I would like to suggest options for improving the Shield plugin for Wordpress.
1) Spam bots still leak through registration and register on the WordPress site using the email address that the bot registered with instead of a nickname.
So - it would not hurt to prohibit users from writing their email address in names and nicknames.
2) When registering for spam, the spam bot cannot confirm the email address. And these users are not confirmed on the site until they are manually deleted.
It would not hurt to add such a function - to automatically delete users who have not confirmed their registration on the site, after some time.
In principle, everything.