User security features are dedicated to ensuring user accounts
are protected against hacking and intrusion.
It provides user login/registration/lost password/checkout forms Bot Protection by using the new AntiBot Detection Engine (ADE). It also provides two-factor authentication (2FA) for users and customers.
Shield has integrated easy-to-use two-factor authentication (2FA) and multi-factor authentication (MFA). By forcing users to confirm their identity we lock down account access to the verified account owners only. Users can also choose if they want to use 2FA-by email or not and register multiple U2F and soon Yubikey security devices on the same account.
Make 2FA Even Easier By Allowing Users To Bypass 2FA Temporarily (no recommended).
Strike a balance between added security and a smoother user experience.
Shield’s 2FA & MFA interface was only available in the User Profile UI.
Allow users to generate backup login codes that can be used if they lose their 2FA login devices.
Login backup codes are 1-time-only passwords that grant 2FA access to your account if, for whatever reason, your other factors aren’t unavailable. (In sensitive accounts).
More Harden User Passwords – A Common Source Of Account Hacking
Password policies based on password length, strength, and age.
The user have a full control over passwords used on his account. All users (including Admins) must meet those requirements – there’s no exceptions whatsoever. Otherwise, they will not be able to login.
Disabled User Account Automatically
Suspend user accounts that have become dormant or unused.
Automatically for the users with expired passwords and requires a password reset to unsuspend.
Block SPAM User Registrations
It Stops the SPAM user registration as early on as possible.
Detecting, and even blocking SPAM user registrations that contain fake email addresses.
Detect and Block Human SPAM
Detecting Human SPAM and Maintain Privacy.
Comment SPAM posted by human actors is notoriously difficult to detect, but Shield’s evolving dictionary-based detection will help filter out the good from the bad.
Note also that, Shield never sends comment spam data to our servers for processing.
Most SPAM is automatic, by bots, but sometimes Humans also post comments to the site, and these bypass Bot Detection rules. When this happens, the content scan for keywords that are typical of SPAM and let the Shield block such comment automatically.
Block 100% Bot Comment SPAM
Completely Eliminating Comment SPAM From Bots
Bot-based comment spam is by-far the most prolific type of SPAM. Shield’s unique protection eliminates all automated comment SPAM.
Automatic Bot Comment SPAM protection filter blocks 100% of all automated bot-generated comment SPAM.
Advanced Security Headers
Implement Certain HTTP Security Headers
It Protects visitors from a wide range of attacks including ClickJacking, Cross-Site Scripting, Cross-Site Injection.
It Safeguards site visitors further by setting certain Advanced HTTP Security Headers.
Block Username Fishing
It Prevents Anyone From Discovering Usernames On our Site.
While this isn’t a full security issue, it does allow a would-be attacker to at least know some of the valid usernames on a site for the purposes of trying to gain access.
Block the ability to discover usernames based on author IDs. Any URL requests containing “author=” will be killed.
Powerful Malware Scanner
Detect and Remove All Types Of PHP Malware
The most powerful malware scanner detects known, and never-before-seen malware.
It Scans and monitors files for malware infections wherever they’re hidden on our site. If there’s code in there that could be malicious, it gets flagged. We have scheduled the scanner to run, remove, and repair files automatically as often as every hour.
English
French
German
Italian
Portuguese
Spanish