ShieldPRO 14.0 Upgrade Guide

ShieldPRO 14.0 release brings several much-requested features and enhancements to the WordPress Two-Factor Authentication system.

This guide outlines what have been added/removed, changed, or improved and what fixes we've made.

Firstly, we're going to explain what major changes are made and which options you'd need to review.

Change 1: 2FA/MFA Changes & Improvements

All-New Two-Factor Authentication Login Screen

We built our 2FA page on top of the presentation style of WordPress’ own login screen. This is crucial for the user experience as they’ll get the same look-and-feel on the 2FA page as the login page.
We tried to reproduce the WordPress login page and it does mostly cover the same styles and layout. If you use custom logos on the login page, or custom styles are enqueued, Shield will honour those, too.
Shield’s custom 2FA login screen is still available too – and it’s the default option for all new installations – but you’re free to switch the option any time you want to try it out.
These options can be found under the Login Guard module > Multi-Factor Authentication:

Example, type of the Custom Shield MFA Page

Example, type of the WP Login Page

Improved Two-Factor Authentication User Experience

Emails with 2FA One-Time Passwords (OTP) are only sent automatically if Email is your only 2FA provider. 

If you have others, such as Google Authenticator, then you will need to request an email to be sent. 

When you use U2F Authentication, the 2FA form is automatically submitted for you, reducing unnecessary clicks.

Easier Access To Two-Factor Settings For Users

The standard place to manage your 2FA settings is within your WordPress User Profile page. 

Now you have x2 options available
  1. 2FA settings embedded on the user profile page; and/or 
  2. a dedicated WP admin page.
This setting can be found under the Login Guard module > Multi-Factor Authentication:

Example, 2FA settings on the user profile page

Example, 2FA settings on a dedicated WP admin page

Note: You can always use the shortcode (SHIELD_USER_PROFILE_MFA) to embed the 2FA settings within any page on your site to provide the most flexible screens for your users.

Change 2: Multi-Factor Authentication option removed

Multi-Factor Authentication means that you’ve configured multiple 2FA providers (such as Email, Google Authenticator, Yubikey) and that you must supply all factors when verifying your login.
The option to turn this feature on is now removed from the plugin.

All 2FA verifications will require only 1 factor, regardless of how many providers the user has activated.

New added feature

For 14.0 release we added 

Until now there has only been 1 response by Shield when a visitor attempts to access the original WordPress login page – a “404 Not Found” error page. 
We now offer the option to redirect the visitor to a URL of your choosing:

Improvements

For 14.0 release we've made the following improvements

  • 14.0 release
    • Smoother, faster, more reliable and more secure 2FA experience.
    • Dedicated table for User meta information
      This allows for new filters and better user status on the WP Admin User page.
    • Updated Translations - Dutch (thanks J.P.!)
    • Further page caching mitigation for NotBot
    • Updated Bootstrap Libraries
  • 14.0.2 release
    • Integration with some 3rd party membership plugins + 2FA

Fixes

  • 14.0.2 release
    • Alert displayed that U2F isn't support when U2F isn't in-use.
    • A rare issue which Custom MFA login triggering an HTTP 402 error
    • Options Search dialog failed to open (can't find-as-you-type yet)
  • 14.0.3 release
    • Work around WP Engine login mechanism blocking 2FA verification.

For more information on Shield 14.0 release, read this blog article here.