{"id":223326,"date":"2025-04-08T07:43:33","date_gmt":"2025-04-08T07:43:33","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/netsensai-shield\/"},"modified":"2025-10-14T20:18:56","modified_gmt":"2025-10-14T20:18:56","slug":"netsensai-shield","status":"publish","type":"plugin","link":"https:\/\/pt.wordpress.org\/plugins\/netsensai-shield\/","author":23174675,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.4.9","stable_tag":"1.4.9","tested":"6.8.5","requires":"5.6","requires_php":"","requires_plugins":null,"header_name":"NETSENSAI Shield","header_author":"Rafa\u0142 Gierlicki","header_description":"NETSENSAI Shield is a security plugin designed to enhance WordPress site protection by offering essential security features based on best practice principles.","assets_banners_color":"3e7c9f","last_updated":"2025-10-14 20:18:56","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/www.netsensai.pl\/store\/","header_author_uri":"https:\/\/www.netsensai.pl","rating":5,"author_block_rating":0,"active_installs":1000,"downloads":6155,"num_ratings":5,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.1":{"tag":"1.1","author":"rgierlicki","date":"2025-04-11 09:04:24"},"1.2":{"tag":"1.2","author":"rgierlicki","date":"2025-04-15 13:24:17"},"1.3":{"tag":"1.3","author":"rgierlicki","date":"2025-04-16 13:51:13"},"1.4":{"tag":"1.4","author":"rgierlicki","date":"2025-05-23 19:25:54"},"1.4.1":{"tag":"1.4.1","author":"rgierlicki","date":"2025-05-23 19:41:09"},"1.4.2":{"tag":"1.4.2","author":"rgierlicki","date":"2025-05-23 19:56:11"},"1.4.3":{"tag":"1.4.3","author":"rgierlicki","date":"2025-05-23 21:16:06"},"1.4.5":{"tag":"1.4.5","author":"rgierlicki","date":"2025-06-15 14:36:20"},"1.4.6":{"tag":"1.4.6","author":"rgierlicki","date":"2025-08-03 20:07:54"},"1.4.7":{"tag":"1.4.7","author":"rgierlicki","date":"2025-09-14 21:22:44"},"1.4.8":{"tag":"1.4.8","author":"rgierlicki","date":"2025-09-17 17:37:38"},"1.4.9":{"tag":"1.4.9","author":"rgierlicki","date":"2025-10-14 20:18:56"}},"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":5},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3268372,"resolution":"128x128","location":"assets","locale":""}},"assets_banners":{"banner-772x250.png":{"filename":"banner-772x250.png","revision":3268372,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.1","1.2","1.3","1.4","1.4.1","1.4.2","1.4.3","1.4.5","1.4.6","1.4.7","1.4.8","1.4.9"],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[35859,31093,1178,600,1173],"plugin_category":[54],"plugin_contributors":[240522],"plugin_business_model":[],"class_list":["post-223326","plugin","type-plugin","status-publish","hentry","plugin_tags-cybersecurity","plugin_tags-hardening","plugin_tags-protection","plugin_tags-security","plugin_tags-wordpress-security","plugin_category-security-and-spam-protection","plugin_contributors-rgierlicki","plugin_committers-rgierlicki"],"banners":{"banner":"https:\/\/ps.w.org\/netsensai-shield\/assets\/banner-772x250.png?rev=3268372","banner_2x":false,"banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/netsensai-shield\/assets\/icon-128x128.png?rev=3268372","icon_2x":false,"generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>NETSENSAI Shield offers a range of security features, including:<\/p>\n\n<p>Changing the login URL to reduce brute force attack risks.<\/p>\n\n<p>Disabling the REST API (WP API JSON) for non-logged-in users.<\/p>\n\n<p>Disabling XML-RPC to prevent unauthorized access.<\/p>\n\n<p>Disabling the WordPress file editor to avoid accidental or malicious changes.<\/p>\n\n<p>Disabling Application Passwords to block unauthorized API access.<\/p>\n\n<p>Applying advanced HTTP security headers (e.g., HSTS, X-Frame-Options, Content-Security-Policy).<\/p>\n\n<p>Integration with W3 Total Cache:<\/p>\n\n<p>Permanently disable .htaccess writes by W3TC<\/p>\n\n<p>Runtime disabling of Page Cache UI<\/p>\n\n<p>One-time full cache flush on first admin page load<\/p>\n\n<p>Automatic cache flush on Secure Options save<\/p>\n\n<p>Physical cleanup and permanent disable via the W3TC API<\/p>\n\n<p>Suppression of Site Health REST API availability notices for non-logged-in users (removes false Site Health errors while maintaining full API blocking).<\/p>\n\n<p>In addition, the plugin provides helpful user feedback:<\/p>\n\n<p>Email notifications when the login URL changes \u2013 sends a localized HTML email (Polish or English) with your old and new login links, change date and the plugin logo, so you remember to update your bookmarks.<\/p>\n\n<p>Admin popup when disabling the WP API JSON \u2013 displays a friendly modal warning that disabling the REST API may break plugins like WooCommerce or contact forms. The popup includes a purchase link to upgrade to the PRO version if you need this feature without losing functionality.<\/p>\n\n<p>Scoped styling \u2013 the custom colour for the \u201cSave changes\u201d button is now limited to the Secure Options page, so other admin pages keep the default WordPress look.<\/p>\n\n<p>Promotional banner assistant \u2013 notifies administrators of summer discount codes and NETSENSAI Shield PRO features.<\/p>\n\n<p>The free version provides both core and advanced Level 3 security functionalities. A PRO version offers extended support, additional features, and automatic protection enhancements.<\/p>\n\n<!--section=installation-->\n<p>Download NETSENSAI Shield from the WordPress.org repository or upload the plugin files to \/wp-content\/plugins\/netsensai-shield\/.<\/p>\n\n<p>Activate the plugin on the WordPress Admin Dashboard under Plugins.<\/p>\n\n<p>Navigate to Settings &gt; Secure Options and configure as needed.<\/p>\n\n<!--section=faq-->\n<dl>\n<dt id='how%20do%20i%20change%20the%20wordpress%20login%20url%3F'><h3>How do I change the WordPress login URL?<\/h3><\/dt>\n<dd><p>Go to Settings &gt; Secure Options and enter your preferred path in the Change Login URL field.<\/p><\/dd>\n<dt id='how%20does%20disabling%20wp%20api%20json%20improve%20security%3F'><h3>How does disabling WP API JSON improve security?<\/h3><\/dt>\n<dd><p>It reduces exposure of your site\u2019s data via the REST API for non-logged-in users.<\/p><\/dd>\n<dt id='why%20disable%20xml-rpc%3F'><h3>Why disable XML-RPC?<\/h3><\/dt>\n<dd><p>Disabling XML-RPC helps protect against brute force attacks targeting that protocol.<\/p><\/dd>\n<dt id='what%20is%20the%20effect%20of%20disabling%20the%20file%20editor%3F'><h3>What is the effect of disabling the file editor?<\/h3><\/dt>\n<dd><p>It prevents code modifications via the dashboard, reducing the risk of malicious changes.<\/p><\/dd>\n<dt id='what%20headers%20are%20included%20in%20level%203%20security%3F'><h3>What headers are included in Level 3 security?<\/h3><\/dt>\n<dd><p>The plugin can apply:<\/p>\n\n<p>Strict-Transport-Security (HSTS)<\/p>\n\n<p>X-Frame-Options<\/p>\n\n<p>X-Content-Type-Options<\/p>\n\n<p>Content-Security-Policy (CSP)<\/p>\n\n<p>Referrer-Policy<\/p>\n\n<p>Permissions-Policy<\/p><\/dd>\n<dt id='how%20does%20the%20w3%20total%20cache%20integration%20work%3F'><h3>How does the W3 Total Cache integration work?<\/h3><\/dt>\n<dd><p>On activation or settings save, NETSENSAI Shield clears the W3TC cache, disables the Page Cache UI to prevent conflicts, and blocks future .htaccess writes by W3TC.<\/p><\/dd>\n<dt id='how%20does%20suppression%20of%20the%20site%20health%20rest%20api%20notice%20work%3F'><h3>How does suppression of the Site Health REST API notice work?<\/h3><\/dt>\n<dd><p>The plugin removes the default REST API availability test in Site Health for guest users, while still enforcing your REST API blocking settings.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.4.9<\/h4>\n\n<p>Security: Fixed potential access to the default password reset endpoint (<code>wp-login.php?action=lostpassword<\/code>) by enforcing redirect to the custom login URL.\nSecurity: Improved handling of \u201ccheckemail\u201d and other password recovery states to prevent false positives and direct access to <code>wp-login.php<\/code>.\nSecurity: Enhanced server variable sanitization and escaping for full WordPress Coding Standards (WPCS) compliance.\nImprovement: Refactored login guard logic for better stability and compatibility with LiteSpeed and custom rewrites.<\/p>\n\n<h4>1.4.8<\/h4>\n\n<p>Critical bugfix: prevents homepage from being replaced by login screen when custom login slug is empty or invalid. Update strongly recommended.<\/p>\n\n<h4>1.4.7<\/h4>\n\n<p>Improved custom login URL handling in all WordPress login flows:<\/p>\n\n<ul>\n<li>Fixed \"Lost your password?\" flow \u2013 reset form now works correctly under the custom login slug without 404 errors.<\/li>\n<li>Fixed post-reset confirmation screens (e.g., <code>?checkemail=confirm<\/code>) \u2013 users are redirected to the custom login slug instead of hitting 404.<\/li>\n<li>Added failsafe detection of the custom login page based on request path (works even if rewrite rules are not flushed).<\/li>\n<li>Extended URL overrides to also catch <code>network_site_url()<\/code> calls \u2013 ensures compatibility with Multisite and plugins using network context.<\/li>\n<li>Added no-cache headers on the custom login page to prevent CDN or browser cache issues with reset links.<\/li>\n<li>Centralized 404 handling into a helper for cleaner, lighter code.<\/li>\n<li>Optimized code structure \u2013 less repetition, more reliable edge-case handling.<\/li>\n<\/ul>\n\n<p>These changes make the password reset and email confirmation flows fully compatible with NETSENSAI Shield\u2019s custom login URL feature.<\/p>\n\n<h4>1.4.6<\/h4>\n\n<p>Added promotional banner assistant notifying of available discount codes and linking to the PRO version.<\/p>\n\n<p>Improved styling of the \"Save changes\" button to keep it scoped only to the Secure Options page.<\/p>\n\n<p>Minor UI adjustments and JavaScript animation for consistent dismissal effects.<\/p>\n\n<p>Added localized email notifications: when you change the custom login URL, the plugin sends a friendly HTML email (in Polish or English) detailing the old and new login links, including the change date and logo.<\/p>\n\n<p>Added WP API JSON warning modal: enabling the \u201cDisable WP API JSON\u201d option now triggers a popup explaining that the REST API is needed for WooCommerce and form plugins, and provides a link to purchase the PRO version for a safe disablement.<\/p>\n\n<h4>1.4.5<\/h4>\n\n<p>Scripts and styles now enqueue only on Settings \u2192 Secure Options (hook_suffix check).<\/p>\n\n<p>assets\/script.js is versioned via filemtime() to bust cache on each update.<\/p>\n\n<p>Removed legacy, unconditional enqueue\u2014eliminates console errors about missing toggle IDs.<\/p>\n\n<p>Streamlined admin enqueue logic into a single ns_shield_admin_enqueue_assets() function.<\/p>\n\n<h4>1.4.4<\/h4>\n\n<p>Fixed custom login URL in password reset flow:<\/p>\n\n<p>Password reset emails now include the correct custom-slug link with full query parameters.<\/p>\n\n<p>\u201cSet new password\u201d form action and hidden fields (login, rp_key) now function under the custom URL without 404 errors.<\/p>\n\n<p>Disabled WP canonical redirects on the custom login page to preserve login\/key parameters.<\/p>\n\n<p>Removed all error_log() debug hooks.<\/p>\n\n<p>Streamlined site_url and login_form_action filters to catch every wp-login.php occurrence.<\/p>\n\n<h4>1.4.3<\/h4>\n\n<p>Fixed readme parsing by removing Markdown syntax from the License URI and ensuring a plain URL.<\/p>\n\n<p>Updated short description to fit 150-character limit.<\/p>\n\n<p>Removed calls to error_log() flagged by Plugin Check.<\/p>\n\n<h4>1.4.2<\/h4>\n\n<p>Minor formatting cleanup in readme; bumped version to 1.4.2.<\/p>\n\n<h4>1.4.1<\/h4>\n\n<p>Compliance updates for WordPress.org (tags, description length); bumped version to 1.4.1.<\/p>\n\n<h4>1.4<\/h4>\n\n<p>Added integration with W3 Total Cache (cache flushing, UI disable, .htaccess protection) and hides Site Health errors related to the REST API for non-logged-in users.<\/p>\n\n<h4>1.3<\/h4>\n\n<p>Restored Level 3: Advanced Security features in free version. Improved popup behavior, translations added, Plugin Check compatibility enhanced.<\/p>\n\n<h4>1.2<\/h4>\n\n<p>Level 3 features were temporarily moved to PRO; version 1.3 restores them.<\/p>","raw_excerpt":"Hardens and protects your site by locking down login, REST API, XML\u2011RPC, file editor, and applying HTTP security headers.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/pt.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/223326","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pt.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/pt.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/pt.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=223326"}],"author":[{"embeddable":true,"href":"https:\/\/pt.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/rgierlicki"}],"wp:attachment":[{"href":"https:\/\/pt.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=223326"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/pt.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=223326"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/pt.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=223326"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/pt.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=223326"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/pt.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=223326"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/pt.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=223326"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}