Wibble’s approach to WordPress security

We take website security exceptionally seriously – all sites that we design and build are placed under the Wibble Support Package and a major part of this web design and development process is the application of a security policy. Shield security plays an integral part in ensuring that all our sites are secure and online. We have been using Shield Security to manage the 1000s of WordPress sites under our control and we see it as the go-to WordPress security offering. Please note, this is not a paid endorsement or an advert, this is truly based on Wibble’s experience using this plugin.

What does security mean to you?

You see security in many areas of life, from every risk assessment you make every day of your life, to the guy in a shop making sure loss is minimal. A security guard is probably the best metaphor for how we keep your site secure, loss to a minimum and keep the wrong people out.

Shield Security is our own personal security guard, working discreetly in the background to make sure your site and all its contents are safe. The plugin is easy to use and, as a great feature, Shield Security comes with FREE and PRO versions.

Shield Security FREE features are:

  • Identify bad bots vs all your other “good” traffic (humans + good bots) without using those annoying CAPTCHAs or “I’m a human” checkboxes.
  • Lock down your WordPress security with another, WordPress-independent, authentication layer.
  • Smarter, automatic IP blocking technology to stop malicious visitors once for good.
  • Identifies malicious bots designed to target your WordPress login, either with legitimate usernames or fake or an empty usernames.

Some key ShieldSecurity PRO features are:

  • Limit the requests allowed from any single visitor and block abusive bots and hosts.
  • Restricted Security Admin Access.
  • Tamper Protection for critical files
  • Vulnerability scanner
  • Hidden ‘wp-login.php’ page from brute force attacks and hacking attempts.

One feature that brings ShieldPRO to the forefront of site security is the ability to create and manage profiles based on the needs of your site. In most cases, you can create one Master Profile that will take care of any site in your portfolio, but on occasion, you may need to disable a specific feature that a client won’t need or a plugin may need to make the use of the standard wp-admin.php and this is where you can design a profile for this specific instance.

In Wibble, as part of the managed WordPress Wibble Support Package, we have created and maintain our own Master security profile that gets applied to all WordPress sites that we look after. The Wibble Support Package is a major part of our overall web design offering and one that we spend countless hours perfecting. With the master profile in place, we can push out a security upgrade to all of our sites in a few seconds. This is key in staying ahead of vulnerabilities and avoiding security issues.

How do we do this?

There are two ways to manage your profiles. You can manage this centrally through iControlWP, this allows you better control over multiple sites at once, or you can manage it within the site’s admin panel.

When you have signed up and created your account, you will be able to log in via https://app.icontrolwp.com/. Once in, you navigate to “Shield central > Manage Profiles > Create From Scratch”. This allows you to create an overall profile that you can manage in one place and push changes out to multiple sites.

Shield your site from catastrophe with Shield Security for WordPress by Wibble Web Design and Development

How you build your profile from here will be based on your site needs. Some of the key areas of interest will be:

  1. Hack Guard
    • File Guard
    • Vulnerability Scanner
    • Realtime Change Detection
    • Scan Options
  2. Security Admin > Security Admin Restriction Zones
    • Restrict Access To Key WordPress Posts And Pages Actions
    • Restrict Access To Create/Delete/Modify Other Admin Users
    • Restrict Access To Key WordPress Plugin Actions (Select all)
    • Restrict Access To WordPress Theme Actions Select activate only)
  3. Login Guard > Brute Force Login Guard
    • AntiBot
    • Protection Locations (select all)
    • Login Cooldown Interval (We use 6 attempts but this can be less if you prefer)
    • AntiBot Forms (Enter The IDs Of The 3rd Party Login Forms For Use With AntiBot JS)
  4. Login Guard > Hide WP Login Page
    • Rename The WordPress Login Page (This will hide the wp-admin.php and replace it with a term of your choice ie: openseseme)
  5. Block Bad IPs/Visitors > Automatic IP Black List
    • Offense Limit (This would be a more generous limit than Login Cooldown as this will result in an IP ban)
    • Auto Block Expiration (This sets an expiration for the auto block that can be set to minute, hour, day, week, or month)
    • User Auto Unblock (Select both here as this means that a real person can unblock their IP)

There are a large number of other notable features and they are explained at each selection point to let you make an informed decision on the necessity of a feature. Only have one site so far? Don’t worry, this could be your basis for any future sites you may acquire or you can head on over to…

Your Site Admin Panel

This is option 2 of your profile management. Once your plugin is installed, you can select Shield Security on the left and you will be greeted with the dashboard. This will be your overview of features and recommendations:

Your Shield Security Pro admin panel and security overview - Shield your site from catastrophe with Shield Security for WordPress by Wibble Web Design and Development
Dashboard

On the left side, you will see your “Config” and here you can manage this sites profile in the same way you can in the iControl site. One positive of managing this here is, the information available for each profile feature. There are two available links and these are a link to their blog and an info link that opens an info box within the site with all the information you need about that specific area:

Your Shield Security Pro admin panel - Shield your site from catastrophe with Shield Security for WordPress by Wibble Web Design and Development
All the info you need

What’s the cost?

At the time of writing, the costs were broken down to below.

ShieldPRO has Monthly price breaks:

  • $10 (£7.41) per year for a single site
  • $12.50 (£9.26) per year for up to 3 sites
  • $16 (£11.86) per year for up to 5 sites
  • $25 (£18.53) per year for up to 10 sites

ShieldPRO Agency has three price breaks:

  • $50 (£37.06) per year for up to 25 sites
  • $65 (£48.17) per year for up to 50 sites

ShieldPRO has Yearly price breaks:

  • $79 (£58.72) per year for a single site
  • $99 (£73.63) per year for up to 3 sites
  • $129 (£95.94) per year for up to 5 sites
  • $199 (£148) per year for up to 10 sites

ShieldPRO Agency has three price breaks:

  • $299 (£222.37) per year for up to 25 sites
  • $399 (£296.74) per year for up to 50 sites
  • $499 (£371.11) per year for up to 100 sites

To Conclude

Site security is something we take seriously, I have tried a number of different security plugins for WordPress and none have delivered in the same way Shield has.

Why should you add Shield to your WordPress site? If you do not have a team of web design experts looking after your site like Wibble, you need: Bot protection, hack guards, vulnerability scanners ensuring your plugins are up to date and secure, custom login links… the list is long. Other pros are a great library of information, a great onsite traffic light system for highlighting issues, a great support team, regular updates and keeping notifications to serious matters. No one likes a plugin that cries wolf.