Welcome to Servebolt Shield.
This tutorial is designed to help you quickly:
- Find your Servebolt Shield addons.
- Understand what you are seeing in the Admin Panel.
- Interpret the Servebolt Shield Scorecard.
- Recognise the value of your protection immediately.
If you want more detailed information about the specific features Servebolt Shield offers, you can continue to the related articles linked throughout this guide.
What is Servebolt Shield?
Servebolt Shield is a collection of security and protection services available directly inside the Servebolt Admin Panel.
Depending on your Servebolt Shield subscription, your setup may include:
- Threat Shield (powered by Monarx)
- Patchstack vulnerability protection
- GEOSEC country-level access control
- IP Blocking
Each addon focuses on a different aspect of website protection, from blocking malicious traffic to protecting against known WordPress vulnerabilities.
Accessing Servebolt Shield
Log in to your Servebolt Admin Panel.
From the top navigation menu, click:
Step 1: Search for Your Website
After opening the Security section, use the domain search field to find the website that you want to or have purchased Servebolt Shield for.
Step 2: Understand Your Servebolt Shield Overview
The Servebolt Shield overview page acts as the main security dashboard for your website.
This is where you can quickly understand:
- Which Servebolt Shield addons are active.
- Your current protection status.
- Security findings and alerts.
- Your overall Servebolt Shield Scorecard.
If you purchased only one Servebolt Shield addon, you will only see that specific addon marked as active.
Understanding the Servebolt Shield Scorecard
The Servebolt Shield Scorecard gives you a quick overview of your website’s overall security posture.
What You Should Expect to See
The Scorecard may include:
- Overall protection score
- Vulnerability indicators
- Protection status information
How to Interpret the Scorecard
Your Servebolt Shield Scorecard is influenced by the Servebolt Shield addons and protection layers active for your website.
This means that websites using more Servebolt Shield addons and protection modules will generally achieve a higher score than those using only a single addon.
For example:
- A website using only Patchstack may naturally have a lower score
- A website using multiple Servebolt Shield services and protection modules will typically achieve a stronger overall score
This does not necessarily mean your website is unsafe.
The Scorecard is designed to help visualise your overall protection coverage and highlight opportunities to improve your security posture.
Important: Seeing Threats Can Be a Good Sign
Seeing blocked threats or findings does not necessarily mean your website is compromised. In many cases, it means Servebolt Shield is actively detecting and mitigating suspicious activity.
Understanding Your Active Shield Services
Below the domain search field, you will see your active Servebolt Shield addons.
Which may include:
- Threat Shield
- Patchstack
- GEOSEC
- IP Blocking
Patchstack
Patchstack helps protect your WordPress website against known plugin, theme, and WordPress vulnerabilities.
The Patchstack section gives you visibility into installed software, detected vulnerabilities, and additional protection modules.
Software Overview
The Software section provides an overview of installed plugins, themes, and WordPress core components.
What This Means
This section helps you quickly identify:
- Which components are currently active
- Which plugins or themes may require updates
- Whether automatic updates are enabled
- Potential areas requiring maintenance attention
If you see notices recommending automatic updates for vulnerable software, this means Patchstack has identified components that may benefit from more proactive updating.
Auto Update Vulnerable Software
The “Auto update vulnerable software” setting only applies to plugins.
When enabled, Patchstack automatically updates vulnerable plugins to the latest available version once a known vulnerability is detected.
For example:
- If version
3.1is vulnerable - And version
3.9is the latest safe version
Patchstack updates directly to version 3.9.
This setting does not apply to WordPress core or themes.
Protection Modules
The Protection Modules section includes additional security protections that can be enabled directly from the dashboard.
What This Means
RapidMitigate WordPress
Provides mitigation rules designed to help protect against known WordPress vulnerabilities.
Advanced Hardening
Adds additional security rules to help reduce exposure to common malicious requests.
Community IP Blocklist
Helps block IP addresses associated with known malicious activity.
Vulnerabilities Overview
The Vulnerabilities section provides visibility into known security vulnerabilities affecting plugins, themes, or WordPress core components.
What You Should Expect to See
- Vulnerability status indicators
- Affected plugins or themes
- Severity information
- Discovery dates
- Vulnerability categories
Understanding the Vulnerabilities Table
The Vulnerabilities section shows historical vulnerability findings detected over time.
Vulnerability history may also include findings detected before Patchstack was enabled for your website.
This means:
- The Software table reflects your current setup of installed plugins and themes.
- The Vulnerabilities table reflects previously detected vulnerabilities and protection history
A vulnerability listed here does not necessarily mean your website is currently vulnerable.
For example:
- Your website may currently run a safe plugin version
- But the vulnerability history may still show previously detected vulnerabilities affecting older versions
This helps you understand previously detected vulnerabilities, the protection applied, and the software update history over time.
Understanding Vulnerability Statuses
Vulnerability Patched
This means Patchstack is actively mitigating the vulnerability.
Vulnerability Affected
This means the vulnerability exists within installed software and may require attention, updating, or remediation.
Understanding Severity Scores
Higher severity scores generally indicate more serious vulnerabilities.
Lower scores typically represent lower-risk findings.
Important: Seeing Vulnerabilities Does Not Mean Your Website Is Compromised
Patchstack is designed to identify known vulnerabilities before they are exploited.
Seeing vulnerabilities listed in the dashboard is often a sign that the system is actively monitoring your website and helping reduce exposure.
You should still keep plugins, themes, and WordPress core updated whenever possible.
Learn more:
GEOSEC
GEOSEC lets you control traffic access by geographic region. Keep in mind that this addon only works if your website is using Servebolt CDN or Accelerated Domains.
What You Should Expect to See
- Country allow/block settings
- Whitelist or blacklist mode
- Country selection tools
What This Means
GEOSEC can help reduce unwanted traffic and region-specific attacks.
IP Blocking
IP Blocking allows you to manually block specific IP addresses.
What You Should Expect to See
- Add IP field
- Existing blocked IPs
- Notes and block actions
What This Means
This feature gives you direct control over unwanted or suspicious traffic sources.
Threat Shield
Threat Shield helps detect, prevent, and eliminate malware and suspicious activity before it impacts your website.
What You Should Expect to See
The Threat Shield dashboard may include:
- Total scanned files
- Malware detections
- Scan activity
- Detection history
- Manual scan controls
Malware Detections
The Malware Detections section shows malware identified during scans.
What This Means
You may see:
- File paths
- Detection types
- Detection dates
- Cleanup status
Threat Shield uses behaviour-based detection to identify suspicious activity, including:
- Malware
- Backdoors
- Code injections
- Suspicious PHP behavior
- Hidden or obfuscated malicious files
Statuses such as “Deleted” indicate that the malicious file has already been automatically removed.
Seeing malware detections here does not necessarily mean your website is currently infected. In many cases, it means Threat Shield successfully detected and handled suspicious files before they could cause harm.
What To Do When You See a Malware Detection
If Threat Shield has already marked the file as “Deleted”, no immediate action is usually required.
However, repeated detections may indicate:
- Outdated plugins or themes
- Compromised credentials
- Vulnerable website components
If you continue seeing detections:
- Review our “My site is Hacked” article
- Review outdated plugins and themes
- Review administrator accounts and passwords
- Consider enabling additional Shield protections, such as Patchstack
Threat Shield continuously monitors your website and automatically removes malicious files when active protection is enabled.
Manual Scan Activity
The Manual Scan Activity section shows scans initiated manually by you or Servebolt staff.
What This Means
This section helps you track:
- When scans were performed
- Scan completion status
- How many files were scanned
You can also launch a new manual scan directly from this section.
What This Means Overall
Threat Shield continuously monitors your website in the background and helps identify malicious files and suspicious activity before they impact performance or security.
Learn more:
- Threat Shield: Malware Detection and Its Active Protection Explained
- The Invisible Threats Targeting Your Website (And How We Handle Them)
Final Takeaway
Servebolt Shield is designed to help you quickly understand your website’s protection status and security posture.
The dashboard gives you:
- Visibility into security activity
- Active protection against common threats
- Clear security insights
- Confidence that your website is being monitored and protected
By understanding your Scorecard and active Shield addons, you can quickly recognise the value of the protection included with Servebolt Shield.
