Advanced Threat Intelligence for WordPress Protection: ShieldPRO and CrowdSec Story

ShieldPRO delivers powerful security to WordPress sites by detecting and protecting against bad bots.

With 10 million downloads, ShieldPRO keeps its customers safe through its Exclusive Security Scanner, pinging only the most critical alerts to the WordPress owners. 

More than that, ShieldPRO offers a wide range of optimization and protection features including 2FA, limited logins, brute-force protection, blockage of SPAM comments and more.

Recently, we have teamed up together in a partnership to bring real-time protection and advanced threat intelligence to their users but also to strengthen our signals.  

CrowdSec and ShieldPRO

ShieldPRO was working its way through the complex system of creating an intelligence network when it stumbled upon CrowdSec. After reaching out to us, we found it mutually beneficial to work together as we could provide this complex intelligence network to enhance their overall protection capabilities and they could provide us with user signals that would further enrich our network. 

You can read more about our partnership here.

The Benefits of Working Together

Since the beginning of the collaboration with CrowdSec, we observed an average of 58% of malicious IPs attacking ShieldPRO’s users are blocked beforehand by CrowdSec's community blocklist. 

This first touch blocking often discourages attackers’ probing thus saving resources by not even hitting the first line of defense, protecting the WordPress locally.

As ShieldPRO watchers' reputation increases on CrowdSec’s network their signal weigh more and more up to the point that attackers signaled for behaviors against ShieldPro are added to the community blocklist: making it tailor-made for ShieldPRO users and helping CrowdSec’s expert system to have a better understanding of attackers targets and behaviors.

For ShieldPRO customers: they get the value of protecting their system without having to deal with repeated offenses from malicious IPs known by CrowdSec, they get a network that blocks the malicious IPs at first sight, and they have the additional advantage of preventing new vulnerability exploits that had not been detected by ShieldPRO. 

For CrowdSec: we benefit from receiving signals that enhance our community blocklist with a view on behaviors that are directly detected on WordPress. These behaviors provide valuable pieces of information to confirm malicious behavior even faster for specific targeted systems and will help enrich further CrowdSec's Cyber Threat Intelligence (CTI).

Our collaboration is so-far only in its first iteration, however, it's already highly effective. Future releases by ShieldPRO and CrowdSec will help optimize the protection and experience for both users of ShieldPRO and CrowdSec even more over time. 

Replicate this effect with our Software Development Kit

Are you also looking to add network intelligence to your security software? We're helping integrate signal sharing and the creation of tailored blocklists thanks to our open-source PHP SDK doing the heavy lifting to interact with our Central API (CAPI)

As we are driving an effort to integrate signal sharing and blocklist acquisition on multiple CMS and e-commerce platforms, we're also improving everybody's reactivity against attacks.

You can find out about PHP SDK integration here (JS and Python SDK to come in 2023 depending on community requests): https://github.com/crowdsecurity/php-capi-client to easily create and send signals and https://github.com/crowdsecurity/php-remediation-engine built on top of it to ease the community blocklist management.

In collaboration with ShieldPRO on WordPress and various other well-known content management systems (more integrations coming in 2023), the version 1.0 SDK will soon be around the corner, stay tuned!

Are you interested? Get in touch with us to discuss the best practices and the use of our SDK (PHP or others to come).

See all the good practices here.

Check out ShieldPRO for protection for your WordPress site, or you can start the free version for immediate access to basic CrowdSec IP lists.

‍