paulgoodchild

<?php declare( strict_types=1 );

/**
 * Shield Security for WordPress:
 * Force administrator passwords to expire after 90 days.
 *
 * Add this to your theme's functions.php file or a custom snippets plugin.
 *
 * Shield passes:
 * - $isExpired: Shield's current password expiry decision.

paulgoodchild

<?php declare( strict_types=1 );

/**
 * Perform any secondary checks before Shield verifies the 2FA nonce.
 * If any of your checks fail, throw a new \Exception() with the error message you'd like to display to user.
 */
add_action( 'shield/2fa/email/pre_send_email/pre_nonce_verify', function ( \WP_User $user, string $plainNonce ) {
	// e.g. this is a trivial example and not an actual check that is required.
	// The message 'User ID is invalid.' will be displayed to the user.
	if ( $user->ID < 1 ) {

paulgoodchild

<?php
/**
 * Shield Security's 2FA timeout defaults to 5 minutes. This means that a user must
 * supply their 2FA code(s) within this time or they'll need to start again (re-login).
 *
 * Some email providers can be a bit slow at times with their email delivery, and 
 * 5 minutes isn't long enough. To provide a bit more time, you can use a filter to
 * extend the timeout to as many minutes as you need.
 *
 * Reference: https://support.getshieldsecurity.com/support/solutions/articles/3000101220

paulgoodchild

<?php declare( strict_types=1 );

/**
 * Be sure to place this in your theme's functions.php or if you're including
 * it within a plugin, ensure that it runs before WP's 'init' action has executed.
 * 
 * This will prevent Shield's Site Health components from executing and populating
 * WP Site Health area with Security recommendations.
 */
add_filter( 'shield/can_run_site_health_security', '__return_false' );

paulgoodchild

<?php declare( strict_types=1 );

use FernleafSystems\Wordpress\Plugin\Shield\Modules\HackGuard\Scan\Controller;

/**
 * Launching on-demand scans for Shield Security can be done using the function outlined below.
 * It requires a single array parameter that contains the so-called "slugs" of the respective scans.
 *
 * Shield currently has 3 distinct scan types, namely:
 *  - AFS: file scanner, (WordPress, plugin, themes, malware scan)

paulgoodchild

<?php declare( strict_types=1 );

/**
 * Easy Digital Downloads will send license expiration notices for any licenses, even if they
 * have been refunded. This is not ideal.
 *
 * This filter will prevent such notices being sent if any payments associated with this
 * license have been refunded.
 *
 * This may not be applicable in cases where you EDD store supports multiple products in

paulgoodchild

<?php declare( strict_types=1 );

/**
 * Use this filter to tell Shield to block a request.
 *
 * By default, Shield will block requests solely based on the IP reputation for that site.
 *
 * With this filter, you can change these criteria.
 * 
 * In this example we want to block all access to the WP admin and WP login areas and

paulgoodchild

<?php

/**
 * Adding custom roles is a case of using the filter provided, adding your
 * roles to the array of roles that has 2FA by email forced upon them.
 *
 * The role you add will be the 'slug' of the role, not the name of the role.
 * For example, WordPress comes with built-in roles such as Administrator.
 * The slug for this role is 'administrator', not 'Administrator'.
 */

paulgoodchild

<?php declare( strict_types=1 );

/**
 * Use this filter to tell Shield to NOT run the NotBot JS system.
 *
 * If you disable the NotBot JS system then you will likely lock-out visitors.
 *
 * Use of this filter is at your own risk.
 */
add_filter( 'shield/can_run_antibot', function ( $canRun ) {

paulgoodchild

<?php

/**
 * Note: Only available from Shield v11.2+
 *
 * Use this filter to tell Shield whether or not the Plugin Security Badge should be displayed or not.
 *
 * More Info on badge here: https://getshieldsecurity.com/blog/feature-plugin-badge/
 *
 * For example, you may only want to show the badge if the visitor is not on a mobile (see below).