We’re re-branding our WordPress Simple Firewall plugin – it’s called ‘Shield‘.
You may have been wondering why on earth there’s no Premium version for our Simple Security Firewall plugin.
We honestly didn’t want to go down that route and we held off as long as we could.
But we must do so in order to maintain ongoing plugin development and handle the ever-growing customer support. It’s a case of going Pro, or going home.
Free WordPress plugins are great – it’s what makes WordPress tick, after all. But when you reach a large enough scale, and your plugin is under constant development, you come to a fork in the road. Our 2 options going forward are as follows:
- We continue the plugin as a completely free solution. This will lead to degradation of quality, reliability and support. Or,
- Introduce a paid tier, where professionals and businesses are encouraged to support the development of the product. This will help improve our service based on 3 key founding principles – high quality, solid reliability, and awesome support.
Long-standing supporters of our products know that this is what we try to deliver. We’ve worked hard to get where we are today, and we don’t want to lose this.
Shield Pro – What’s the difference?
Shield Free will continue to provide seriously high-grade protection for your WordPress sites.
It does this with some critical security features, ranging from:
- A rock-solid Firewall that stands between the internet and your sites
- Super Admin
- Brute Force Login Protection
- Multi-Factor User Authentication
- User Sessions
- Comment SPAM filtering
- Core File Scanning
- Plugin Vulnerability scanning
- Automatic Updates management
- Comprehensive Audit Trail
- and numerous Lockdown settings (e.g. disabling XMLRPC).
…and it provides all this for free. These will, of course, continue to be free.
Some of these features demand further development. But, we cannot allocate the resources to them that we’d like at the moment.
Wait a minute! Shield Pro v Shield Free – wont we just cripple the free version?
Absolutely never. Read that again: Absolutely never.
We will make every effort to include as many features in the free version as is available in the Pro. But, as we outline later on some features we want to bring into Pro can’t be made available e.g. use of commercially available security vulnerability databases.
How will Shield Pro differentiate over time?
So if Shield Pro will start off as being no different, why on earth should you bother with it?
We have huge plans for Shield. But we can’t do this without support from our business and professional clients.
Here are just some of the developments we’re considering:
- We want to incorporate a commercial database for plugin and theme vulnerabilities. “Commercial” = we will purchase a regularly maintained database for our Professional subscribers – we can’t currently do that.
- We want to build out User Session management from its basic foundation to be far more comprehensive and robust.
- The Audit Trail is quite basic… it does what it’s meant to do, but it needs a lot of work and refinement.
- Security Policies – apply the same security polices across all your sites
But bigger than all of these, we intend to integrate it into iControlWP itself.
iControlWP + Shield → Scalable WordPress Security
Why does integration into iControlWP matter?
There is no professional platform in the world that operates their security on an independent-nodes model. Professional security is always founded on security policies, and deployed across the network from a central hub.
Take a moment to consider your current model of WordPress security management. You are the central hub and you try your best to set-up all your WordPress sites according to your security policies. You then have to visit each individual site to monitor and review activity, audit trail etc.
WordPress has traditionally been managed on a per-site, independent node, ad-hoc basis. But many businesses are realising the advantages of centralized, secure control of their websites. Unfortunately, WordPress Security has yet to from the improvements that this approach offers.
We plan to change all that.
Shield Pro – What do I get?
We are moving to Shield Pro services progressively. Initially there will be no separate, professional version of the plugin.
Our first step is Premium plugin support. We’ll continue to monitor the WordPress.org support forums, but requests that come from our paying clients take priority.
Here is a summary of what you need to know:
- Support for the plugin will be prioritized, and significantly limited to our Pro clients.
- Support for non-Pro clients will be considered on a case-by-case basis, but will not be officially provided.
- Non-Pro clients will always have full access to all features in the free version, available from WordPress.org. And unlike other security plugins, we will never cripple the free plugin – we will make any features freely available where we can.
You can continue to use the plugin exactly as you use it today. But, if you support us and go Pro, you’ll be officially supported by us in return.
By supporting us you directly contribute to your own site security. It helps drive development forward and promote improvements in the security plugin.
Furthermore, you will always have access to any premium features as and when they develop. You’ll see more centralized options within iControlWP such as scans, reports, and even network intelligence.
How do I go Pro?
We are offering Shield Pro primarily through iControlWP subscriptions. What does this mean exactly?
This simply means that all websites connected to the iControlWP control panel will have Shield Pro. All clients of iControlWP will benefit with support coverage for the Shield plugin.
What if you don’t want to use iControlWP? Contact us and share your case with us. We will consider other options for clients with operations at significant scale.
When is Pro available?
We plan to officially go Pro from the 1st March 2016. If you have questions, suggestions or feedback, please do let us know in the comments section below.
We’re happy to take on whatever feedback you have and we do listen!
Thank you for all your support both until now, and ongoing – we wouldn’t be who we are today without you.
This step has to be reached at one moment or another.
View CommentAs I am already an iControlWP customer, I completely agree with this move. 🙂
NB: by the way, thanks for the double auth with Google Authentificator. 😉
Hey Franck!
Thanks for your support, and yep, you’re already covered with our support! 😀
Glad you like the Google Authenticator addition. We are also adding Google ReCaptcha with our release next week for use on the login forms, and Comments too 🙂
View CommentI fully understand the need to move forward as you have mentioned in your post.
View CommentIt would be great in the PRO version for iControlWP clients if Shield somehow be an auto install (similar to iControlWP), white labeled with iControlWP, and allow for a template default set up of Sheild for time savings. This would be items I would like to see on Shield’s white list.
Hi Roy!
Great, glad to hear you’re behind us in this. We never considered white labelling for Shield, but yep, great idea!
Templates / Security policies are definitely on the agenda for Shield so you can apply settings centrally from iControlWP. Auto-install will definitely be added too as part of the Shield setup from within iControlWP.
These features will all come in time.
Thanks for the support and feedback!
View CommentHi Paul
I’ve always loved the Simple Firewall and recommend it to all my WordPress user friends.
Sounds as though you guys are going head to head with WordFence, Sucuri and iThemes Security… is that right?
My problem is that I don’t use iControlWP so I may have to go the “What if you don’t want to use iControlWP? Contact us and share your case with us.” route.
I’ll follow the comments to see how things progress.
View CommentHi Keith,
Thanks for getting in touch… I appreciate that for some, our pathway to Pro isn’t ideal, but it’s a transitional position that we’re taking. How long it’ll be this way, I don’t know, but we are certainly open to discussion of options.
Probably best we chat offline on this. I’ll drop you a mail and we can talk there.
View CommentThanks!
This is great news. Currently we maintain a WP management tool on our own servers, and after testing all the major plugins including WordFence and iThemes Security Pro only Simple firewall actually worked for our clients. The others never could catch the new wave of spam commenters.
With this move to ICWP I can almost guarantee you that we will move from a self hosted WP management solution to ICWP. This is what we’ve been wating for.
I’m glad to see you guys going pro.
View CommentHi Reagan,
Great to hear that Shield has been such a success for you so far. Long may it continue! The transition to centralized security management will be a staged, evolutionary one, but the more support we get early on, the faster we can move to implement Shield management within iControlWP.
Speaking of SPAM, our next release should have Google ReCaptcha for login and comments. While our current implementation works really well, we decided to add another option for those that like the Google touch 🙂
Thanks for your support! 🙂
View CommentHello Paul
Your plugin does its job well for me. I have built and manage some sites for small charities. I have used the free and pro versions of several of your competitors and settled on yours, first for these small sites and now use it as a matter of course.
The key has been that your plugin is light weight in its function, and still provides the things needed. On shared hosting, which is where these small sites are typically hosted, with the plans offering “unlimited everything”, as you would well know, the key is resource usage, which is what is monitored and controlled by the hosts.
All other things being equal, and after implementing CDN and caching etc, heavy resource usage is typically worst from security plugins running resource heavy scans continually.
I note your intention to purchase access to commercially available security vulnerability databases. The key will be how you implement the use of these, and how much of a resource hog the process is.
View CommentDon’t worry Mark, we intend to keep it super light. And, with the commercial database being held on the iControlWP server-side, request will come from us and they’ll be super light. We’ve always be careful about how we implement things, and this will be no different, I promise! 🙂
Thanks for your support!
View CommentPaul G. nice improve bro.
View Commentbtw, my web hacked with wordfen** plugin, then i move to simple firewall, i use on all my website.. until now work smoothly :}
million thanks for your help 🙂
Hi Jepara, it’s possible to get hacked even with our Shield plugin, because there are so many avenues for attack. Always make sure you use reliable web hosting providers, use secure FTP, and have a good, strong password policy.
This sort care will really help ensure you stay protected better, longer.
Thanks!
View CommentThe centralised control of Shield via ICWP will make me sign up for sure even though I got a lifetime license for a management tool from one of your competitors.
View CommentHi Philip,
This is one of the first things we’ll be looking to develop within iControlWP! 🙂
Thanks for your support!
View CommentGreat plugin, really fantastic.
Two things for me as a multi-site user.
I’d like a paid iControlWP / Shield option at a cost without Backup. I already have backup elsewhere and I think a second tier of pricing will bring more free users onto your books, than having to go the whole hog and pay for the backup too.
The other issue I’ve noticed cropping up since switching away from Akismet, Topsy blocker and another firewall is that my clients are starting to see more Contact Form based spam once again. It would be great if more could be done to mesh with Contact form 7 or WPForms Lite for example.
I honestly think the lower tier pricing option would bring in a huge set of paying customers that are currently being missed. It reminds me of the time that LogMeIn switched from their “free” option to the “Pro only” option and went from being the biggest remote admin business in the world, two third place in a week. Had they offered a simple “entry level” tier for small business, sparse use or home users they would have easily converted many many thousands of customers that they simple lost to Teamviewer and others overnight?
View CommentHi Paul,
I would also be interested in purchasing the Pro version of the plugin without signing up for the services of ICWP. I would love to pay annually for an upgrade to Pro.
Thanks,
View CommentDave
Hi Paul-
View CommentI’m trying your plug-in for the first time as restore our site from a hack –
it looks great so far – I’ll want to explore your iControl Products –
I do have a problem with the Plug-in badge ” the site is protected by” –
it’s covering up my email information in my left side bar –
how can I disable this?
Thank you!
Larry Davis
WP Antivirus Site Protection – detects virus in firewall.php file.
View CommentGreat! Thanks for finding this. Could you let them know about their false positive scan result, please?
View Commentthanks bro, great plugin, btw..
View Comment