Shield Security for WordPress

My client is not an "admin" but an ordinary user. I'm the site admin and I'd like to get an email alert when they log in. They do not need to get the notification about their login, just to be sent to me 8site admin).

Add a quick "turn off scan monitoring" while changes are made. When I push changes to templates and plugins I need to perform the scan to then confirm the changes, which is very time consuming. The plugin for cloudflare for example allows you to tu

I subscribed for Pro and then I triggered the Shield offenses, my IP got blocked and I couldn't log into my site. I feel the part of being blocked is so critical and important that when one receive the welcome email and assistance in first steps,

Could different backup options be selected to run at different times? Full or initital back up Incremental DB only DB & Core ETC. As I see it, I can only run a full back up or nothing, I have a handful of sites that I run on the same box, running

Specifically with Authy, they have a developer console where you can specify the logo that shows up for users using Authy. I suppose that would mean that there would need to be a way to integrate Shield Security with Authy directly via API Keys, etc

For me its just the "Anonymous Rest API" that is the big Seucrity threat, so I always disable that, but Allow XML-RPC. Would it be an idea to put a "Risk Rating" for each Option like these? 9/10 being very dangerous and 1/10 not dangerous... More

Must Use (MU) plugins are automatically activated and can't be manually activated/de-activated. They are often added by hosts/providers/agencies to ensure that functionality is available on all sites to keep them operational/secure/etc. However, th

FB (scans) post: Every time All-in-one-WP migration gets updated, I get an email indicating that there is an issue found by the Plugin/Theme guard and it is always for the same index.php file in the same folder. Add a way to flag this file to not tr

I have 8 websites using Shield Pro on a shared hosting environment. I currently still only have the scans running once per day - although I intend to increase it. When looking at my hosting stats I can see a spike in CPU usage once a day when the sc

To limit the number of devices a user can have detected by the 2fa, and lock additional devices. My ideas is allow my users to use the website only from 2 devices and additional devices disallow the login

Add a checkbox to exclude the server's own IP address from traffic log viewing, as you can for the site admin's current IP address.

Allow IP traffic logs to be downloaded in CSV format for easy analysis / manipulation / reporting in a spreadsheet application of choice by the site admin.

Allow enforcing 2FA/MFA for different user groups Google Auth and Hardware 2FA in the same was as for E-mail 2FA. I think this might not have been implemented because you're in a loop when users haven't got 2FA/MFA configured, but have it enforced,

When MainWP runs it's security checks, it has a Fixer for searchable file directories, and it places blank index.php in directories that could otherwise be searchable (likely other protections in place, but it's still a good fix). However, the Unre

When a "magic link" is used from another system such as MainWP, or a web host's control panel (or the likes of GridPane), 2FA/MFA is ignored. One school of thought is that someone should have good security on those systems ,and also already used 2F