內容簡介
你一定會喜歡的功能
獨家AntiBot Detection Engine - 強大的替代 Google reCAPTCHA 和 CloudFlare Turnstile。
自動防止機器人和 IP - 基於評分的安全智能來封鎖惡意機器人。
與我們獨家的 CrowdSec 整合實現即時防止惡意機器人入侵
易於理解的儀表板,指引你找到快速勝利和快速提升的區域
封鎖重要表單上的機器人:
登錄表單
使用者註冊表單
遺失密碼重設表單
[ShieldPRO] WooCommerce 和 Easy Digital Downloads 安全
[ShieldPRO] Memberpress,LearnPress,BuddyPress,WP Members,ProfileBuilder 安全
暴力攻擊防護、限制登錄次數和登錄冷卻安全
強大的防火牆安全規則
限制安全管理員訪問
防止受損管理員進行未經授權的更改。
(MFA) 雙因素/多因素登錄安全認證:
電子郵件
Google Authenticator
Yubikey
[ShieldPRO] U2F 安全密鑰
[ShieldPRO] 備用登錄安全代碼
[ShieldPRO] 每位使用者多個 Yubikey
[ShieldPRO] 記住我 (減少使用者的雙重認證要求)
封鎖 XML-RPC (包括 Pingbacks 和 Trackbacks)
封鎖匿名 Rest API
封鎖、繞過和分析 IP 地址
使用基於分數的安全系統自動封鎖 IP 地址
封鎖或繞過個別 IP
封鎖或繞過 IP 子網
一個地方進行完整的 IP 安全分析,以檢視網站上的活動
針對侵入和駭客的全面 WordPress 檔案安全掃描器
檢測檔案變更 - 掃描和修復 WordPress 核心檔案
檢測未知/可疑的 PHP 檔案
檢測廢棄的外掛程式。
[ShieldPRO] 惡意軟體安全掃描器 - 偵測已知和未知的惡意軟體。
[ShieldPRO] 外掛和佈景主題安全掃描 - 辨識插件/佈景主題中的檔案更改。
[ShieldPRO] 檢測已知安全漏洞的插件/佈景主題。
通過隱藏 wp-login.php 創建私人安全登錄 URL
檢測(並封鎖)來自機器人和人類的評論垃圾郵件。
支援 reCAPTCHA 和hCAPTCHA
永遠不會封鎖 Google:自動偵測並繞過 GoogleBot、Bing 及其他官方搜索引擎,包括:
Google
Bing,
DuckDuckGo
Yahoo!
Baidu
Apple
Yandex
自動檢測第三方服務並防止封鎖:
ManageWP/iControlWP/MainWP
Pingdom、NodePing、Statuscake、UptimeRobot、GTMetrix
Stripe、PayPal IPN
外掛標籤
開發者團隊
② 後台搜尋「Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning」→ 直接安裝(推薦)
📦 歷史版本下載
原文外掛簡介
Most security plugins hand you a dashboard full of alerts and expect you to know what to do next. Shield works differently.
It blocks threats automatically, repairs what it can on its own, and then shows you exactly what still needs your attention — ranked by impact, not volume. Less noise. More action.
🤖 Security That Runs Itself
The most powerful thing Shield does is what it handles without you:
Automatic IP Blocking — every visitor is quietly scored as they interact with your site. Failed logins, firewall blocks, silentCAPTCHA failures, and other signals accumulate into a reputation score. When a visitor’s score crosses the threshold, Shield blocks them — automatically, without you lifting a finger
Automatic File Repair — when a file integrity scan finds a changed WordPress core file, Shield pulls the original from WordPress.org and restores it. Detected and fixed, without waiting for you to act
Automatic Bot Recognition — Shield identifies legitimate crawlers (Google, Bing, DuckDuckGo, Yandex, Apple) and known services (ManageWP, Pingdom, Stripe, CloudFlare) and never blocks them. Your SEO and monitoring tools keep working
🧭 Guided Security, Not Just a Dashboard
Shield organises your security into four focused areas so you always know where to look:
Queue — things that need your attention, ranked by priority. Not everything at once — just what matters right now
Investigate — dig into blocked IPs, security events, and the specific signals that triggered each one
Configure — guided setup for each protection area, with clear recommendations matched to your site
Reports — a clear view of what Shield has blocked, detected, and repaired over time
The goal: guide you quickly towards action, not bury you in data.
🛡️ Free Protection
Bot Blocking & Firewall
silentCAPTCHA — blocks bad bots on login, registration, lost password, and comment forms using passive signals invisible to real visitors. No CAPTCHA keys. No external requests. No JavaScript that breaks your forms. Everything runs on your server (GDPR friendly).
Firewall rules blocking common WordPress attack patterns — SQL injection probes, known exploit signatures, suspicious request parameters
XML-RPC protection — disable or restrict entirely, including pingbacks and trackbacks
REST API firewall — block unauthenticated requests
Fake crawler detection — identifies bots spoofing legitimate search engines
Login & Account Security
Two-factor authentication (2FA) — email codes, Google Authenticator, or YubiKey OTP for all users
Brute force protection with configurable login attempt limits and cooldown
Session locking — tie sessions to a browser or IP to stop account theft after a successful login
User enumeration blocking — closes off ?author= probes used to harvest usernames before an attack
Scanning & Integrity
Core file scanning — compares WordPress core against official checksums and repairs changed files automatically
Suspicious PHP detection — flags PHP files in locations where they have no business being
Abandoned plugin detection — identifies unmaintained plugins most likely to carry unpatched vulnerabilities
Visibility & Control
Security Admin PIN — lock Shield’s own settings so other administrators cannot quietly weaken your configuration
Security activity log — logins, user changes, plugin and theme events, post edits, and suspicious requests: Everything in one clear view
IP Rules — automatic & manual block and bypass rules, CIDR range support, full per-IP request history
🤝 CrowdSec Integration
Shield is the only WordPress security plugin with a native CrowdSec integration. CrowdSec aggregates threat signals from millions of sites into a shared IP reputation network — your site blocks known attackers before they ever probe you, using intelligence far beyond your own traffic history.
✨ ShieldPRO
Passkeys — phishing-resistant, passwordless login for users
Backup login codes — emergency 2FA access when a device is lost
AI-based malware scanner — detects known and unknown PHP malware
Plugin & theme file scanning — compares installed files against WordPress.org originals, flagging unauthorised changes
Vulnerability scanning — active checks across all installed plugins and themes
Broader spam protection — WooCommerce, EDD, Contact Form 7, Ninja Forms, Elementor, and more
Traffic rate limiting — cap request rates per IP to absorb high-volume bot floods
User suspension — manual or automatic suspension of idle accounts
MainWP integration
White Label — rename and rebrand Shield for client sites
Who It’s For
Shield suits site owners, agencies, and MSPs who want protection that runs itself — not a plugin that demands constant attention to be useful.
If you have been burned by security plugins that generate more noise than protection, or dashboards that tell you everything is wrong without telling you what to fix, Shield was built to be the alternative.
