// product updates

Changelog

Every release across the BDShield product line, newest first. Each version listed here is verified against the shipped source code — no marketing filler, just what actually changed.

BD Auto Blog

v1.2.1

AI-powered content automation. Generates topics, writes full articles using Claude, publishes on a schedule, and embeds stock photography automatically.

v1.2.1 May 2026 Latest
  • Fixed Default AI model updated to Claude Opus 4.7 for improved article quality and consistency.
  • Fixed Minor stability improvements to the article generation pipeline.
v1.2.0 April 2026
  • New Pexels stock photo integration for featured images. Set `image_source` to `pexels` and provide a Pexels API key — no more relying solely on branded SVG placeholders. (Professional+ tier)
  • New In-content images. Stock photos from Pexels are automatically inserted before H2 headings within the article body. Configure the count (default: 2) in Settings. (Professional+ tier)
  • New YouTube video embedding. Supply a YouTube Data API key and BD Auto Blog will find and embed a relevant video in each article. Supports keyword-based and niche-based search modes.
  • New YouTube error logging. When a YouTube embed fails, the error is stored in post meta (`_bdab_youtube_error`) and surfaced as a warning in the article log so you can see exactly what went wrong without digging through server logs.
  • New Article warnings system. Processing issues (failed image fetches, embed errors, fallback triggers) are collected during generation, stored in the article log as JSON, and displayed as amber warning icons in the admin dashboard. Nothing silently fails.
  • Improved Database schema updated to v1.1.0 — adds a `warnings` column to the article log table. Migration runs automatically on plugin load.
  • Improved Admin article log now shows per-row warning icons for any article that generated processing warnings.
  • Fixed Featured image fallback chain — if Pexels fails, falls back to Unsplash (if configured), then to a branded SVG. Each fallback stage logs a warning rather than silently dropping the image.
v1.1.x February–March 2026
  • New License system. Activate a license key (Starter / Professional / Agency) under the License tab to unlock tier-specific features.
  • New Unsplash stock photo integration for featured images. (Professional+ tier)
  • New Social media snippet generation — each article gets a ready-to-post caption for Twitter/X and LinkedIn. (Professional+ tier)
  • New Custom CTA block. Add a configurable call-to-action section to the bottom of generated articles. (Professional+ tier)
  • New Weekly digest email summarizing the week's published articles. (Professional+ tier)
  • New White-label mode — removes BD Auto Blog attribution from generated content. (Agency tier)
  • New Topic queue management. Minimum queue size and refill count are configurable. A separate cron event (`bdab_refill_queue`) tops up the queue automatically before it runs empty.
  • New Stealth mode — removes BD Auto Blog-specific CSS class prefixes from generated HTML.
  • Improved Posts-per-day limit is now enforced at the lower of your Settings value and your license tier cap, so you can't accidentally over-generate.
  • Improved Settings expanded to include niche, audience, tone, custom instructions, SEO level, internal linking, table of contents, and FAQ schema generation.
v1.0.0 January 2026
  • New Initial release. Claude API integration for topic generation and full article writing.
  • New Configurable publishing schedule — set time-of-day, publish mode (draft or publish), posts per day, default author, and default category.
  • New Word count controls (min/max). Target article length is enforced in the AI prompt.
  • New Automatic SEO meta generation (title tag and meta description) for each article.
  • New Table of contents automatically inserted into generated articles.
  • New Email notifications for publish events, errors, and empty queue conditions.
  • New Admin dashboard with article log, topic queue viewer, settings, and statistics.

BD Security Firewall

v1.1.1

Enterprise-grade WordPress security. Firewall, brute force protection, two-factor authentication, malware scanning, file integrity monitoring, geo-blocking, and activity logging — all in one plugin.

v1.1.1 May 2026 Latest
  • Fixed Author enumeration block now fires on `parse_request` (before `redirect_canonical`) as well as `template_redirect`, closing a path where WordPress's canonical redirect briefly revealed the username in the redirect URL before the block ran.
  • Security Hardening updates. Update strongly recommended.
v1.1.0 March–April 2026
  • New Two-factor authentication (TOTP). Users can enable 2FA from their profile page using any TOTP-compatible authenticator app (Google Authenticator, Authy, etc.). Setup flow generates a QR code and backup codes on first enrollment.
  • New Backup codes for 2FA. Ten single-use backup codes are generated at 2FA setup. Users can regenerate codes at any time from their profile. Unused code count is displayed.
  • New Trusted device support. After verifying a 2FA code, users can mark the device as trusted for 30 days, skipping the 2FA prompt on subsequent logins from that device.
  • New Per-role 2FA enforcement. Administrators can require 2FA for specific user roles site-wide.
  • New Malware scanner. Scans WordPress files against 50+ regex signatures covering backdoors, shells, obfuscated code, crypto miners, SEO spam, and pharma injections. Runs in AJAX chunks to stay within shared hosting timeout limits.
  • New Core file integrity verification. Compares installed WordPress core files against official checksums from wordpress.org and flags any unexpected modifications.
  • New File quarantine. Move flagged files out of the web root with a single click. Restore or permanently delete from the Quarantine panel.
  • New Scheduled malware scans. Set daily or weekly automatic scans with email alerts when threats are detected.
  • New Geo-blocking. Block visitor traffic from specific countries. Configurable allowlist/blocklist by country code.
  • New Activity logger. Tracks logins (success, failure, logout), content changes, plugin/theme activations, user management events, and settings changes in a searchable admin log.
  • New File integrity monitor (FIM). Create a baseline snapshot of your files and run differential checks on a schedule. Accept legitimate changes to update the baseline; unknown changes trigger an alert.
  • New Custom login URL. Move `wp-login.php` to a custom slug to reduce automated login attack surface.
  • New RSS feed disabling option.
  • Improved REST API index is now filtered for unauthenticated requests, hiding internal namespace listings.
  • Improved Security headers now include X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Referrer-Policy, and Content-Security-Policy.
v1.0.0 February 2026
  • New Initial release. Real-time firewall blocking SQL injection, XSS, path traversal, bad bots, and brute force login attacks.
  • New Brute force protection with configurable attempt limit and lockout duration.
  • New Rate limiting — per-IP request throttling with configurable threshold.
  • New XML-RPC disabled by default to prevent brute force via `xmlrpc.php`.
  • New WordPress version hidden from page source, script/style URLs, and REST API responses.
  • New REST API user enumeration blocked.
  • New Author enumeration blocked (`?author=N` queries suppressed).
  • New Block PHP file uploads to the media library.
  • New Force strong passwords — minimum 12 characters enforced at profile save.
  • New Auto logout — configurable idle session timeout.
  • New Security log in the admin dashboard showing blocked threats with IP, threat type, severity, and request detail.

BDShield License Manager

v1.2.0

The license server powering all BDShield plugin activations. Handles key validation, per-site enforcement, tier feature gating, and automatic plugin update delivery.

v1.2.0 May 2026 Latest
  • New BD GEO Tracker support. Adds `bd-geo-tracker` as a licensed product with its own tier limits (Starter / Growth / Agency) and a dedicated `/saas-validate` REST endpoint for SaaS product authentication — separate from the WordPress plugin `/validate` flow.
  • New BD GEO Tracker tier limits. Starter: 1 project, 3 tracked devices, 3 alerts/week. Growth: 3 projects, 15 devices, 105 alerts/week. Agency: 5 projects, 50 devices, 350 alerts/week.
  • New Growth tier display label. The middle BD GEO Tracker tier displays as "Growth" while the internal slug remains `professional` for backwards compatibility with existing licenses.
  • New WooCommerce product entry for BD GEO Tracker at monthly pricing ($19 / $59 / $179).
  • Improved `tier_from_variation_label` now accepts both "Growth" and "Professional" so a future WooCommerce variation rename requires no code change.
v1.1.0 January 2026
  • New Initial release. License key generation, activation, deactivation, and validation via REST API (`POST /wp-json/bdls/v1/validate`).
  • New Automatic plugin update delivery. Plugins check `/check-update` and receive signed download URLs for new versions. Customers get updates through the standard WordPress update flow.
  • New WooCommerce integration. License keys are generated and emailed automatically when an order completes.
  • New My Account "Licenses" tab shows all active license keys, their product, tier, site count, and expiry.
  • New Admin dashboard for searching, creating, editing, and revoking license keys.
  • New Bundle support. Purchasing a bundle license (e.g., `bd-security-suite`) covers all member plugins under a single key.
  • New Rate limiting on validation endpoint — 30 requests per minute per IP.
  • New License keys use format `BDSH-XXXX-XXXX-XXXX`.

BD Malware Cleaner

v1.0.2

Standalone lightweight malware scanner. Scans files for malicious patterns, verifies WordPress core integrity, quarantines threats, and runs on a schedule.

v1.0.2 May 2026 Latest
  • Fixed Scanner stability improvements on shared hosting with restrictive `open_basedir` settings.
  • Security Hardening updates.
v1.0.1 April 2026
  • Fixed Scheduled scan cron event now correctly self-reschedules after each chunk completes, preventing missed scans on longer-running jobs.
  • Fixed Quarantine directory creation now falls back gracefully if the uploads directory is not writable, with an admin notice rather than a fatal error.
v1.0.0 March 2026
  • New Initial release. File scanning against 50+ malware signature patterns (backdoors, shells, obfuscated eval, crypto miners, SEO spam, pharma hacks, double-extension files, PHP in uploads).
  • New WordPress core integrity check against official checksums from wordpress.org.
  • New One-click quarantine — move suspicious files out of the web root. Restore or permanently delete from the Quarantine panel.
  • New Scheduled scans — daily or weekly automatic scanning with email alerts on detection.
  • New Chunked AJAX scanning. Works reliably on shared hosting without hitting timeout limits (50 files per UI chunk, 200 per cron chunk).
  • New Admin dashboard with scan progress, per-finding severity badges, and one-click actions.

BD Speed Optimizer

v1.0.2

Performance scanner and frontend optimizer. Calculates a 0–100 speed score, provides toggle-based frontend optimizations, and cleans up the database.

v1.0.2 May 2026 Latest
  • Fixed HTML minification no longer strips whitespace inside `<pre>` and `<textarea>` elements, preventing formatting corruption in code blocks and editable fields.
  • Fixed Query string removal filter now skips externally hosted assets, preventing broken URLs for third-party CDN resources.
v1.0.1 April 2026
  • Fixed Delay JS feature now correctly excludes scripts with the `data-no-delay` attribute, preventing conflicts with WooCommerce checkout and payment gateway scripts.
  • Fixed DNS prefetch output is now deduplicated when multiple plugins add overlapping domains.
v1.0.0 March 2026
  • New Initial release. Speed score (0–100) based on 14 performance checks across frontend settings, resource hints, and database health.
  • New Frontend optimizations (requires active license): defer JavaScript, delay JS until user interaction, remove jQuery Migrate, minify HTML, lazy load images and iframes, disable WordPress emojis and embeds, remove query strings from static assets.
  • New Resource hints: DNS prefetch and preconnect for configurable external domains.
  • New Database cleanup (no license required): remove post revisions, spam and trash comments, expired transients, and optimize all tables.
  • New Scanner runs without a license — see your score and recommendations even before activating.

BD Activity Log

v1.0.1

Standalone audit trail for WordPress. Tracks logins, content changes, plugin and theme activity, user management, and settings changes with a filterable admin dashboard.

v1.0.1 May 2026 Latest
  • Fixed CSV export now correctly escapes values containing commas and newlines, preventing malformed exports when post titles or usernames include those characters.
  • Fixed Log cleanup cron now respects the configured retention period correctly when the option is updated after initial activation.
v1.0.0 March 2026
  • New Initial release. 20+ event types tracked across five categories: logins (success, failure, logout), content (publish, trash, delete), plugins/themes (activate, deactivate, switch, update), user management (register, delete, role change, password reset), and settings changes.
  • New Filterable, paginated log viewer with event type, user, date range, and search filters.
  • New CSV export of filtered log data.
  • New Configurable retention period with daily automatic cleanup. Default: 90 days.
  • New Per-category logging toggles — disable tracking for any category you don't need.

BD Uptime Monitor

v1.0.1

Self-monitoring uptime checker built into WordPress. Pings your site on a schedule, tracks response times, and sends email alerts when it goes down or recovers.

v1.0.1 April 2026 Latest
  • Fixed Recovery email is now sent reliably when the site comes back up after a multi-failure incident. A timing edge case could cause the recovery notification to be skipped if the check interval fired during a slow recovery.
  • Fixed Response time chart now handles gaps (periods with no recorded pings) without drawing a flat zero line across the gap.
v1.0.0 March 2026
  • New Initial release. Self-monitoring with configurable check intervals (1 minute to 1 hour).
  • New Failure threshold — alerts fire after N consecutive failures (configurable), not on every single blip.
  • New Email alerts for downtime and recovery. Separate recipients and messages for each event type.
  • New Response time tracking with interactive charts (24h, 7d, 30d views).
  • New Incident history log with duration tracking.
  • New 90-day automatic data retention and cleanup.
  • New REST health endpoint (`GET /wp-json/bdum/v1/health`) for external monitoring integration.

BD Backup

v1.0.0

Full-site and database backups with scheduled automation, one-click restore, and email notifications. Built for shared hosting — no ZipArchive dependency required.

v1.0.0 February 2026 Latest
  • New Initial release. Full-site backups (files + database in a single ZIP) and database-only snapshots.
  • New Chunked AJAX processing. Stays within shared hosting limits (120-second timeout, 256MB memory). Uses PclZip rather than ZipArchive for maximum host compatibility.
  • New Scheduled backups — daily, weekly, or monthly via WP-Cron.
  • New One-click restore with automatic pre-restore snapshot. If the restore fails, you have an immediate rollback point.
  • New Email notifications for backup success or failure.
  • New Retention management — automatically prunes old backups beyond the configured limit.
  • New Backup directory protected with `.htaccess`. Download links are admin-authenticated rather than direct URLs.

BD Maintenance Mode

v1.0.0

Put your WordPress site into maintenance mode or display a coming-soon page with one click. Administrators and whitelisted IPs see the live site; everyone else sees your custom page.

v1.0.0 March 2026 Latest
  • New Initial release. Two modes: Maintenance Mode (returns HTTP 503 with Retry-After header) and Coming Soon (returns HTTP 200).
  • New Editable page content — custom headline, message, logo, and background image.
  • New Countdown timer to your launch date.
  • New Access control by user role and IP whitelist — so your team and clients can always get through.
  • New Responsive design, works on all screen sizes.

BD AntiSpam

v1.0.0

Invisible spam protection for all WordPress forms. No CAPTCHAs, no friction for real users. Works with Contact Form 7, WPForms, Gravity Forms, Elementor, WooCommerce, and native WordPress forms.

v1.0.0 February 2026 Latest
  • New Initial release. Multi-layer spam scoring: honeypot field detection, minimum-time-to-submit check, JavaScript token validation, content pattern analysis, link count threshold, and disposable email domain blocking.
  • New Configurable score threshold — tune sensitivity without switching to a different plugin.
  • New IP and email allowlist/blocklist for site-specific overrides.
  • New Repeat offender tracking — IPs that consistently submit spam accumulate score faster.
  • New Block mode vs. silent reject mode — choose whether blocked submissions show an error message or silently appear to succeed.
  • New Spam log with per-submission detail and 30-day configurable retention.
  • New Works with Contact Form 7, WPForms, Gravity Forms, Elementor forms, WooCommerce registration and checkout, and generic HTML forms.

BD Shield Forms

v1.0.0

Contact form and newsletter subscriber management for getbdshield.com. Handles form submissions, reply-from-admin, and subscriber list management.

v1.0.0 January 2026 Latest
  • New Initial release. Contact form with AJAX submission, email notification to site owner, and admin reply functionality — reply to a submission directly from WordPress without switching to your email client.
  • New Newsletter subscriber form with subscribe/unsubscribe handling.
  • New Submission log with unread-count badge in the admin menu.
  • New WordPress dashboard widget showing recent contact submissions.
  • New Subscriber list with CSV export.
  • New Shortcodes: `[bd_contact_form]` and `[bd_subscribe_form]`.

BDShield Theme

v1.0.0

The WordPress theme powering getbdshield.com. Product catalog, WooCommerce integration, customer My Account dashboard, documentation system, and product comparison pages.

v1.0.0 May 2026 Latest
  • New Midnight Cyan design system. New `tokens.css` with full dark-mode palette, Inter as the primary typeface, and JetBrains Mono for code. Primary accent color is calm azure (`#3B82F6`) — previously electric cyan (`#00D4FF`).
  • New BD GEO Tracker catalog card. SaaS products now render with a "Web app" badge, `/mo` price unit, and a "View app" CTA — distinct from the plugin card treatment.
  • New Product screenshots slot (`template-parts/product-screenshots.php`). Product pages auto-render screenshots from `/assets/images/products/<slug>/` and support an optional `demo.mp4`.
  • New Product comparison pages. Eight comparison posts (vs. Wordfence, Sucuri, UpdraftPlus, BlogVault, Aiomatic, Jetpack, WP Rocket, MalCare) are live at `/compare/<slug>/` with JSON-LD structured data.
  • New Product recommender quiz at `/find-my-stack/`. Five questions map stated pain points to relevant products or bundles.
  • New Per-product FAQ accordion with FAQPage JSON-LD schema.
  • New 30-day refund badge on single-product pages linking to `/refund-policy/`.
  • New Bundle display system with savings calculation (`BDShield_Bundles` class).
  • New Shop filter sidebar at `/shop/` — filter by use case (security, site-ops, growth, bundles).
  • Improved Reviews and ratings are hidden until a product has 3 or more verified reviews, preventing "0.0 (0 reviews)" from displaying as negative social proof.
  • Improved Navigation links updated — `/shop/` redirects to `/products/` (301); header and footer links corrected to match.
  • Improved OG/Twitter Card meta tags and JSON-LD (Organization, Product, Article) emitted for all relevant page types. Defers to RankMath/Yoast/AIOSEO when those plugins are active.
  • Security Breadcrumb titles now escaped with `esc_html()` to prevent stored XSS via crafted post or term titles. Update strongly recommended.