Title: Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning
Author: Paul
Published: 2013 年 7 月 9 日
Last modified: 2026 年 6 月 9 日
---
搜索插件
# Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning
作者:[Paul](https://profiles.wordpress.org/paultgoodchild/)
[下载](https://downloads.wordpress.org/plugin/wp-simple-firewall.22.1.3.zip)
* [详情](https://cn.wordpress.org/plugins/wp-simple-firewall/#description)
* [评价](https://cn.wordpress.org/plugins/wp-simple-firewall/#reviews)
* [安装](https://cn.wordpress.org/plugins/wp-simple-firewall/#installation)
* [开发进展](https://cn.wordpress.org/plugins/wp-simple-firewall/#developers)
[支持](https://wordpress.org/support/plugin/wp-simple-firewall/)
## 描述
Most security plugins hand you a dashboard full of alerts and expect you to know
what to do next. Shield works differently.
It blocks threats automatically, repairs what it can on its own, and then **shows
you exactly what still needs your attention** — ranked by impact, not volume. Less
noise. More action.
#### 🤖 Security That Runs Itself
The most powerful thing Shield does is what it handles without you:
* **Automatic IP Blocking** — every visitor is quietly scored as they interact
with your site. Failed logins, firewall blocks, silentCAPTCHA failures, and other
signals accumulate into a reputation score. When a visitor’s score crosses the
threshold, Shield blocks them — automatically, without you lifting a finger
* **Automatic File Repair** — when a file integrity scan finds a changed WordPress
core file, Shield pulls the original from WordPress.org and restores it. Detected
and fixed, without waiting for you to act
* **Automatic Bot Recognition** — Shield identifies legitimate crawlers (Google,
Bing, DuckDuckGo, Yandex, Apple) and known services (ManageWP, Pingdom, Stripe,
CloudFlare) and never blocks them. Your SEO and monitoring tools keep working
#### 🧭 Guided Security, Not Just a Dashboard
Shield organises your security into four focused areas so you always know where
to look:
* **Queue** — things that need your attention, ranked by priority. Not everything
at once — just what matters right now
* **Investigate** — dig into blocked IPs, security events, and the specific signals
that triggered each one
* **Configure** — guided setup for each protection area, with clear recommendations
matched to your site
* **Reports** — a clear view of what Shield has blocked, detected, and repaired
over time
The goal: guide you quickly towards action, not bury you in data.
#### 🛡️ Free Protection
**Bot Blocking & Firewall**
* **`silentCAPTCHA`** — blocks bad bots on login, registration, lost password,
and comment forms using passive signals invisible to real visitors. No CAPTCHA
keys. No external requests. No JavaScript that breaks your forms. Everything
runs on your server (GDPR friendly).
* Firewall rules blocking common WordPress attack patterns — SQL injection probes,
known exploit signatures, suspicious request parameters
* XML-RPC protection — disable or restrict entirely, including pingbacks and trackbacks
* REST API firewall — block unauthenticated requests
* Fake crawler detection — identifies bots spoofing legitimate search engines
**Login & Account Security**
* **Two-factor authentication (2FA)** — email codes, Google Authenticator, or YubiKey
OTP for all users
* Brute force protection with configurable login attempt limits and cooldown
* Session locking — tie sessions to a browser or IP to stop account theft after
a successful login
* User enumeration blocking — closes off `?author=` probes used to harvest usernames
before an attack
**Scanning & Integrity**
* **Core file scanning** — compares WordPress core against official checksums and
repairs changed files automatically
* Suspicious PHP detection — flags PHP files in locations where they have no business
being
* Abandoned plugin detection — identifies unmaintained plugins most likely to carry
unpatched vulnerabilities
**Visibility & Control**
* **Security Admin PIN** — lock Shield’s own settings so other administrators cannot
quietly weaken your configuration
* Security activity log — logins, user changes, plugin and theme events, post edits,
and suspicious requests: Everything in one clear view
* IP Rules — automatic & manual block and bypass rules, CIDR range support, full
per-IP request history
#### 🤝 CrowdSec Integration
Shield is the only WordPress security plugin with a native CrowdSec integration.
CrowdSec aggregates threat signals from millions of sites into a shared IP reputation
network — your site blocks known attackers before they ever probe you, using intelligence
far beyond your own traffic history.
#### ✨ ShieldPRO
* **Passkeys** — phishing-resistant, passwordless login for users
* **Backup login codes** — emergency 2FA access when a device is lost
* **AI-based malware scanner** — detects known and unknown PHP malware
* **Plugin & theme file scanning** — compares installed files against WordPress.
org originals, flagging unauthorised changes
* **Vulnerability scanning** — active checks across all installed plugins and themes
* **Broader spam protection** — WooCommerce, EDD, Contact Form 7, Ninja Forms,
Elementor, and more
* **Traffic rate limiting** — cap request rates per IP to absorb high-volume bot
floods
* **User suspension** — manual or automatic suspension of idle accounts
* **MainWP integration**
* **White Label** — rename and rebrand Shield for client sites
#### Who It’s For
Shield suits site owners, agencies, and MSPs who want protection that runs itself—
not a plugin that demands constant attention to be useful.
If you have been burned by security plugins that generate more noise than protection,
or dashboards that tell you everything is wrong without telling you what to fix,
Shield was built to be the alternative.
## 屏幕截图
[⌊Security overview with current site status, important recommendations, and recent
security events.⌉⌊Security overview with current site status, important recommendations,
and recent security events.⌉[
Security overview with current site status, important recommendations, and recent
security events.
## 安装
1. Browse to Plugins -> Add New in your WordPress admin area.
2. Search for `Shield Security`.
3. Click Install Now, then Activate.
4. Open `Shield` from the admin menu and follow the guided setup.
## 常见问题
Please see the dedicated security [help centre](https://clk.shldscrty.com/firewallhelp)
for details on features and some FAQs.
### How does automatic IP blocking work?
Shield assigns offense points to visitors who trigger security rules — failed logins,
firewall blocks, silentCAPTCHA failures, and other signals. When a visitor’s points
reach the configured threshold, they are blocked automatically. You can review blocked
IPs, adjust thresholds, or add manual rules from the IP Rules section.
### How does silentCAPTCHA detect bots without interrupting real visitors?
It analyses passive signals — timing, form interaction behaviour, and request characteristics—
to distinguish automated requests from genuine visitors. There is no challenge to
complete, no external site keys to set up, and no JavaScript that can break your
forms. Everything stays on your server.
### My server already has a firewall. Why do I need Shield too?
Your host or network firewall protects the server perimeter. Shield works inside
WordPress, where it understands login attempts, user changes, plugin activity, file
integrity, and attack patterns specific to WordPress. The two layers solve different
problems and complement each other.
### Can Shield block comment SPAM?
Yes. `silentCAPTCHA` protects the WordPress comment form in the free plugin. ShieldPRO
extends coverage to Contact Form 7, Ninja Forms, WooCommerce, and a range of other
integrations.
### Can I use Shield alongside another security plugin?
Generally, no. Running two plugins that control the same login or request flows
leads to duplicate blocking, noisier logs, and harder troubleshooting. If you keep
another plugin active, disable the areas where they overlap.
### I’ve locked myself out of my site. What do I do?
This usually happens after adding your own IP to the block list, or enabling 2FA
when your site cannot deliver email codes.
1. Open an FTP or file manager connection to `/wp-content/plugins/
wp-simple-firewall/`.
2. Create a file in that folder called `forceoff`.
3. Load any page on your site — Shield will switch off.
Delete `forceoff` from the server once you are back in.
### I’m not receiving my 2FA email code.
Email delivery depends on your site’s mail configuration, not Shield. If it is unreliable,
set up a dedicated transactional email service or switch users to an authenticator
app instead.
### Does the IP bypass list support ranges, and does it take precedence over block rules?
Yes to both. Shield supports CIDR notation for IP ranges, and bypass entries always
take precedence over block rules.
### Is White Label available?
Yes. ShieldPRO includes White Label controls to rename and rebrand Shield for client
sites.
## 评价
### [Excellent support (and very useful plugin!)](https://wordpress.org/support/topic/excellent-support-and-very-useful-plugin-2/)
[belleisle](https://profiles.wordpress.org/belleisle/) 2026 年 6 月 18 日
When I reached out to the team for support, they were very reactive and forthcoming.
I very much appreciate their plugin and have now switched all of my Wordpress installs
to this all-in-one solution.
### [I USE PRO: It’s packed with features.](https://wordpress.org/support/topic/i-use-pro-its-packed-with-features/)
[coughlin](https://profiles.wordpress.org/coughlin/) 2026 年 6 月 18 日
I have used several other security and firewall plugins on our sites, and some of
them are very frustrating to use and cost just about as much. I like Shield Security
becuase: The interface is much more intuitive for me to navigate than some of the
others It has the features I need, and they actually work as expected The inline
help text and explainer videos really help when configuring tools The reports are
helpful, not just data Paul has been very responsive to questions and super helpful
While there may be less expensive plugins for WP security, this one packs a lot
into the price and makes it worth the investment for my sites.
### [Excellent software and superb tech support](https://wordpress.org/support/topic/excellent-software-and-superb-tech-support/)
[masorey](https://profiles.wordpress.org/masorey/) 2026 年 6 月 9 日
I’ve been using this software since day one, and it has always been good and reliable.
Best of all, whenever I’ve had any trouble, the support team has been incredibly
helpful and lightning fast.
### [The Free Version is Useless.](https://wordpress.org/support/topic/the-free-version-is-useless-15/)
[peachpit](https://profiles.wordpress.org/peachpit/) 2026 年 5 月 27 日 2 回复
My client picked this plugin, not me. And I just spent 2 days recovering and repairing
their website. It was so bad, and that’s why I had to leave a review. We all know
that premium versions of security plugins offer more security, in general. I manage
around 50 websites currently; all of them are on Free Wordfence security, except
this one. None of them have been hacked. Do with that what you will. Take some time
to understand what is being restricted and what protection & control you actually
have when using this particular plugin’s free version. Nothing is perfect, but this
free version was really unnecessarily bad. I couldn’t even run a follow up scan-
even THAT is restricted? Yeah, no.
### [I hate this expensive, complex plugin](https://wordpress.org/support/topic/i-hate-this-expensive-complex-plugin/)
[sondrasneed](https://profiles.wordpress.org/sondrasneed/) 2026 年 3 月 11 日 3
回复
I’m so tired of visitors being locked out of client sites, clients being locked
out. I have no idea how to get real support. It’s sold as a simple, robust security
plugin, but it’s by no means simple; unless you’re a security expert. I want a refund
but have no idea how to reach someone to get it. So unhappy.
### [Causes critical error](https://wordpress.org/support/topic/causes-critical-error-5/)
[exoduss](https://profiles.wordpress.org/exoduss/) 2025 年 9 月 16 日
Installed it two times, and each time it completely blocked access to the Wordpress
dashboard. Had to use FTP to delete this plugin.
[ 阅读所有1,036条评价 ](https://wordpress.org/support/plugin/wp-simple-firewall/reviews/)
## 贡献者及开发者
「Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning」
是开源软件。 以下人员对此插件做出了贡献。
贡献者
* [ Paul ](https://profiles.wordpress.org/paultgoodchild/)
* [ Shield Security ](https://profiles.wordpress.org/getshieldsecurity/)
「Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning」
插件已被翻译至 8 种本地化语言。 感谢[所有译者](https://translate.wordpress.org/projects/wp-plugins/wp-simple-firewall/contributors)
为本插件所做的贡献。
[帮助将「Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/wp-simple-firewall)
### 对开发感兴趣吗?
您可以[浏览代码](https://plugins.trac.wordpress.org/browser/wp-simple-firewall/),
查看[SVN仓库](https://plugins.svn.wordpress.org/wp-simple-firewall/),或通过[RSS](https://plugins.trac.wordpress.org/log/wp-simple-firewall/?limit=100&mode=stop_on_copy&format=rss)
订阅[开发日志](https://plugins.trac.wordpress.org/log/wp-simple-firewall/)。
## 更新日志
#### [View Shield Security Changelog](https://clk.shldscrty.com/shieldwporgfullchangelog)
## 额外信息
* 版本 **22.1.3**
* 最后更新:**1 周前**
* 活跃安装数量 **40,000+**
* WordPress 版本 ** 5.7 或更高版本 **
* 已测试的最高版本为 **7.0**
* PHP 版本 ** 7.4 或更高版本 **
* 语言
* [Dutch](https://nl.wordpress.org/plugins/wp-simple-firewall/) 、 [English (Canada)](https://en-ca.wordpress.org/plugins/wp-simple-firewall/)、
[English (UK)](https://en-gb.wordpress.org/plugins/wp-simple-firewall/) 、 [English (US)](https://wordpress.org/plugins/wp-simple-firewall/)、
[German](https://de.wordpress.org/plugins/wp-simple-firewall/) 、 [Italian](https://it.wordpress.org/plugins/wp-simple-firewall/)、
[Japanese](https://ja.wordpress.org/plugins/wp-simple-firewall/) 、 [Romanian](https://ro.wordpress.org/plugins/wp-simple-firewall/)
和 [Turkish](https://tr.wordpress.org/plugins/wp-simple-firewall/).
* [翻译成简体中文](https://translate.wordpress.org/projects/wp-plugins/wp-simple-firewall)
* 标签
* [2FA](https://cn.wordpress.org/plugins/tags/2fa/)[Activity Log](https://cn.wordpress.org/plugins/tags/activity-log/)
[bots](https://cn.wordpress.org/plugins/tags/bots/)[firewall](https://cn.wordpress.org/plugins/tags/firewall/)
[security](https://cn.wordpress.org/plugins/tags/security/)
* [高级视图](https://cn.wordpress.org/plugins/wp-simple-firewall/advanced/)
## 评级
4.8 星(最高 5 星)。
* [ 968 条 5 星评价 ](https://wordpress.org/support/plugin/wp-simple-firewall/reviews/?filter=5)
* [ 26 条 4 星评价 ](https://wordpress.org/support/plugin/wp-simple-firewall/reviews/?filter=4)
* [ 11 条 3 星评价 ](https://wordpress.org/support/plugin/wp-simple-firewall/reviews/?filter=3)
* [ 9 条 2 星评价 ](https://wordpress.org/support/plugin/wp-simple-firewall/reviews/?filter=2)
* [ 22 条 1 星评价 ](https://wordpress.org/support/plugin/wp-simple-firewall/reviews/?filter=1)
[Your review](https://wordpress.org/support/plugin/wp-simple-firewall/reviews/#new-post)
[查看全部评论](https://wordpress.org/support/plugin/wp-simple-firewall/reviews/)
## 贡献者
* [ Paul ](https://profiles.wordpress.org/paultgoodchild/)
* [ Shield Security ](https://profiles.wordpress.org/getshieldsecurity/)
## 支持
最近两个月解决的问题:
总计 2,已解决 2
[查看支持论坛](https://wordpress.org/support/plugin/wp-simple-firewall/)
## 捐助
您愿意支持这个插件的发展吗?
[ 捐助此插件 ](https://clk.shldscrty.com/bw)