Solid Security Plugin with Some Hidden Pitfalls

I’m a web developer and I like Shield Security. It’s solid and offers strong protection.

That said, after following their advice to improve my security grade, I couldn’t edit the WordPress Customizer for months.

Support was polite but mostly suggested generic fixes like disabling HTTP headers, which didn’t solve the problem. It took me some digging to find the real cause. The issue was the anonymous REST API setting blocking access.

Once I disabled anonymous REST API, everything worked again. I realize this was my fault for not researching the setting before enabling it, but since Shield’s dashboard recommended it to improve my security score, it caught me off guard.

Shield Security is the best security plugin on the market, but it would be helpful if they added a clearer caution about how some settings might break parts of WordPress. It’s powerful but comes with some tricky trade-offs.