iThemes Security Pro

WP Plugins iThemes Security Pro v6.6.0

6.6.0 - 2020-06-10
  • New Feature: The new, improved WordPress Security Site Scan powered by iThemes performs automatic checks for known website vulnerabilities and, if a patch is available, iThemes Security Pro can now automatically apply the fix for you.
  • Enhancement: Added support for muting specific vulnerability notifications. After performing a new site scan, click the link for details about a vulnerability. Then click the "mute" button to stop being notified about that particular issue.
  • Enhancement: Remove quick bans. Persist banned hosts to .htaccess or nginx.conf on an hourly schedule.
  • Tweak: Cap banned hosts persisted to .htaccess or nginx.conf to the most recent 100. This number can be adjusted with the "itsec_ban_users_max_hosts_for_server_config" filter. Older banned hosts will be locked out after WordPress loads.
  • Bug Fix: File Change Security Message would not appear for new installs.
6.5.3 - 2020-04-08
  • Enhancement: Add LifterLMS support to the reCAPTCHA module.
  • Bug Fix: Don't block registration page when "wp-signup.php" is the Hide Backend register slug.
6.5.2 - 2020-03-31
  • Bug Fix: Update security dashboard and admin notices styling to be compatible with WordPress 5.4.
  • Bug Fix: Periodically clear expired opaque tokens.
  • Bug Fix: Exclude "Process Update" and "Process Stop" logs when other process logs are hidden.
  • Bug Fix: Exclude process logs from the Malware Scan card.
  • Tweak: Use dashicons instead of font-awesome, and native font stack instead of Open Sans on the Grade Report.
6.5.1 - 2020-03-11
  • Bug Fix: Due to a Google reCAPTCHA API change, trying to use v3 or Invisible reCAPTCHA may have always resulted in the "You must submit the reCAPTCHA to proceed. Please try again." error. You may have to empty your server cache or browser cache to receive the fix.
  • Enhancement: Further improve logs performance.
6.5.0 - 2020-03-10
  • Enhancement: Add super admins as a selectable role for User Groups.
  • Enhancement: Add reCAPTCHA to the Reset Password form.
  • Enhancement: Add support for resending a Two-Factor Email code.
  • Enhancement: Add support for resending a Passwordless Login email.
  • Enhancement: Allow selecting users across all sites in a network for User Groups, Security Profile cards, and User Security Check.
  • Enhancement: Include all super admins by default in the Security Profile card, even if they are not a member of the network's main site.
  • Enhancement: Display all of a user's roles in the Security Profile card.
  • Enhancement: When logging in with Passwordless Login, skip Two-Factor if the primary Two-Factor method is Email.
  • Enhancement: Force a space after each Two-Factor Backup Code to assist with copying and pasting.
  • Enhancement: Include the website URL in the download file for Two-Factor Backup Codes.
  • Enhancement: Add a warning if a WordPress Salt is set to an invalid value.
  • Enhancement: Allow re-entering the Two-Factor Onboard flow even after Two-Factor is setup by visiting /wp-login.php?itsec_after_interstitial=2fa-on-board directly.
  • Enhancement: Add a new WP CLI command for managing user Two-Factor enrollment.
  • Enhancement: Add a new WP CLI command for retrieving logs.
  • Enhancement: Include child log items in the logs list table. These are helpful for debugging issues.
  • Enhancement: Improve performance of the logs page on sites with large number of log items.
  • Tweak: Only show Lockout Bypass Magic Link for valid users.
  • Tweak: When logging $_SERVER, only log a snapshot of available properties.
  • Bug Fix: New Password Requirements for already created accounts were not enforced until the second login.
  • Bug Fix: User Security Check would not display in Multisite.
  • Bug Fix: Prevent fatal error if invalid user IDs are encountered by User Groups.
  • Bug Fix: Infinite loop when trying to use Application Passwords on Multisite.
  • Bug Fix: User Logging did not correctly capture the user id of the logged-out user on WordPress 5.3.
  • Bug Fix: Warnings when doing a settings import.
  • Deprecated: The "getlockouts", "releaselockout", and "getrecent" WP CLI commands. Use the "lockout" and "log" commands instead. They will be removed in a future release.
6.4.0 - 2020-02-12
  • Important: iThemes Security requires PHP 5.6 or greater and WordPress 5.2 or greater.
  • New Feature: Save Time Securing WordPress With User Groups!
  • New Feature: Simplified connection flow when setting up iThemes Sync.
  • Bug Fix: Warning when loading the settings page on PHP 7.4.
  • Bug Fix: Warning when loading the debug page on PHP 7.4.
6.3.3 - 2020-01-07
  • Important: Updated Trusted Devices MaxMind GeoLite2 integration to account for their new Terms of Service to account for the CCPA. Users must now provide a free license key when using the MaxMind GeoLite2 Geolocation method.
  • Bug Fix: Backup event was not added when the WP Cron Scheduler was reset manually.
  • Bug Fix: Admin Notices Popover was not being hidden when clicking outside the Popover on WP 5.3.
6.3.2 - 2019-12-12
  • Enhancement: Allow LastPass to autofill password fields.
  • Bug Fix: Passwordless Login would trip some ModSecurity rules when used with LastPass autofill.
  • Bug Fix: The username first Passwordless Login flow was not working on WordPress 5.3 if the user did not have permission to use Passwordless Login.
  • Bug Fix: Harden Version Management against plugins that were populating invalid update API data.
  • Bug Fix: The "Mulisite Tweaks -> Hide Updates" setting prevented auto-updates from running with WP Cron.
  • Bug Fix: Remove "get_magic_quotes()" call that existed for backwards compatibility with PHP versions 5.3 and earlier. This function call was causing a warning on PHP 7.4.
6.3.1 - 2019-12-10
  • Bug Fix: Properly notate that iThemes Security requires PHP 5.5 or greater.
6.2.4 - 2019-11-18
  • Bug Fix: The username first Passwordless Login flow was not working on WordPress 5.3