How to install and set up Shield Security in WordPress

Shield Security is a WordPress plugin designed to protect your website from unauthorized access and attacks. Features include blocking malicious URLs, requests and comment spam, two-factor authentication for user access, protection from brute force attacks, and more.

To install the plugin, sign in to your WordPress administration menu. From the sidebar, select Plugins > Add New. Search for Shield Security and install it, then activate the plugin.

Add plugin

Once activated, you’ll be invited to share anonymous usage data with the plugin’s developers. This is an optional setting and can be disabled at any time. Use the buttons to make your selection.

Share usage data

At the bottom of the administration sidebar, you’ll see a Shield Security entry. Click it to configure the plugin.

Plugin configuration

The Shield Dashboard includes a series of tabs that can be worked through to tailor security settings for your site. The Global Options sub-tab allows you to enable or disable the plugin, while General Options will allow you to configure notification settings and other site-wide options.

General options

Use the Google sub-tab to configure your reCAPTCHA site keys.

The Security Admin tab allows you to set a key preventing unauthorized access to the Shield Security plugin. It’s recommended to enable this setting, but be sure to keep your access key safe.

Security admin settings

Once enabled, you can further restrict Administrator access to WordPress settings.

Shield Security is equipped with a Firewall that protects your website from malicious requests. It’s enabled by default, and you can use the Firewall Blocking, Firewall Response and Whitelist sub-tabs to configure the firewall rules for your installation.


Brute Force Login Protection equips your WordPress login pages with Google ReCaptcha support, preventing the risk of bot access. Login Protection supports a range of features for obscuring your WordPress administration dashboard and hardening access security. Multi-Factor Authentication supports using Google Authenticator, Yubikey or Email authentication, which requires your users to enter a secondary code or click an email link to access the dashboard.

Brute Force Login Protection

You can also hide your WordPress login pages by automatically renaming their URL.

The User Management tab allows you to view and manage user sessions, timeouts and be alerted when a user logs in to the site, while you’ll find a slew of options for controlling spam from humans and bots in the Comments SPAM tab.

Comments SPAM

Shield Security is equipped with features to support automatic WordPress updates, alongside plugins and theme updates when available. At the same time, Hack Protection offers daily scans of your WordPress files, identifying and repairing rogue code that may be malicious.

Hack protection

Other advanced settings include HTTP header configuration, a comprehensive suite of security lockdown settings, IP white and blacklisting and an audit trail, allowing you to trace user access and identify security issues.

If you need help with your HostPapa account, please open a support ticket from your dashboard.

Related Articles

Get online with our affordable web hosting

Get online with our affordable web hosting

Learn more now
HostPapa Mustache