ShieldPRO 10.0 Upgrade Guide

ShieldPRO 10.0 for WordPress is a major release. We added a new feature, SureSend, a dedicated email delivery service from Shield Security. 

We've also taken steps to improve the Dashboard UI, making it much easier to secure your WordPress site by quickly identifying areas of improvement.

Of particular note is the IP Analysis tool which lets you see all information pertaining to an IP address in 1 place.

This guide outlines what have been added/removed, changed, or improved and what fixes we've made.

Firstly, we're going to explain what major changes are made and which options you'd need to review.

Change 1: Enhanced Security Dashboard Overview UI

The new Dashboard Overview provides a simplified display of all security items on your site.

You can quickly discover where your site is doing well, and what areas need immediate attention or improvements.

Hint: You can see a small demo of how this works in the release blog article here.

Responsive filters let you filter by individual Shield modules and the current status of each item.

These are the full list of the changes we made.

  • Overview section
    1. Current configuration summary is completely redesigned. This is now displayed in blocks and x2 filters are added
      1. by security status (Danger, Warning, Info, Good)
      2. by security area (modules)
    2. Updates And Changes tab added. You can use this to review the all plugin updates and changes.
    3. Info changelog (green icon)
    4. Summary stats section moved to Reports section.
    5. Recent Events Log moved to Debug section.
  • IP Lists section
    1. Section renamed into "IPs"
    2. IP Blacklist renamed into Manage Block List
    3. IP Whitelist renamed into Manage Bypass List
    4. IP Analysis tool added.
  • Audit Trail section
    1. Section renamed into "Logs"
    2. IP addresses in logs are now linked to the IP Analysis section
    3. UI changed (filtering)
  • Traffic section
    1. IP addresses are now linked to the IP Analysis section
    2. UI changed (filtering)
  • Notes section
    1. Section removed entirely. Admin notes is now available under the Debug section.
  • Import/Export section
    1. Section renamed into "Import"
    2. Import and export are now separated, under their own tabs
  • Reports section (new)
    1. This is a new section added.
    2. Summary stats is now under the Reports section instead of under the Overview section.
    3. Daily chart added
  • Debug section (new)
    This is the Shield's debug page. It contains the following
    1. Admin notes
    2. Recent events log
    3. Info debug page

Change 2: U2F two-factor authentication can now be standalone.

Due to the experimental nature of the U2F implementation, you needed at least one other 2FA factor active on your profile before you could enable U2F.

New added features

For 10.0 release we added 

  • [PRO feature] SureSend, a dedicated email delivery service from Shield Security. It ensures that you get 2FA email with a verification code so you can complete your login.

    This feature can be found under the Communications module:


  • IP Analysis tool
    You can use this tool to select IP address and analyse the all activities related to this IP. The information available are we follows:
  1. General info - IP status (number of offenses, if blocked or not, if whitelisted or not), identifying info, IP whois
  2. User session related to this IP
  3. Audit trail logs - activities related to this IP
  4. Recent traffic - visitor requests (time, response code, whether the request was offense or not, verb, path)

    This tool can be found under the IPs section of the Shield Security Dashboard:

  • Locale Override
    We added an option to force Shield UI/emails to always use a specific locale e.g. forcing Shield to always display and send emails in English.

    This option can be found under the General Settings module => General Options:

  • (v10.03) [PRO feature] Shield plugin badge URL may be replaced using White Label settings
    The URL used in the Shield plugin badge may be replaced using the Home URL provided in White Label settings.

  • Huawei (Petal) Bot Detection
    We added support for detection of Huawei search engine bot/spider.

  • New module added: Comms
    This is for communications options, such as SureSend email for sending 2FA login code.

Improvements 

We've made the following improvements: 

  • 10.0 release
    • PHP 7.0+ is required to run Shield v10
      This change in minimum requirements lets us optimise Shield code for PHP 7 and better prepare for PHP 8.
    • More reliable 2FA email codes
      2FA codes generated and sent by email are more reliable.
    • Much-improved database implementation making it easier to upgrade and adjust database tables between upgrades.
      Note: Whitelisted IP addresses may need to be re-added again after upgrade.
    • Upgrading the Bootstrap library that ships with Shield to latest (v4.5.3).

Fixes

We've made the following fixes

  • v10.0 release
    • Server Public IPv6 Detection
      Detection of your WordPress server's public IPv6 address has been fixed.
    • HTTP loopback tests would timeout
      HTTP loopback request now has a longer timeout to be more reliable for slow sites.
    • Link Cheese requests could be missed
      Detection of requests to link cheese is improved.
    • Potential PHP error
      A PHP error has been fixed which would occur in some cases.
  • v10.0.1 release
    • Database creation may delete existing tables
      In some cases during plugin upgrade, some table may get inadvertently deleted.
  • v10.0.2 release
    • Fatal error when IP address isn't detected
  • v10.0.3 release
    • Not correctly identifying GoogleBot.

For more information on Shield 10.0 release, read this blog article here.

Important: 9.0 was the final major Shield release to support PHP 5.x.

Starting from ShieldPRO 10.0, we no longer support PHP 5.x, and instead move to a minimum required version of PHP 7.0.

This is a massive step. It means we can bake-in much more reliable code, take advantage of modern coding practices and updated libraries, and also prepare Shield to support PHP 8, when it’s released in a few weeks.