information can grow exponentially in size very rapidly. Even on a single user blog I have seen these have thousands of records in just a few hours. It depends on how much you are doing and what level of recording the plugin is doing. the larger these logs grow the greater the potential for slowdowns while accessing them on your site.

This plugin does also offer the option to turn on automatic plugin updates. This is a feature I am not fond of. Even over the last few weeks I have written about two plugins that would have broken the site had I done automatic updates. Personally I prefer to know what updates I am implementing. This does mean I have to spend more time here to process the updates, but is it really that much extra work? Least if I update a plugin and the site dies I know immediately the root cause and can fix it.

In any case, consider giving Shield Security a try and compare it to your favorite WordPress security plugins.


Shield WordPress Security

Version: 5.5.2
Author: Paul G.
Last Updated: 5/6/2016
Requires: 3.5+ or higher
Compatible up to: 4.6.1
Average 5-Star Rating: 4.9

5.5.2 Latest Point Release

Released: 6th October, 2016

  • (v.2) ADDED: Filter to allow modification of the email footer
  • (v.2) ADDED: Block auto-updates on Shield itself if PHP < 5.3 and new version is v6.0+
  • (v.2) FIXED: Missing Link
  • (v.2) FIXED: Plugin Installation ID wasn’t always being set
  • (v.2) TRANSLATIONS: Dutch (56%)

5.5 Series

  • (v.2) ADDED: Filter to allow modification of the email footer
  • (v.2) ADDED: Block auto-updates on Shield itself if PHP < 5.3 and new version is v6.0+
  • (v.2) FIXED: Missing Link
  • (v.2) TRANSLATIONS: Dutch (56%)
  • (v.1) ADDED: Built-in forceful protection in the form of a wp_die() against the (currently) un-patched W3 Total Cache XSS vulnerability more info
  • (v.1) IMPROVED: Better XMLRPC Lockdown – prevents ANY XMLRPC command processing.
  • (v.1) IMPROVED: Make certain strings translatable
  • (v.1) IMPROVED: Wrap-up certain login form elements into spans/divs to allow styling etc.
  • (v.1) IMPROVED: PHP Version number cleaning during stats tracking.
  • (v.0) ADDED: Options and statistics tracking ability. Over time we are looking to share statistics and performance metrics of Shield.
  • (v.0) IMPROVED: Performance for options loading, especially for web hosts that don’t permit file writing
  • (v.0) CHANGED: Numerous fixes and code improvements.
  • (v.0) CHANGED: Removed query that deletes old GASP comment tokens on normal page loads.
  • (v.0) CHANGED: Google reCAPTCHA is now based on the locale of the website, not auto-detected.
  • (v.0) FIXED: Now URL encodes the username in the link for two-factor authentication by email.
  • (v.0) FIXED: If the xmlrpc.php has been deleted, this is now ignore by the file scanner
  • (v.0) TRANSLATIONS: Dutch (38%), Portuguese (32%)


Derek Wood

Derek is a Online Web Professional. He works with clients and customers in order to implement Web-Based solutions for businesses. These include websites, SEO, marketing, and company branding. His own company, Shadow Dragon Unlimited has been providing these services to local businesses in his Western Massachusetts area and online since 2003.