When I started using WordPress, a certain security plugin was very popular, and pretty much the only free choice. I would install and configure it, and nothing to worry. And then, the inevitable happened. I watched in horror as a site was attacked and infected while this supposedly awesome firewall did nothing. To be fair, no WordPress firewall can do anything when overwhelmed with a brute force attack. They can handle some requests, but they are limited, by server resources among other things. This is one of the reasons I recommend integrating Cloudflare. However,that wasn’t the end of woes with this awesome plugin. This plugin delayed updating firewall rules by 30 days for the free version. Which means, if a vulnerability is discovered now, the site would be left vulnerable for the next 30 days. And then, on multiple sites, scans would just not work. While I was trying to find a good replacement, I discovered Shield Security. And now it is my recommended security plugin. It is free, but there is also a premium $29/year pro option for more security. So here are the five reasons why I like and recommend this plugin:
5 Reasons why you should use Shield Security plugin
1. It just works
The plugin I referred to above, had this serious issue. On multiple sites hosted on different hosts, and using different themes and plugins, the scans would simply fail to start. After spending several days to try and find the cause, I had to give up. Shield on the other hand, emphasizes WordPress and hosting compatibility, and it simply works. That’s a relief!
2.Firewall rules are not delayed
While Shield Security does have a pro version, it does not hold back firewall rules unlike some other security plugins. If the pro user receives an update, it will be available in the free version too. The free version does not have the feature to scan or clean malware. That’s where my other recommendation for Best Malware Cleanup plugin comes in. Shield, combined with Cloudflare and malware firewall results in a robust security system.
3. Combats bot activity like Login and comment spam
Shield uses the Growmap Anti-Spam Protection Plugin (GASP) to prevent bot activity like brute force login and comment spam. In addition to GASP, shield also implements a comments token system. Comment tokens are unique keys generated for every visit, based on the user’s IP, the page they are viewing, and a randomly generated number. All this combined, constitutes a robust bot filtering system.While a security plugin is bound to affect the performance of the site,I had trouble with other plugins, because they would add a lot to the TTFB, and slow down the site. When I switched to shield, the total page load times immediately decreased by about 1.5s. This is awesome considering all the features that it provides.
4. Does not affect performance too much
5. The Shield Mission
Shield Security is a plugin based on certain principles. The team behind this plugin has a stated goal of simplifying security, and saving 62.5 million hours per year by the year 2022. With clear goals in mind, this has resulted in key tenets like utilizing in-built WordPress features to the maximum, not relying on disk-writing, and not rewriting .htaccess file. The development team has written a series of blog posts detailing why they built Shield, and what are the issues they intend to tackle. The 4-part series is a worthy read and can be found hereAll in all, Shield has been a great plugin that I recommend to everyone who asks me. However, especially on the free version, it is very important to integrate Cloudflare and use the Gotmls malware scanner alongside Shield. Combined, this troika will protect your site against most threats.