We started BD Shield in 2024 because most WordPress security and performance plugins felt rented. Long renewals, opaque telemetry, support queues run by people who'd never read the code. We wanted the opposite. So we build every plugin in-house, write our own documentation, and answer support email ourselves.
When you renew a BD license, the money pays the people who wrote the thing you're running. Our team is small on purpose. Big enough to ship a release every few weeks. Small enough that the engineer who built the firewall is also the one who replies when it misbehaves.
The shape of the vendor relationship matters as much as the code. Here's the shape we picked, and why.
One backup plugin should do backups. Not backups plus a CDN plus a popup builder plus a CRM. We split jobs into twelve plugins so you install only what you need, deactivate what you don't, and pay for what you use.
Every security plugin we ship is tested against a live WooCommerce checkout first. If it breaks the cart, it doesn't ship. That's a hard rule, not a marketing line.
Buy any plugin and your license key validates across our catalog. No reseller portal, no "managed by" billing partner, no third-party authentication that could disappear in a year.
Not a chatbot. Not "a member of our team" who passes you to tier-2. The engineers who wrote the code read every ticket and ship the fix in the next release. Most replies inside a day.
So you can decide quickly whether we're a fit. Two columns. Read both. If the right column describes what you want, you're on the wrong site.
A small team writing production WordPress plugins. Twelve in the catalog, more on the roadmap. Every plugin runs on our own production site first.
Twelve focused plugins on one release cadence. Same versioning, same auto-update server, same support queue.
Per-plugin licenses from $49/yr. All-in-One bundle from $19/yr per tier. Refund window is 30 days, no questions.
Honest comparisons — we'll tell you when Wordfence wins a row. A vendor that pretends competitors don't exist loses CTR for a reason.
Code our engineers can defend in a security review. Un-obfuscated PHP, predictable class naming, your security reviewer can read the firewall in an afternoon.
A venture-backed platform play with a 30-tab settings UI and 200 features you'll never enable.
Per-site SaaS with surprise renewals at 3x the intro price. No usage tiers, no per-site surcharges.
A tier-1 chat outsource that escalates and forgets. No call center, no AI auto-responder, no "let me transfer you to my manager."
Obfuscated, minified bundles you can't audit. No ionCube, no encoded loaders, no eval(base64_decode()).
Enterprise software, yet. No SOC 2, no signed SLA. If your buyer needs those today, we're honest that we're not your supplier.
If you're evaluating BD Shield as a vendor for an agency, an enterprise WordPress site, or a regulated business, here's the posture our team commits to. No NDA, no sales call, no "let's hop on a quick demo."
Plugins process site content, user data and security events on your server. We never sync site data to BD infrastructure. The only outbound call is your license check.
verified · audit-friendlyPlugins don't ship analytics SDKs, fingerprinting libraries, or usage trackers. We don't know how many of your forms got submissions, and we don't want to. Grep your wp-content — you won't find them.
verified · grep-checkablePlugins ship un-obfuscated PHP, organized by class with predictable naming. Hand a license to your security reviewer and they can read the firewall logic in an afternoon.
verified · open any .phpEvery quarter, our engineers re-audit the firewall, the malware scanner and the auth flows. Findings get patched in the next release. We publish the cadence; enterprise customers can request the summary.
cadence published · external pendingPlugin downloads from our license server use signed, time-limited tokens tied to your license. No anonymous public URLs that hostile actors can fingerprint.
verified · per-request tokensPlugins vendor their dependencies at fixed versions. We don't load third-party JavaScript from CDNs at runtime, ever. What you install is what runs.
verified · single-tree codebaseIf a plugin doesn't fit, email us inside 30 days. We refund the license. No churn-survey, no retention call, no "let me transfer you to my manager."
verified · billing policyTickets land with engineers, not a tier-1 queue. The person replying has commit access to the plugin you're asking about. Most replies inside a day; complex tickets inside three.
verified · last 90 daysHonest about gaps. We're a small workshop, not an enterprise vendor. If your security team needs those reports today, we're not the supplier — and we'll say so on the call, not after the invoice.
known gap · roadmap dependentThese aren't marketing lines. They're the operating rules our team commits to keep, version after version. If we ever break one, we'll say so on the changelog.
Every bug fix, every new feature, every security patch flows through the WordPress updates screen. No "premium feature unlocked at the next tier." If we ship it, you get it.
Email hello@getbdshield.com within 30 days of purchase and we issue the refund the same business day. No retention call, no "tell us why," no upgrade nudges.
What you bought is what you have. Zero nag dialogs. Zero "upgrade to premium" banners wedged into your settings page. The admin UI is for managing your site, not converting you to a higher tier.
Readable PHP, no obfuscation, no ionCube, no encoded loaders. Audit it, fork it, hand it to your security reviewer. What you install is what you can read.
We don't list individual names publicly — but here's the shape of the team you're hiring when you renew a BD license.
Our engineers write every plugin in-house. They've shipped WordPress code professionally since the late 2010s, on stacks ranging from single-blog hosts to multi-site networks running tens of millions of pageviews. They also pick up the support tickets that need code-level answers.
Our support team replies to every email that hits hello@getbdshield.com. They triage, they reproduce, and when something needs a code change, they walk it to the engineer who owns that plugin. Most tickets close inside a day. Nothing gets escalated into a black hole.
One designer keeps the admin UI, the marketing site and the documentation visually consistent. Twelve plugins, one design system. That's how the menu stays clean as the catalog grows.
Pick the plugin closest to your biggest WordPress headache. 30-day refund means there's no real downside to seeing if our team is who we say we are.
