Shield Security for WordPress

I have 8 websites using Shield Pro on a shared hosting environment. I currently still only have the scans running once per day - although I intend to increase it. When looking at my hosting stats I can see a spike in CPU usage once a day when the sc

To limit the number of devices a user can have detected by the 2fa, and lock additional devices. My ideas is allow my users to use the website only from 2 devices and additional devices disallow the login

Add a checkbox to exclude the server's own IP address from traffic log viewing, as you can for the site admin's current IP address.

Allow IP traffic logs to be downloaded in CSV format for easy analysis / manipulation / reporting in a spreadsheet application of choice by the site admin.

When MainWP runs it's security checks, it has a Fixer for searchable file directories, and it places blank index.php in directories that could otherwise be searchable (likely other protections in place, but it's still a good fix). However, the Unre

Allow enforcing 2FA/MFA for different user groups Google Auth and Hardware 2FA in the same was as for E-mail 2FA. I think this might not have been implemented because you're in a loop when users haven't got 2FA/MFA configured, but have it enforced,

When a "magic link" is used from another system such as MainWP, or a web host's control panel (or the likes of GridPane), 2FA/MFA is ignored. One school of thought is that someone should have good security on those systems ,and also already used 2F

The banner at the top of the plugin's pages is useful for new installations and people new to Shield, but it's annoying and takes up screen real estate when it displays after Shield has been setup. Worse, it can look unprofessional to clients and/o

I know that I can setup a network to manage my settings across multiple Pro sites, but it would be awesome to be able to share offence increase and IP blocking data across sites and cumulatively, too. If someone is behaving badly on one of my sites

You mention pages being tagged as malware, with 0% chance of being a false positive. Yet the flagged code is simply a small bit of regex commented out, which could not possibly be malware. Note: Currently the scanner examines only the patterns in t

I am using WooCommerce with a custom premium design. That's why the options for Google Auth. or 2FA email are not displayed under "My Account" after activation. Is there already a suitable solution for this? Add the ability to show 2FA options for

It would not be bad to prevent or block the use of certain usernames like "admin, administrator, superuser,..." in advance during registration. Maybe we can also build a blacklist for this.

Add a way to exclude specific logged in users or WP roles (e.g. admin) from the traffic logger. I know that I can exclude "logged in users" but that would exclude everyone. I just want to exclude either a specific known user (e.g. my account) or a

Add the possiblility that your emails mention the URL related to your notifications. I monitor several websites and it is always a pain to try to guess where the information belongs to. For examle, email with the subject line: Thank You For Renewi

When someone registers, they'll see a notice informing them that their registration request will be sent to the site admin for approval. Once a user has submitted the registration form, admin will receive an email notification about the new user re