WP-Safety

Shield: Blocks Bots, Protects Users, and Prevents Security Breaches Security & Risk Analysis

wordpress.org/plugins/wp-simple-firewall

Shield stops bot attacks before they hack your site. Bots CAN be stopped. Shield stops them.

40K active installs v21.2.6 PHP 7.4+ WP 5.7+ Updated Mar 5, 2026
2faactivity-logbotsfirewallsecurity
83
B · Generally Safe
CVEs total11
Unpatched0
Last CVEFeb 18, 2026
Plugin page Download
Safety Verdict

Is Shield: Blocks Bots, Protects Users, and Prevents Security Breaches Safe to Use in 2026?

Mostly Safe

Score 83/100

Shield: Blocks Bots, Protects Users, and Prevents Security Breaches is generally safe to use. 11 past CVEs were resolved. Keep it updated.

11 known CVEsLast CVE: Feb 18, 2026Updated 29d ago
Risk Assessment

The wp-simple-firewall plugin, version 21.2.6, presents a mixed security posture. On the positive side, the plugin has a relatively small attack surface with all identified entry points secured by authentication checks. Furthermore, all SQL queries utilize prepared statements, which is a strong defense against SQL injection vulnerabilities. The taint analysis also shows no identified flows with unsanitized paths, indicating a good level of input sanitization and handling in the analyzed code paths.

However, several concerns are raised by the static analysis and vulnerability history. The presence of dangerous functions like `proc_open` and `shell_exec` warrants caution, as their misuse can lead to remote code execution. While the taint analysis didn't flag issues, these functions are inherently risky if not handled with extreme care. The output escaping is only 70% proper, meaning there's a risk of cross-site scripting (XSS) vulnerabilities in the remaining 30% of outputs. The plugin's history of 11 known CVEs, including a past critical vulnerability and multiple high and medium severity issues, is a significant red flag. The types of past vulnerabilities, such as SQL Injection, Authorization Bypass, CSRF, PHP Remote File Inclusion, and XSS, suggest recurring security weaknesses that require constant vigilance and robust patching.

In conclusion, while the current version shows improvements in input handling and SQL security, the historical vulnerability pattern and the presence of dangerous functions indicate that this plugin requires careful monitoring. The 70% proper output escaping is an area of immediate concern for potential XSS flaws. Users should be aware of the plugin's past security issues and ensure it is always updated to the latest version to mitigate known risks.

Key Concerns

  • Output escaping only 70% proper
  • Presence of dangerous functions (proc_open, shell_exec)
  • Significant vulnerability history (11 CVEs)
  • Past critical severity vulnerability
  • Past high severity vulnerabilities (2)
  • Past medium severity vulnerabilities (8)
Vulnerabilities
11

Shield: Blocks Bots, Protects Users, and Prevents Security Breaches Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
2 CVEs in 2023
2023
4 CVEs in 2024
2024
4 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
1
High
2
Medium
8

11 total CVEs

CVE-2026-0722medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Shield Security <= 21.0.8 - Cross-Site Request Forgery to SQL Injection

Feb 18, 2026 Patched in 21.0.10 (1d)
CVE-2026-0561medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Shield Security <= 21.0.8 - Unauthenticated Reflected Cross-Site Scripting via 'message' Parameter

Feb 18, 2026 Patched in 21.0.10 (1d)
CVE-2025-14427medium · 4.3Missing Authorization

Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA Update

Feb 18, 2026 Patched in 21.0.10 (1d)
CVE-2025-15370medium · 4.3Authorization Bypass Through User-Controlled Key

Shield Security <= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator

Jan 15, 2026 Patched in 21.0.10 (1d)
CVE-2024-7313medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Shield Security – Smart Bot Blocking & Intrusion Prevention Security <= 20.0.5 - Reflected Cross-Site Scripting

Aug 5, 2024 Patched in 20.0.6 (24d)
CVE-2024-4344medium · 4.3Cross-Site Request Forgery (CSRF)

Shield Security – Smart Bot Blocking & Intrusion Prevention Security <= 19.1.13 - Cross-Site Request Forgery

Jun 1, 2024 Patched in 19.1.11 (2d)
CVE-2023-6989critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Shield Security – Smart Bot Blocking & Intrusion Prevention Security <= 18.5.9 - Unauthenticated Local File Inclusion

Feb 5, 2024 Patched in 18.5.10 (176d)
CVE-2024-22163high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Shield Security <= 18.5.7 - Unauthenticated Stored Cross-Site Scripting via getColumnContent_Page

Jan 16, 2024 Patched in 18.5.8 (7d)
CVE-2023-0992high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Shield Security <= 17.0.17 - Unauthenticated Stored Cross-Site Scripting

Apr 25, 2023 Patched in 17.0.18 (273d)
CVE-2023-0993medium · 4.3Missing Authorization

Shield Security <= 17.0.17 - Missing Authorization

Apr 25, 2023 Patched in 17.0.18 (273d)
CVE-2022-0211medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Shield Security <= 13.0.5 - Admin+ Stored Cross-Site Scripting

Jan 19, 2022 Patched in 13.0.6 (734d)
Code Analysis
Analyzed Mar 16, 2026

Shield: Blocks Bots, Protects Users, and Prevents Security Breaches Code Analysis

Dangerous Functions
5
Raw SQL Queries
0
82 prepared
Unescaped Output
38
90 escaped
Nonce Checks
3
Capability Checks
4
File Operations
47
External Requests
4
Bundled Libraries
1

Dangerous Functions Found

proc_open$this->process = proc_open($this->command, static::DESCRIPTOR_SPEC, $this->pipes, $this->cwd);vendor_prefixed\monolog\monolog\src\Monolog\Handler\ProcessHandler.php:116
shell_exec$branches = shell_exec('git branch -v --no-abbrev');vendor_prefixed\monolog\monolog\src\Monolog\Processor\GitProcessor.php:67
shell_exec$result = explode(' ', trim((string) shell_exec('hg id -nb')));vendor_prefixed\monolog\monolog\src\Monolog\Processor\MercurialProcessor.php:66
unserialize$meta = unserialize($content);vendor_prefixed\symfony\config\ResourceCheckerConfigCache.php:167
unserialize$this->__unserialize(unserialize($data));vendor_prefixed\twig\twig\src\Profiler\Profile.php:163

Bundled Libraries

DataTables

SQL Query Safety

100% prepared82 total queries

Output Escaping

70% escaped128 total outputs
Attack Surface

Shield: Blocks Bots, Protects Users, and Prevents Security Breaches Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 2

authwp_ajax_edit-theme-plugin-filesrc\Modules\AuditTrail\Auditors\Plugins.php:42
authwp_ajax_edit-theme-plugin-filesrc\Modules\AuditTrail\Auditors\Themes.php:29

Shortcodes 3

[SHIELD_USER_PROFILE_MFA] src\Modules\LoginGuard\Lib\TwoFactor\MfaProfilesController.php:25
[SHIELD_BADGE] src\Modules\Plugin\Components\BadgeWidget.php:21
[SHIELD_BADGE] src\Modules\Plugin\Components\PluginBadge.php:18
WordPress Hooks 301
actionplugins_loadedicwp-wpsf.php:46
actionadmin_noticesicwp-wpsf.php:66
actionadmin_noticesplugin_compatibility.php:27
actionnetwork_admin_noticesplugin_compatibility.php:28
actionadmin_noticesplugin_init.php:63
actionadmin_noticesplugin_init.php:69
filterpre_http_requestsrc\ActionRouter\Actions\Debug\SimplePluginTests.php:56
actionwp_loadedsrc\ActionRouter\Actions\MfaLoginVerifyStep.php:17
actionadmin_menusrc\ActionRouter\Actions\PluginAdmin\PluginAdminPageHandler.php:29
actionnetwork_admin_menusrc\ActionRouter\Actions\PluginAdmin\PluginAdminPageHandler.php:35
filternocache_headerssrc\ActionRouter\Actions\PluginAdmin\PluginAdminPageHandler.php:41
filterwp_robotssrc\ActionRouter\Actions\Render\FullPage\Mfa\Components\WpLoginReplicaHeader.php:19
actionlogin_headsrc\ActionRouter\Actions\Render\FullPage\Mfa\Components\WpLoginReplicaHeader.php:22
actionlogin_headsrc\ActionRouter\Actions\Render\FullPage\Mfa\Components\WpLoginReplicaHeader.php:31
filtershield/custom_enqueue_assetssrc\ActionRouter\Actions\Render\FullPage\Mfa\WpReplicaLoginIntentPage.php:11
filtershield/custom_localisations/componentssrc\ActionRouter\Actions\Render\FullPage\Mfa\WpReplicaLoginIntentPage.php:13
actionapto/services/pre_render_twigsrc\ActionRouter\Actions\Render\PluginAdminPages\PageRulesSummary.php:38
actionrest_api_initsrc\ActionRouter\CaptureRestApiAction.php:12
filterauto_update_pluginsrc\Components\CompCons\AutoUpdatesCon.php:28
filterauto_update_themesrc\Components\CompCons\AutoUpdatesCon.php:29
filterauto_update_coresrc\Components\CompCons\AutoUpdatesCon.php:30
filterauto_core_update_emailsrc\Components\CompCons\AutoUpdatesCon.php:32
filterauto_plugin_theme_update_emailsrc\Components\CompCons\AutoUpdatesCon.php:33
actionset_site_transient_update_coresrc\Components\CompCons\AutoUpdatesCon.php:34
actionset_site_transient_update_pluginssrc\Components\CompCons\AutoUpdatesCon.php:35
actionset_site_transient_update_themessrc\Components\CompCons\AutoUpdatesCon.php:36
filterplugins_listsrc\Components\CompCons\AutoUpdatesCon.php:38
filterwp_headerssrc\Components\CompCons\HttpHeadersCon.php:29
actionsend_headerssrc\Components\CompCons\HttpHeadersCon.php:30
actionshield/pre_snapshot_updatesrc\Components\CompCons\InstantAlerts\Handlers\AlertHandlerAdmins.php:37
actionwp_loadedsrc\Components\CompCons\InstantAlerts\Handlers\AlertHandlerFileLocker.php:29
actionshield/scan_queue_completedsrc\Components\CompCons\InstantAlerts\Handlers\AlertHandlerVulnerabilities.php:29
filterplugin_row_metasrc\Components\CompCons\WhitelabelCon.php:27
actioncli_initsrc\Components\CompCons\WpCliCon.php:43
actionadmin_bar_menusrc\Controller\Admin\AdminBarMenu.php:28
actionwp_dashboard_setupsrc\Controller\Admin\DashboardWidget.php:20
filterplugin_row_metasrc\Controller\Admin\PluginsPageSupplements.php:21
actionlogin_enqueue_scriptssrc\Controller\Assets\Enqueue.php:30
actionlogin_footersrc\Controller\Assets\Enqueue.php:32
actionwp_enqueue_scriptssrc\Controller\Assets\Enqueue.php:37
actionwp_footersrc\Controller\Assets\Enqueue.php:39
actionadmin_enqueue_scriptssrc\Controller\Assets\Enqueue.php:44
actionadmin_footersrc\Controller\Assets\Enqueue.php:48
actionadmin_enqueue_scriptssrc\Controller\Assets\Enqueue.php:53
filtermailpoet_conflict_resolver_whitelist_scriptsrc\Controller\Assets\Enqueue.php:65
filtermailpoet_conflict_resolver_whitelist_stylesrc\Controller\Assets\Enqueue.php:69
actionadmin_noticessrc\Controller\Controller.php:308
actionnetwork_admin_noticessrc\Controller\Controller.php:309
actionafter_setup_themesrc\Controller\Controller.php:436
actioninitsrc\Controller\Controller.php:437
actionwp_loadedsrc\Controller\Controller.php:438
actionadmin_initsrc\Controller\Controller.php:439
actionshutdownsrc\Controller\Controller.php:440
filterwp_mail_fromsrc\Controller\Email\EmailCon.php:62
filterwp_mail_from_namesrc\Controller\Email\EmailCon.php:63
filterwp_mail_content_typesrc\Controller\Email\EmailCon.php:64
filterload_textdomain_mofilesrc\Controller\I18n\LoadTextDomain.php:20
filterall_pluginssrc\Controller\Plugin\PluginLabels.php:14
filterwp_privacy_personal_data_eraserssrc\Controller\Privacy\PrivacyEraser.php:15
filterwp_privacy_personal_data_exporterssrc\Controller\Privacy\PrivacyExport.php:15
filterupgrader_post_installsrc\Controller\Updates\CaptureMyUpgrade.php:14
actionupgrader_process_completesrc\Controller\Updates\CaptureMyUpgrade.php:15
actionshield/eventsrc\Events\EventsListener.php:14
actioninitsrc\Extensions\BaseExtension.php:48
actionshield/modules_configurationsrc\Extensions\ExtensionsCon.php:37
filtershield/rules/enum_conditionssrc\Extensions\ExtensionsCon.php:60
filtershield/rules/enum_responsessrc\Extensions\ExtensionsCon.php:68
filtershield/collate_rule_builderssrc\Extensions\ExtensionsCon.php:76
filtershield/rules/enum_typessrc\Extensions\ExtensionsCon.php:84
actionpost_updatedsrc\Modules\AuditTrail\Auditors\BasePosts.php:11
actiondeleted_postsrc\Modules\AuditTrail\Auditors\BasePosts.php:12
actiontransition_post_statussrc\Modules\AuditTrail\Auditors\BasePosts.php:13
actioncomment_postsrc\Modules\AuditTrail\Auditors\Comments.php:12
actiondeleted_commentsrc\Modules\AuditTrail\Auditors\Comments.php:13
actiontransition_comment_statussrc\Modules\AuditTrail\Auditors\Comments.php:14
filterwp_mailsrc\Modules\AuditTrail\Auditors\Emails.php:10
actionactivated_pluginsrc\Modules\AuditTrail\Auditors\Plugins.php:36
actiondeactivated_pluginsrc\Modules\AuditTrail\Auditors\Plugins.php:37
actionupdate_option_active_pluginssrc\Modules\AuditTrail\Auditors\Plugins.php:38
actionupgrader_process_completesrc\Modules\AuditTrail\Auditors\Plugins.php:39
actionpre_uninstall_pluginsrc\Modules\AuditTrail\Auditors\Plugins.php:40
actiondeleted_pluginsrc\Modules\AuditTrail\Auditors\Plugins.php:41
actionupgrader_process_completesrc\Modules\AuditTrail\Auditors\Plugins.php:44
filterupgrader_post_installsrc\Modules\AuditTrail\Auditors\Plugins.php:45
actionupgrader_process_completesrc\Modules\AuditTrail\Auditors\Themes.php:27
actionswitch_themesrc\Modules\AuditTrail\Auditors\Themes.php:28
actiondeleted_themesrc\Modules\AuditTrail\Auditors\Themes.php:30
actionupgrader_process_completesrc\Modules\AuditTrail\Auditors\Themes.php:32
filterupgrader_post_installsrc\Modules\AuditTrail\Auditors\Themes.php:33
actionuser_registersrc\Modules\AuditTrail\Auditors\Users.php:24
actiondelete_usersrc\Modules\AuditTrail\Auditors\Users.php:25
actionapplication_password_failed_authenticationsrc\Modules\AuditTrail\Auditors\Users.php:28
actionapplication_password_did_authenticatesrc\Modules\AuditTrail\Auditors\Users.php:34
actionwp_create_application_passwordsrc\Modules\AuditTrail\Auditors\Users.php:41
actionprofile_updatesrc\Modules\AuditTrail\Auditors\Users.php:43
filtersend_password_change_emailsrc\Modules\AuditTrail\Auditors\Users.php:45
actionwp_set_passwordsrc\Modules\AuditTrail\Auditors\Users.php:46
actionafter_password_resetsrc\Modules\AuditTrail\Auditors\Users.php:47
action_core_updated_successfullysrc\Modules\AuditTrail\Auditors\Wordpress.php:17
actionwp_loadedsrc\Modules\AuditTrail\Lib\AuditCon.php:48
filtershield/is_log_trafficsrc\Modules\AuditTrail\Lib\LogHandlers\LocalDbWriter.php:63
actionwp_set_comment_statussrc\Modules\CommentsFilter\Scan\CommentAdditiveCleaner.php:12
filterinitsrc\Modules\CommentsFilter\Scan\CommentSpamCon.php:19
filtercomment_notification_recipientssrc\Modules\CommentsFilter\Scan\CommentSpamCon.php:28
filterpre_comment_user_ipsrc\Modules\CommentsFilter\Scan\CommentSpamCon.php:32
filterpre_comment_approvedsrc\Modules\CommentsFilter\Scan\Scanner.php:35
actioncomment_postsrc\Modules\CommentsFilter\Scan\Scanner.php:90
actionwp_loadedsrc\Modules\HackGuard\Lib\FileLocker\FileLockerController.php:43
actionupgrader_process_completesrc\Modules\HackGuard\Scan\Controller\Wpv.php:15
actiondeleted_pluginsrc\Modules\HackGuard\Scan\Controller\Wpv.php:18
actionload-plugins.phpsrc\Modules\HackGuard\Scan\Controller\Wpv.php:21
actionwp_loadedsrc\Modules\HackGuard\Scan\Queue\Controller.php:26
actionadmin_footersrc\Modules\HackGuard\Scan\Utilities\PtgAddReinstallLinks.php:40
filtershield/custom_localisations/componentssrc\Modules\HackGuard\Scan\Utilities\PtgAddReinstallLinks.php:49
actionpre_current_active_pluginssrc\Modules\HackGuard\Scan\Utilities\WpvAddPluginRows.php:40
filterall_pluginssrc\Modules\HackGuard\Scan\Utilities\WpvAddPluginRows.php:41
filterviews_pluginssrc\Modules\HackGuard\Scan\Utilities\WpvAddPluginRows.php:42
filtermanage_plugins_columnssrc\Modules\HackGuard\Scan\Utilities\WpvAddPluginRows.php:43
filterviews_pluginssrc\Modules\HackGuard\Scan\Utilities\WpvAddPluginRows.php:60
filterarflite_is_to_validate_spam_filtersrc\Modules\Integrations\Lib\Bots\Spam\Handlers\ArformsLite.php:8
actioncaldera_forms_submit_startsrc\Modules\Integrations\Lib\Bots\Spam\Handlers\CalderaForms.php:10
filterwpcf7_spamsrc\Modules\Integrations\Lib\Bots\Spam\Handlers\ContactForm7.php:8
filterwpcf7_display_messagesrc\Modules\Integrations\Lib\Bots\Spam\Handlers\ContactForm7.php:12
actionelementor_pro/forms/validationsrc\Modules\Integrations\Lib\Bots\Spam\Handlers\ElementorPro.php:8
filterfrm_validate_entrysrc\Modules\Integrations\Lib\Bots\Spam\Handlers\FormidableForms.php:8
filterforminator_spam_protectionsrc\Modules\Integrations\Lib\Bots\Spam\Handlers\Forminator.php:8
filtergform_entry_is_spamsrc\Modules\Integrations\Lib\Bots\Spam\Handlers\GravityForms.php:10
filtergroundhogg/form/submission_handler/is_spamsrc\Modules\Integrations\Lib\Bots\Spam\Handlers\Groundhogg.php:8
filterhappyforms_validate_submissionsrc\Modules\Integrations\Lib\Bots\Spam\Handlers\HappyForms.php:8
filterkaliforms_before_form_processsrc\Modules\Integrations\Lib\Bots\Spam\Handlers\KaliForms.php:8
filterninja_forms_register_actionssrc\Modules\Integrations\Lib\Bots\Spam\Handlers\NinjaForms.php:28
filterninja_forms_submission_actionssrc\Modules\Integrations\Lib\Bots\Spam\Handlers\NinjaForms.php:33
actionsuper_before_sending_email_hooksrc\Modules\Integrations\Lib\Bots\Spam\Handlers\SuperForms.php:8
filterwpsc_before_create_ticket_argssrc\Modules\Integrations\Lib\Bots\Spam\Handlers\SupportCandy.php:10
filterweforms_before_entry_submissionsrc\Modules\Integrations\Lib\Bots\Spam\Handlers\WeForms.php:8
filterwpforms_process_before_form_datasrc\Modules\Integrations\Lib\Bots\Spam\Handlers\WPForms.php:10
filterwpforms_process_initial_errorssrc\Modules\Integrations\Lib\Bots\Spam\Handlers\WPForms.php:18
filterarmember_validate_spam_filter_fieldssrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\ArmemberLite.php:8
actionbp_signup_validatesrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\Buddyboss.php:8
actionbp_signup_validatesrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\Buddypress.php:8
filterrtcl_process_login_errorssrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\ClassifiedListing.php:8
filterrtcl_process_registration_errorssrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\ClassifiedListing.php:9
actionedd_process_register_formsrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\EasyDigitalDownloads.php:10
filterlearn-press/login-validate-fieldsrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\LearnPress.php:8
filterlearn-press/register-validate-fieldsrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\LearnPress.php:12
filterllms_after_user_login_data_validationsrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\LifterLMS.php:11
filterlifterlms_user_registration_datasrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\LifterLMS.php:15
filtermepr-validate-loginsrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\MemberPress.php:11
filtermepr-validate-signupsrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\MemberPress.php:15
filtermepr-validate-forgot-passwordsrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\MemberPress.php:19
filterpms_register_form_validationsrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\PaidMemberSubscriptions.php:8
filterwppb_output_field_errors_filtersrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\ProfileBuilder.php:11
filterppress_login_validationsrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\ProfilePress.php:8
filterppress_registration_validationsrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\ProfilePress.php:9
filterswpm_validate_login_form_submissionsrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\SimpleMembership.php:14
filterswpm_validate_registration_form_submissionsrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\SimpleMembership.php:18
filterswpm_validate_pass_reset_form_submissionsrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\SimpleMembership.php:22
actionum_submit_form_loginsrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\UltimateMember.php:11
actionum_submit_form_registersrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\UltimateMember.php:15
actionum_submit_form_password_resetsrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\UltimateMember.php:19
filterwoocommerce_process_login_errorssrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\WooCommerce.php:8
filterwoocommerce_process_registration_errorssrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\WooCommerce.php:12
actionwoocommerce_after_checkout_validationsrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\WooCommerce.php:16
actionwoocommerce_store_api_cart_errorssrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\WooCommerce.php:17
filterauthenticatesrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\WordPress.php:15
filterregistration_errorssrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\WordPress.php:19
actionlostpassword_postsrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\WordPress.php:23
actionwpmem_pre_register_datasrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\WPMembers.php:11
actionwpmem_pwdreset_argssrc\Modules\Integrations\Lib\Bots\UserForms\Handlers\WPMembers.php:15
filtericwp_shield_2fa_skipsrc\Modules\Integrations\Lib\MainWP\Client\Actions\Init.php:22
actionmainwp_child_site_statssrc\Modules\Integrations\Lib\MainWP\Client\Actions\Init.php:25
filtermainwp_site_sync_others_datasrc\Modules\Integrations\Lib\MainWP\Client\Actions\Init.php:36
filtermainwp_child_extra_executionsrc\Modules\Integrations\Lib\MainWP\Client\Actions\Init.php:67
actionmainwp_sync_others_datasrc\Modules\Integrations\Lib\MainWP\Server\Data\SyncHandler.php:15
actionmainwp_site_syncedsrc\Modules\Integrations\Lib\MainWP\Server\Data\SyncHandler.php:19
filtershield/custom_enqueue_assetssrc\Modules\Integrations\Lib\MainWP\Server\ExtensionSettingsPage.php:17
filtershield/custom_localisations/componentssrc\Modules\Integrations\Lib\MainWP\Server\ExtensionSettingsPage.php:25
actionadmin_initsrc\Modules\Integrations\Lib\MainWP\Server\Init.php:41
filtermainwp_sitestable_getcolumnssrc\Modules\Integrations\Lib\MainWP\Server\Init.php:50
filtermainwp_sitestable_itemsrc\Modules\Integrations\Lib\MainWP\Server\Init.php:56
filtermainwp_getextensionssrc\Modules\Integrations\Lib\MainWP\Server\Init.php:72
filterpre_update_option_mainwp_extensionssrc\Modules\Integrations\Lib\MainWP\Server\Init.php:83
filtermainwp_plugins_install_checkssrc\Modules\Integrations\Lib\MainWP\Server\Init.php:100
actionmainwp_admin_menusrc\Modules\Integrations\Lib\MainWP\Server\Init.php:109
filtermainwp_header_titlesrc\Modules\Integrations\Lib\MainWP\Server\MwpExtensionLoader.php:21
actionspammed_commentsrc\Modules\IPs\BotTrack\TrackCommentSpam.php:22
actionunspammed_commentsrc\Modules\IPs\BotTrack\TrackCommentSpam.php:43
filterrobots_txtsrc\Modules\IPs\BotTrack\TrackLinkCheese.php:24
actionwp_footersrc\Modules\IPs\BotTrack\TrackLinkCheese.php:25
actionwpsrc\Modules\IPs\BotTrack\TrackLinkCheese.php:26
filterwp_robotssrc\Modules\IPs\BotTrack\TrackLinkCheese.php:32
filterauthenticatesrc\Modules\IPs\BotTrack\TrackLoginFailed.php:17
filterauthenticatesrc\Modules\IPs\BotTrack\TrackLoginInvalid.php:17
actionshield/eventsrc\Modules\IPs\Lib\Bots\BotEventListener.php:18
actioninitsrc\Modules\IPs\Lib\Bots\BotSignalsController.php:26
actionwp_footersrc\Modules\IPs\Lib\Bots\BotSignalsController.php:134
actionlogin_footersrc\Modules\IPs\Lib\Bots\BotSignalsController.php:154
filtershield/custom_enqueue_assetssrc\Modules\IPs\Lib\Bots\NotBot\InsertNotBotJs.php:24
filtershield/custom_localisations/componentssrc\Modules\IPs\Lib\Bots\NotBot\InsertNotBotJs.php:27
actioninitsrc\Modules\IPs\Lib\Bots\NotBot\NotBotHandler.php:28
filterstatus_headersrc\Modules\IPs\Lib\CrowdSec\Signals\EventsToSignals.php:28
actioninitsrc\Modules\License\Lib\LicenseHandler.php:25
actionwp_loadedsrc\Modules\License\Lib\LicenseHandler.php:27
actionshield/eventsrc\Modules\License\Lib\WpHashes\ApiTokenManager.php:18
actioninitsrc\Modules\LoginGuard\Lib\Rename\RenameLogin.php:32
actionwp_loadedsrc\Modules\LoginGuard\Lib\Rename\RenameLogin.php:45
actionlogin_initsrc\Modules\LoginGuard\Lib\Rename\RenameLogin.php:54
filterwp_redirectsrc\Modules\LoginGuard\Lib\Rename\RenameLogin.php:58
filterregister_urlsrc\Modules\LoginGuard\Lib\Rename\RenameLogin.php:60
filteret_anticipate_exceptionssrc\Modules\LoginGuard\Lib\Rename\RenameLogin.php:62
filtersite_urlsrc\Modules\LoginGuard\Lib\Rename\RenameLogin.php:66
filternetwork_site_urlsrc\Modules\LoginGuard\Lib\Rename\RenameLogin.php:67
filterwp_redirectsrc\Modules\LoginGuard\Lib\Rename\RenameLogin.php:68
filterlogin_messagesrc\Modules\LoginGuard\Lib\TwoFactor\LoginIntentRequestCapture.php:127
actioninitsrc\Modules\LoginGuard\Lib\TwoFactor\MfaController.php:35
actionwp_loadedsrc\Modules\LoginGuard\Lib\TwoFactor\MfaController.php:36
actionadmin_initsrc\Modules\LoginGuard\Lib\TwoFactor\MfaController.php:37
filterlogin_messagesrc\Modules\LoginGuard\Lib\TwoFactor\MfaController.php:38
filtershield/user_status_columnsrc\Modules\LoginGuard\Lib\TwoFactor\MfaController.php:113
actionwpsrc\Modules\LoginGuard\Lib\TwoFactor\MfaProfilesController.php:29
actionadmin_menusrc\Modules\LoginGuard\Lib\TwoFactor\MfaProfilesController.php:46
actionshow_user_profilesrc\Modules\LoginGuard\Lib\TwoFactor\MfaProfilesController.php:60
actionedit_user_profilesrc\Modules\LoginGuard\Lib\TwoFactor\MfaProfilesController.php:65
filtershield/custom_enqueue_assetssrc\Modules\LoginGuard\Lib\TwoFactor\MfaProfilesController.php:78
filtershield/custom_dequeuessrc\Modules\LoginGuard\Lib\TwoFactor\MfaProfilesController.php:84
filtershield/custom_localisations/componentssrc\Modules\LoginGuard\Lib\TwoFactor\MfaProfilesController.php:86
actioninitsrc\Modules\Plugin\Components\AnonRestApiDisable.php:20
filterrest_authentication_errorssrc\Modules\Plugin\Components\AnonRestApiDisable.php:22
actionwidgets_initsrc\Modules\Plugin\Components\PluginBadge.php:17
filtershield/custom_enqueue_assetssrc\Modules\Plugin\Components\PluginBadge.php:30
actionwp_footersrc\Modules\Plugin\Components\PluginBadge.php:31
actionlogin_footersrc\Modules\Plugin\Components\PluginBadge.php:32
filtersite_transient_update_pluginssrc\Modules\Plugin\Lib\AllowBetaUpgrades.php:29
filterpre_set_site_transient_update_pluginssrc\Modules\Plugin\Lib\AllowBetaUpgrades.php:30
filtershield/custom_localisationssrc\Modules\Plugin\Lib\AssetsCustomizer.php:41
filterhttp_request_host_is_externalsrc\Modules\Plugin\Lib\ImportExport\Import.php:164
actionshield/plugin_activatedsrc\Modules\Plugin\Lib\ImportExport\ImportExportController.php:32
actionshield/after_form_submit_options_savesrc\Modules\Plugin\Lib\ImportExport\NotifyWhitelist.php:21
actionshield/eventsrc\Modules\Plugin\Lib\ImportExport\NotifyWhitelist.php:26
filtershield/custom_enqueue_assetssrc\Modules\Plugin\Lib\Merlin\MerlinController.php:20
actionclear_auth_cookiesrc\Modules\Plugin\Lib\Sessions\SessionController.php:20
filtersite_health_navigation_tabssrc\Modules\Plugin\Lib\SiteHealthController.php:27
actionsite_health_tab_contentsrc\Modules\Plugin\Lib\SiteHealthController.php:38
actionbefore_woocommerce_initsrc\Modules\Plugin\ModCon.php:87
actioninitsrc\Modules\Plugin\ModCon.php:169
actionadmin_footersrc\Modules\Plugin\ModCon.php:171
actioninitsrc\Modules\Plugin\Processor.php:60
actioninitsrc\Modules\Plugin\Processor.php:61
filtermanage_users_columnssrc\Modules\Plugin\Processor.php:69
filterwpmu_users_columnssrc\Modules\Plugin\Processor.php:70
actionuser_registersrc\Modules\Plugin\Processor.php:76
filtermanage_users_custom_columnsrc\Modules\Plugin\Processor.php:143
filteruser_has_capsrc\Modules\SecurityAdmin\Lib\SecurityAdmin\Restrictions\BaseCapabilitiesRestrict.php:14
filtereditable_rolessrc\Modules\SecurityAdmin\Lib\SecurityAdmin\Restrictions\Users.php:14
filteruser_has_capsrc\Modules\SecurityAdmin\Lib\SecurityAdmin\Restrictions\Users.php:15
actiondelete_usersrc\Modules\SecurityAdmin\Lib\SecurityAdmin\Restrictions\Users.php:16
actionadd_user_rolesrc\Modules\SecurityAdmin\Lib\SecurityAdmin\Restrictions\Users.php:17
actionremove_user_rolesrc\Modules\SecurityAdmin\Lib\SecurityAdmin\Restrictions\Users.php:18
actionset_user_rolesrc\Modules\SecurityAdmin\Lib\SecurityAdmin\Restrictions\Users.php:19
actionremove_user_rolesrc\Modules\SecurityAdmin\Lib\SecurityAdmin\Restrictions\Users.php:34
actionadd_user_rolesrc\Modules\SecurityAdmin\Lib\SecurityAdmin\Restrictions\Users.php:74
actionremove_user_rolesrc\Modules\SecurityAdmin\Lib\SecurityAdmin\Restrictions\Users.php:75
actionadd_user_rolesrc\Modules\SecurityAdmin\Lib\SecurityAdmin\Restrictions\Users.php:92
filterpre_update_optionsrc\Modules\SecurityAdmin\Lib\SecurityAdmin\Restrictions\WpOptions.php:15
actionadmin_initsrc\Modules\SecurityAdmin\Lib\SecurityAdmin\SecurityAdminController.php:28
actioninitsrc\Modules\SecurityAdmin\Lib\SecurityAdmin\SecurityAdminController.php:31
actionadmin_footersrc\Modules\SecurityAdmin\Lib\SecurityAdmin\SecurityAdminController.php:45
actionpre_uninstall_pluginsrc\Modules\SecurityAdmin\Lib\SecurityAdmin\SecurityAdminController.php:48
filtershield/custom_localisations/componentssrc\Modules\SecurityAdmin\Lib\SecurityAdmin\SecurityAdminController.php:99
actionafter_password_resetsrc\Modules\UserManagement\Lib\Password\UserPasswordHandler.php:23
actionwp_loadedsrc\Modules\UserManagement\Lib\Password\UserPasswordHandler.php:27
filterregistration_errorssrc\Modules\UserManagement\Lib\Password\UserPasswordHandler.php:28
actionuser_profile_update_errorssrc\Modules\UserManagement\Lib\Password\UserPasswordHandler.php:29
actionvalidate_password_resetsrc\Modules\UserManagement\Lib\Password\UserPasswordHandler.php:30
filterwp_pre_insert_user_datasrc\Modules\UserManagement\Lib\Registration\EmailValidate.php:22
actionwp_loadedsrc\Modules\UserManagement\Lib\Session\UserSessionHandler.php:25
filterwp_login_errorssrc\Modules\UserManagement\Lib\Session\UserSessionHandler.php:26
filterauth_cookie_expirationsrc\Modules\UserManagement\Lib\Session\UserSessionHandler.php:27
filterlogin_messagesrc\Modules\UserManagement\Lib\Session\UserSessionHandler.php:28
filterauthenticatesrc\Modules\UserManagement\Lib\Suspend\Base.php:18
actionedit_user_profilesrc\Modules\UserManagement\Lib\Suspend\UserSuspendController.php:62
actionedit_user_profile_updatesrc\Modules\UserManagement\Lib\Suspend\UserSuspendController.php:63
actionload-users.phpsrc\Modules\UserManagement\Lib\Suspend\UserSuspendController.php:66
filtershield/user_status_columnsrc\Modules\UserManagement\Lib\Suspend\UserSuspendController.php:71
filterusers_list_table_query_argssrc\Modules\UserManagement\Lib\Suspend\UserSuspendController.php:115
filterviews_userssrc\Modules\UserManagement\Lib\Suspend\UserSuspendController.php:158
filteruser_has_capsrc\Rules\Responses\DisableFileEditing.php:10
actionrest_api_initsrc\Rules\Responses\DisableRestApiRequest.php:15
filterrest_authentication_errorssrc\Rules\Responses\DisableRestApiRequest.php:16
filtershield/is_trusted_requestsrc\Rules\Responses\MarkRequestAsTrustedService.php:10
filtershield/is_ip_blocked_autosrc\Rules\Responses\PreventShieldIpAutoBlock.php:8
filtershield/is_log_trafficsrc\Rules\Responses\SetRequestToBeLogged.php:10
actioninitsrc\Rules\Responses\UserSessionRotateAuthCookies.php:16
filterauth_cookie_expirationsrc\Rules\Responses\UserSessionRotateAuthCookies.php:53
actionadmin_noticessrc\Utilities\AdminNotices\Controller.php:25
actionnetwork_admin_noticessrc\Utilities\AdminNotices\Controller.php:26
filterlogin_messagesrc\Utilities\AdminNotices\Controller.php:27
actionwp_loginsrc\Utilities\Consumer\WpLoginCapture.php:94
actionset_logged_in_cookiesrc\Utilities\Consumer\WpLoginCapture.php:96
actionadmin_noticesunsupported.php:5
actionnetwork_admin_noticesunsupported.php:6
Maintenance & Trust

Shield: Blocks Bots, Protects Users, and Prevents Security Breaches Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedMar 5, 2026
PHP min version7.4
Downloads12.6M

Community Trust

Rating96/100
Number of ratings1,032
Active installs40K
Alternatives

Shield: Blocks Bots, Protects Users, and Prevents Security Breaches Alternatives

Wordfence Security – Firewall, Malware Scan, and Login Security

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

A
96

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs
Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

limit-login-attempts-reloaded

A
98

Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.

2.0M 4 CVEs
BBQ Firewall – Fast & Powerful Firewall Security

BBQ Firewall – Fast & Powerful Firewall Security

block-bad-queries

A
100

The fastest firewall plugin for WordPress. Protect against a wide range of threats with minimal performance impact.

100K No CVEs
CloudFilt Bot & Spam Protection

CloudFilt Bot & Spam Protection

cloudfilt-codes

A
100

Prevent and stop bots traffic. This plugin inserts in your website the CloudFilt codes for the security tracking available on https://cloudfilt.com/.

600 No CVEs
BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security

BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security

bitfire

A
99

Real-time firewall that stops bots, malware, and hackers with real AI, file protection, and traffic analytics without slowing down your site

300 1 CVE
Developer Profile

Shield: Blocks Bots, Protects Users, and Prevents Security Breaches Developer Profile

Paul

5 plugins · 141K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
125 days
View full developer profile
Detection Fingerprints

How We Detect Shield: Blocks Bots, Protects Users, and Prevents Security Breaches

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-simple-firewall/assets/css/login.css/wp-content/plugins/wp-simple-firewall/assets/js/password-toggle.js
Script Paths
/wp-content/plugins/wp-simple-firewall/assets/js/password-toggle.js
Version Parameters
wp-simple-firewall/assets/css/login.css?ver=wp-simple-firewall/assets/js/password-toggle.js?ver=

HTML / DOM Fingerprints

CSS Classes
shield-login-formshield-login-logo
HTML Comments
<!-- Shield Security Login Override -->
Data Attributes
data-shield-ajax-nonce
JS Globals
ShieldConfigShieldVars
REST Endpoints
/wp-json/shield/v1/auth/login
Shortcode Output
[shield_user_account_menu]
FAQ

Frequently Asked Questions about Shield: Blocks Bots, Protects Users, and Prevents Security Breaches