Nexcess.comServers.comLiquidWeb.com

7.5.0

Feature1 Fix6 Tweak4

Features

  • New Lockout Template screen.

Fixes

  • Brute Force module reporting invalid logins using an email address incorrectly.
  • Improve lockout compatibility with caching plugins.
  • Fix admin notice not being dismissed due to a REST API route that was more narrowly defined than necessary.
  • Admin Notices list did not refresh after dismissing a notice.
  • Strong Passwords zxcvbn Library was not evaluating penalty strings correctly.
  • Fix PHP warning if there are multiple detected proxy headers.

Tweaks

  • iThemes Security requires PHP 5.4 or later.
  • Add confirmation button to Login Interstitial Async Actions when on a different device.
  • Add filter to "Lookup IP" link.
  • There were significant changes to the internals of the iThemes Security Lockout API in this release. If you are using the ITSEC_Lockout class directly, all the API functions will continue to work, but will emit deprecation notices when legacy behavior is being used. Please update any integrations.