ShieldPRO 11.5 Upgrade Guide

ShieldPRO 11.5 for WordPress sees a new, updated User Interface for scan results making it much, much easier to see what’s happening and take any corrective actions.

While there are other improvements in this release, we focus mainly on the changes to scan results.

This guide outlines what have been added/removed, changed, or improved and what fixes we've made.

Firstly, we're going to explain what major changes are made and which options you'd need to review.

Change 1: Scan Results: Component-based results display

To-date we’ve opted to display the results of each individual sub-scanner separately. So you’d have a results page for plugin files, a separate one for WordPress files, a separate one for vulnerabilities and so on. 
Example (old scan results UI)

We took a fresh approach and opted to instead combine the separate results together, where possible, and group them by components:
WordPress Core
  • Modified/Unrecognised/Missing Files
  • Unrecognised Files

Plugins

  • Modified/Unrecognised Files
  • Abandoned Status
  • Vulnerabilities Status

Themes

  • Modified/Unrecognised Files
  • Abandoned Status
  • Vulnerabilities Status

Malware

FileLocker

Change 2: Scan Results: View file contents in browser

Until now you’ve been able to quickly download a file to your computer using links built into Shield’s results tables.
Ideally, if possible, we display the contents quickly to the admin within the browser itself. We’ve even added syntax highlighting with line numbers to make it that bit easier to read.

Example: Modified theme index.php file

Simply click on the file link within the results table to view file content:

And the file will be opened within the browser with syntax highlighting:

New added features

For 11.5 release we added

You can use it to automatically remove items from scan results that are irrelevant. 

This option can be found under the Hack Guard module:

An example of this is filtering out results when

  • the PHP file is completely empty
  • the PHP file isn’t completely empty but has only whitespace and comments (i.e. no executable code).
  • [PRO feature]  Scan File and Folder Exclusions

You can specify files and folder which will be excluded from all file scans

Files can be excluded in bulk using the asterisk (*) wildcard. This option is designed to completely replace the exclusions option under the Unrecognised Files Scanner. 

  • New Audit Trail entries
    Audit Trail entries for IP addresses are added automatically and manually:

We also added Audit Trail WordPress filter to allow customisation of event logging.

Improvements

We've made the following improvements: 

  • 11.5 release
    • Much improved file results tables
      Until now we’ve been making use of WordPress’ own tables UI. You can see examples of this common UI in the WordPress Users listing page, the plugins page and the comments page, in the WP admin area.

      Now we use the datatables.js framework to build all our new tables within the Shield Security plugin. It makes the tables for presenting the data fast and very neat, with the option to reload the table contents quickly and dynamically as required.
    • Switch to Crowd-Sourced Hashes for Plugins and Themes scanning
      In our previous release we discussed the beginning of our ShieldNET release.
      In particular one of the features was the building of plugin and theme file hashes by participating WordPress sites. In this way we could build a library of file hashes that would allow us to scan for file changes in all WordPress assets, including premium plugins and themes.
      This is a massive step forward for our WordPress security and isn’t available anywhere else. We’re ready to start using these crowd-sourced hashes in our file scanning.
      We’re still being cautious however, and so Shield will always be able to fallback seamlessly to its original method of file scanning at any time, and without any interruption.
    • Using Crowd-Sourced Hashes for Malware scanning
      Shield already automatically removes false positives from malware scan results to a large extent, but now we can use the database of crowd-sourced hashes to eliminate even more false positive results
    • Reporting alert email now lists some repaired/deleted files.
    • WP Admin warning when 2FA by email verification isn't complete.
    • Improved support and fixes for PHP 8 and WordPress 5.8.
  • 11.5.1 release
    • Prevent overloading ShieldNET API in some cases.
  • 11.5.2 release
    • Add some limited details into the Audit Trail entries for scan results.
  • 11.5.4 release
    • Scan results were being reported, but not displayed in results tables in some cases.

Fixes

We've made the following fixes

  • 11.5 release
    • Sidebar navigation bugs.
  • 11.5.3 release
    • Plugin/Theme scanning could result in large quantities of unrecognised files. 

For more information on Shield 11.5 release, read the blog article here.