plugin-icon

RankShield — Ranking & Ad-Spend Attack Protection

Protect your Google rankings and ad budget from bot-driven CTR manipulation, sitemap-sweep attacks, and pay-per-click ad fraud.
Versão
2.15.6
Última atualização
Jul 4, 2026
RankShield — Ranking & Ad-Spend Attack Protection

RankShield defends your site against the bot attacks that quietly damage your search rankings and waste your ad spend:

  • CTR manipulation & sitemap-sweep attacks — bots that pull your sitemap and run your pages through fake impressions and fast click-and-bounce sessions to poison Google’s engagement signals.
  • Ad click fraud — bots and competitors clicking your Google Search Ads to drain your budget. RankShield ties on-site behavior to each paid click and builds a ready-to-apply IP exclusion list for your ads team.
  • Real-customer safety first — flagged traffic gets a one-second JavaScript challenge, never a hard block. Logged-in users and visitors who already passed are never challenged. Shared/residential networks are never auto-excluded.
  • Speed Optimization (paid plans) — page caching that runs AFTER the firewall inspects each request, native lazy loading, self-hosted Google Fonts with preloading, CSS/JS optimization, and service-powered Remove Unused CSS. Ships in Safe Mode (observe-only) so you see exactly what would change before going live, and every optimizer fails open.

A live security dashboard shows protection status, threats stopped, the per-URL attack story, and your ad click-fraud overview.

Plans: RankShield is free to install and use as a full monitoring console — it detects ranking attacks, ad click-fraud, and AI-agent traffic, and shows you everything on a live dashboard. Active blocking is a paid upgrade you can turn on in one click from the Plans tab:

  • Free — detection + the full security & analytics dashboard. See every attack; contribute to and benefit from the shared RankShield Network threat intelligence.
  • Monitoring — $39/mo — everything in Free, plus RankShield actively blocks bot, sitemap-sweep, and spoofed-AI-agent attacks (the customer-safe one-second challenge), and gives you full ad click-fraud monitoring (every wasted click, fraud source, and the exact IP exclusion list you could apply).
  • Full Protection — $99/mo — everything in Monitoring, plus active blocking of datacenter bots clicking your paid ads, the ready-to-apply Google Ads IP exclusion list unlocked, and RankShield Network instant immunity (attackers confirmed on any other protected site are blocked on yours too).

External services

This plugin connects to the RankShield protection service (an external SaaS operated by SEO Elite Agency) to detect and block attacks. Detection and threat intelligence run on the RankShield servers; the plugin enforces the decisions on your site.

Service: RankShield API — https://sea-shield-production.up.railway.app

What is sent, and when: * On each page view, the plugin sends anonymized behavioral signals (time on page, mouse/scroll/keystroke counts, a bot score, the request URL/path, and — for visitors arriving from a paid ad — the ad click identifier such as gclid) so attacks can be scored. The visitor’s IP is read server-side for attribution and is never exposed in the browser. * Periodically, the plugin requests the current block rules and your protection dashboard data using your site’s API key. * Once a day, the plugin reports its own version and your WordPress and PHP versions (no personal data) so update availability and compatibility can be tracked. * When an attack is confirmed on your site, the attacker’s network indicator (e.g. IP / IP range) is contributed to the RankShield Network (RankShield’s shared threat-intelligence network) so other protected sites can be defended — this is how the network protects everyone. Paid plans additionally receive the full RankShield Network feed for instant immunity. * If the plugin’s integrity monitoring detects site tampering (for example a hidden or malicious plugin, injected code, or an executable file placed in the uploads folder), it reports the detection — the affected file path and a de-fanged indicator, never your file contents — to the RankShield Network so the same attack can be recognized on other protected sites. Requests to decoy “honeypot” paths that no real visitor would ever request similarly contribute the probing source’s network indicator. No files on your site are ever modified or deleted automatically. * Your API key is used to authenticate these requests and is never exposed to the public front-end. * When the paid Speed Optimization module’s “Remove Unused CSS” feature is enabled, the plugin sends the public URLs of your own pages to the RankShield service, which renders them and returns only the CSS each page uses. No visitor data is sent, and the service only accepts URLs on your registered domain. * When “Self-host Google Fonts” is enabled, the server downloads your Google Fonts CSS/files once from fonts.googleapis.com / fonts.gstatic.com so your visitors never contact Google (Google’s terms: https://developers.google.com/fonts/terms). The YouTube facade loads video thumbnails from i.ytimg.com in the visitor’s browser, exactly as a normal embed would.

This service is required for the plugin to function. By installing and activating the plugin you agree to the RankShield Terms of Service and Privacy Policy: * Terms of Service: https://portal.seoeliteagency.com/terms * Privacy Policy: https://portal.seoeliteagency.com/privacy

Freeem planos pagos
Ao instalar, você concorda com os Termos de Serviço do WordPress.com e com os Termos do plugin de terceiros.
Testado até
WordPress 7.0
Esse plugin está disponível para download para o seu .