by Paul
4.8 (1,032 reviews)
Shield: Blocks Bots, Protects Users, and Prevents Security Breaches
Shield stops bot attacks before they hack your site. Bots CAN be stopped. Shield stops them.
Compatible with WP 6.9
v21.0.10
Current Version v21.0.10
Updated 6 days ago
Last Update on 13 Jan, 2026
Synced 16 hours ago
Last Synced on
Rank
#883
—
No change
Active Installs
40K+
—
No change
KW Avg Position
39.2
—
No change
Downloads
12.5M
+170 today
Support Resolved
100%
—
No change
Rating
96%
Review 4.8 out of 5
4.8
(1,032 reviews)
Next Milestone 50K
40K+
50K+
71
Ranks to Climb
-
Growth Needed
8,000,000
Active Installs
Pro
Unlock Exact Install Count
See the precise estimated active installs for this plugin, calculated from real-time ranking data.
- Exact install estimates within tiers
- Track install growth over time
- Milestone progress predictions
Need 5,680 more installs to reach 50K+
Rank Changes
Current
#883
Change
Best
#
Downloads Growth
Downloads
Growth
Peak
Upgrade to Pro
Unlock 30-day, 90-day, and yearly download history charts with a Pro subscription.
Upgrade NowReviews & Ratings
4.8
1,032 reviews
Overall
96%
5
966
(94%)
4
26
(3%)
3
11
(1%)
2
9
(1%)
1
20
(2%)
Tracked Keywords
Showing 5 of 5| Keyword | Position | Change | Type | Updated |
|---|---|---|---|---|
| bots | 1 | — | Tag | 16 hours ago |
| firewall | 5 | — | Tag | 16 hours ago |
| security | 9 | — | Tag | 16 hours ago |
| 2FA | 63 | — | Tag | 16 hours ago |
| Activity Log | 118 | — | Tag | 16 hours ago |
Unlock Keyword Analytics
Track keyword rankings, search positions, and discover new ranking opportunities with a Pro subscription.
- Full keyword position tracking
- Historical ranking data
- Competitor keyword analysis
Support Threads Overview
Resolved
Unresolved
1
Total Threads
1
Resolved
0
Unresolved
100%
Resolution Rate
Track This Plugin
Get detailed analytics, keyword tracking, and position alerts delivered to your inbox.
Start Tracking FreePlugin Details
- Version
- 21.0.10
- Last Updated
- Jan 13, 2026
- Requires WP
- 5.7+
- Tested Up To
- 6.9
- PHP Version
- 7.4 or higher
- Author
- Paul
Support & Rating
- Rating
- ★ ★ ★ ★ ★ 4.8
- Reviews
- 1,032
- Support Threads
- 1
- Resolved
- 100%
Keywords
Upgrade to Pro
Unlock keyword rankings, search positions, and detailed analytics with a Pro subscription.
Upgrade NowSimilar Plugins
WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer
7K+ installs
#2,735
Master Addons For Elementor - White Label, Free Widgets, Hover Effects, Conditions, & Animations
40K+ installs
#929
Anti-Malware Security and Brute-Force Firewall
100K+ installs
#295
WPS Limit Login
100K+ installs
#311
reCaptcha by BestWebSoft
100K+ installs
#316
Frequently Asked Questions
Common questions about Shield: Blocks Bots, Protects Users, and Prevents Security Breaches
Firstly, we don't modify any core WordPress or web hosting file. This is important and explains why randomly you upgrade your security plugin and your site dies.
Ideally you shouldn't use this alongside other Anti-SPAM plugins or security plugins. If there is a feature you need, please feel free to suggest it in the support forums.
My server has a security firewall, why do I need this plugin?
This plugin is an application layer firewall, not a server/network security firewall. It is designed to interpret web calls to your site to look for attempts to circumvent it and gain unauthorized access.
Your network security firewall is designed to restrict access to your server based on certain types of network traffic. The Shield Security plugin is designed to restrict access to your site, based on certain types of web calls.
How does the IP Security Bypass List work?
Any IP address that is on the whitelist will not be subject to any of the firewall security processing. This setting takes priority over all other settings.
Does the IP Bypass support IP ranges?
Yes. To specify a range you use CIDR notation. E.g. ABC.DEF.GHJ.KMP/16
I want to review and manage IP addresses, where can I do that?
You can use IP Rules section. This is an essential tool you can use to analyse IP address, review information concerning blocked and bypassed IP addresses.
It shows you geo-location information and all the request made to your site by that IP, including offenses and any logged-in users.
I've locked myself out from my own site!
This happens when any the following 3 conditions are met:
you have added your IP address to the firewall blacklist,
you have enabled 2 factor authentication and email doesn't work on your site (and you haven't chosen the override option)
You can completely turn OFF (and ON) the Shield Security by creating a special file in the plugin folder.
Here's how:
Open up an FTP connection to your site, browse to the plugin folder /wp-content/plugins/wp-simple-firewall/
Create a new file in here called: "forceOff".
Load any page on your WordPress site.
After this, you'll find your Shield has been switched off.
Remember: If you leave one of these files on the server, it will override your on/off settings, so you should delete it when you no longer need it.
Which takes precedence... bypass list or block list?
Bypass List: so if you have the same address in both lists, it'll be bypassed and never be blocked.
Can I assist with development?
Yes! We actively develop our plugin on Github and the best thing you can do is submit pull request and bug reports which we'll review.
How does the pages/parameters whitelist work?
It is a comma-separated list of pages and parameters. A NEW LINE should be taken for each new page name and its associated parameters.
The first entry on each line (before the first comma) is the page name. The rest of the items on the line are the parameters.
The following are some simple security examples to illustrate:
edit.php, featured
On the edit.php page, the parameter with the name 'featured' will be ignored.
admin.php, url, param01, password
Any parameters that are passed to the page ending in 'admin.php' with the names 'url', 'param01' and 'password' will
be excluded from the firewall processing.
*, url, param, password
Putting a star first means that these exclusions apply to all pages. So for every page that is accessed, all the parameters
that are url, param and password will be ignored by the firewall.
How does the login cooldown security feature work?
Login Cooldown Security prevents more than 1 login attempt to your site every "so-many" seconds. So if you enable a login cooldown of 60 seconds, only 1 login attempt will be processed every 60 seconds. If you login incorrectly, you wont be able to attempt another login for a further 60 seconds.
This security system completely blocks any level of brute-force login attacks and a cooldown of just 1 second goes a long way to adding security to your WordPress login.
More Info
How does the GASP Login Guard work?
This is best described on the blog
How does the 2-factor authentication security work?
2-Factor Authentication is best described here.
I'm not receiving the email with 2FA verification code.?
Email delivery is a huge problem with WordPress sites and is very common.
Your WordPress is not designed to send emails. The best solution is to use a service that is dedicated to the purpose of sending emails.
This is what we recommend.
I'm getting an update message although I have auto update enabled?
The Automatic (Background) WordPress updates happens on a WordPress schedule - it doesn't happen immediately when an update is detected.
You can either manually upgrade, or WordPress will handle it in due course.
I'm getting large volumes of comment SPAM. How can I stop this?
You can use Shield Security to block 100% of automated spam bots and also block and analyse human spam. This is best described here.
Do you offer White Label?
Yes, we do. You can essentially rename the Shield Security plugin to whatever you would like it to be.
It ensures a more consistent brand offering and presents your business offering as a more holistic, integrated solution.
We go into further detail here.
I’d like to customise 2FA emails sent to my site users. How can I do that?
You can use our custom templates for this purpose.
How can I change the text/html in the Plugin Security Badge?
Use the following filter and return the HTML/Text you wish to display:
add_filter( 'icwp_shield_plugin_badge_text', 'your_function_to_return_text' );
Ideally you shouldn't use this alongside other Anti-SPAM plugins or security plugins. If there is a feature you need, please feel free to suggest it in the support forums.
My server has a security firewall, why do I need this plugin?
This plugin is an application layer firewall, not a server/network security firewall. It is designed to interpret web calls to your site to look for attempts to circumvent it and gain unauthorized access.
Your network security firewall is designed to restrict access to your server based on certain types of network traffic. The Shield Security plugin is designed to restrict access to your site, based on certain types of web calls.
How does the IP Security Bypass List work?
Any IP address that is on the whitelist will not be subject to any of the firewall security processing. This setting takes priority over all other settings.
Does the IP Bypass support IP ranges?
Yes. To specify a range you use CIDR notation. E.g. ABC.DEF.GHJ.KMP/16
I want to review and manage IP addresses, where can I do that?
You can use IP Rules section. This is an essential tool you can use to analyse IP address, review information concerning blocked and bypassed IP addresses.
It shows you geo-location information and all the request made to your site by that IP, including offenses and any logged-in users.
I've locked myself out from my own site!
This happens when any the following 3 conditions are met:
you have added your IP address to the firewall blacklist,
you have enabled 2 factor authentication and email doesn't work on your site (and you haven't chosen the override option)
You can completely turn OFF (and ON) the Shield Security by creating a special file in the plugin folder.
Here's how:
Open up an FTP connection to your site, browse to the plugin folder /wp-content/plugins/wp-simple-firewall/
Create a new file in here called: "forceOff".
Load any page on your WordPress site.
After this, you'll find your Shield has been switched off.
Remember: If you leave one of these files on the server, it will override your on/off settings, so you should delete it when you no longer need it.
Which takes precedence... bypass list or block list?
Bypass List: so if you have the same address in both lists, it'll be bypassed and never be blocked.
Can I assist with development?
Yes! We actively develop our plugin on Github and the best thing you can do is submit pull request and bug reports which we'll review.
How does the pages/parameters whitelist work?
It is a comma-separated list of pages and parameters. A NEW LINE should be taken for each new page name and its associated parameters.
The first entry on each line (before the first comma) is the page name. The rest of the items on the line are the parameters.
The following are some simple security examples to illustrate:
edit.php, featured
On the edit.php page, the parameter with the name 'featured' will be ignored.
admin.php, url, param01, password
Any parameters that are passed to the page ending in 'admin.php' with the names 'url', 'param01' and 'password' will
be excluded from the firewall processing.
*, url, param, password
Putting a star first means that these exclusions apply to all pages. So for every page that is accessed, all the parameters
that are url, param and password will be ignored by the firewall.
How does the login cooldown security feature work?
Login Cooldown Security prevents more than 1 login attempt to your site every "so-many" seconds. So if you enable a login cooldown of 60 seconds, only 1 login attempt will be processed every 60 seconds. If you login incorrectly, you wont be able to attempt another login for a further 60 seconds.
This security system completely blocks any level of brute-force login attacks and a cooldown of just 1 second goes a long way to adding security to your WordPress login.
More Info
How does the GASP Login Guard work?
This is best described on the blog
How does the 2-factor authentication security work?
2-Factor Authentication is best described here.
I'm not receiving the email with 2FA verification code.?
Email delivery is a huge problem with WordPress sites and is very common.
Your WordPress is not designed to send emails. The best solution is to use a service that is dedicated to the purpose of sending emails.
This is what we recommend.
I'm getting an update message although I have auto update enabled?
The Automatic (Background) WordPress updates happens on a WordPress schedule - it doesn't happen immediately when an update is detected.
You can either manually upgrade, or WordPress will handle it in due course.
I'm getting large volumes of comment SPAM. How can I stop this?
You can use Shield Security to block 100% of automated spam bots and also block and analyse human spam. This is best described here.
Do you offer White Label?
Yes, we do. You can essentially rename the Shield Security plugin to whatever you would like it to be.
It ensures a more consistent brand offering and presents your business offering as a more holistic, integrated solution.
We go into further detail here.
I’d like to customise 2FA emails sent to my site users. How can I do that?
You can use our custom templates for this purpose.
How can I change the text/html in the Plugin Security Badge?
Use the following filter and return the HTML/Text you wish to display:
add_filter( 'icwp_shield_plugin_badge_text', 'your_function_to_return_text' );
add_filter( 'icwp-wpsf-login-notification-email-role', 'your_function_to_return_role' );
Possible options are: network_admin, administrator, editor, author, contributor, subscriber
What changes go into each Shield Security release?
The changelog outlines the main changes for each release. We group changes by minor release "Series". Changes in smaller "point" releases are highlighted
using (.1) notation. So for example, version 10.1.1 will have changelog items appended with (.1)
You can view the entire Shield changelog here.
Possible options are: network_admin, administrator, editor, author, contributor, subscriber
What changes go into each Shield Security release?
The changelog outlines the main changes for each release. We group changes by minor release "Series". Changes in smaller "point" releases are highlighted
using (.1) notation. So for example, version 10.1.1 will have changelog items appended with (.1)
You can view the entire Shield changelog here.