Secure your website with Shield

Secure your website with Shield

Over 20 percent of all WordPress websites gets attacked. Automated spambots, hacks, brute force attacks, malware, you name it. Still many website owners choose to not update their website and not to secure it against all that can happen!

Protection is necessary

After reading all articles you can find about WordPress and (lack of) security, you should be convinced that security measures are truly needed. Although a good web host and even a CDN like CloudFlare can prevent your website from being attacked, they are never 100 percent foolproof. Together with making backups regularly, protection is the best way to make sure your website is safe, but also repairable when things do go wrong.

Protection DIY

Some things can be done by yourself to protect your website:

  • Remove the user ‘admin’, if it exists
  • Block the file editor in WordPress
  • Protect folders and files in .htaccess
  • Move wp-config.php to another folder
  • Use unique security keys in wp-config.php
  • Use a different database prefix

Protection with a plugin

After taking care of the basic steps to protect your website, it is time to go a big step further. Although there are still a lot of things you can do yourself, these things will get to complicated for most users. That is why there are many plugins that can help you protect your website.

I have been testing a few of the major free security plugins. In the end, Shield was the one I kept. I haven’t had any problems on the websites I manage ever since I have been using Shield. No security breaches and no trouble setting it up without losing functionality or performance on the front end.

Options of Shield

Shield has a lot of options and settings. After installing and activating the plugin, you get this dashboard. All options will be orange on a fresh install!

Shield dashboard

Before you start setting the options, you should really have a look at them all. Before you start using options, you must be sure how to set these up. Otherwise options can break your website up, or you won’t be able to log in anymore!

The screenshot was made on my own website. As you can see not all options are in use. I don’t use the Comments SPAM options because I have an other solution for protecing the comments section.

Use the automatic updates options with care! I turned of all the automatic updates off WordPress itself and the plugins. I like to be sure these are compatible the moment I update them. Just the plugin Shield itself can auto update, to be sure I have the best protection.

Under Hack Protection you can find the option to check the WordPress core files. All the core files that should be in your installation, will be verified against the official WordPress repository. Possible differences will be reported. You can even have them updated automatically. This is one way to detect and resolve PHP injections.


Security measurements are necessary. You will have to invest some time to figure out all the options. Be sure to read the documentation and select and configure the options you need. And test your website after configuring this plugin. Make sure everything works as it should and you can still log in on the back end.

You can never be 100 percent safe. But you can lower the risk of getting hacked big time by installing a plugin like Shield. Make sure you have a backup procedure that makes it possible to be back online in minutes in case you still get hacked. Getting hacked is a big problem, losing all your content without the possibility to restore it, is disastrous!

What do you do to keep your website safe? Please share your experiences in the comments section below!

More info and download

Shield WordPress Security









Ronald Heijnes

Since 2008 I keep myself busy with the functionality, management, maintenance and performance of self hosted WordPress. I like to share this knowledge. All in my spare time!

Leave a Reply

1 Comment threads
1 Thread replies
Most reacted comment
Hottest comment thread
2 Comment authors
Ronald HeijnesDan Labbe Recent comment authors
newest oldest most voted
Notify of
Dan Labbe

I have WP spam shield on my website.

Close Menu