Nexcess.comServers.comLiquidWeb.com

8.0.0

Feature4 Fix7 Tweak20

Features

  • iThemes Security gets a redesigned interface focused on making it easier to configure and find what you're looking for. Read More: https://ithemes.com/?p=65086.
  • Instantly search over everything in iThemes Security with a new instant search feature.
  • Relevant content from the Help Center, iThemes Blog, and iThemes YouTube channel is surfaced in a new Help area based on the current page. Click the "Help" button in the toolbar or the "Info" icon next to the page title to access it.
  • Two-Factor is now part of the core iThemes Security plugin.

Fixes

  • Fix fatal errors when using PHP 8.
  • Fix infinite loop when restricting who can use App Passwords on multisite installs.
  • Ensure the ITSEC_Setup class does not exist before trying to load it. Display schema errors on multisite in the Network Admin.
  • Labels for Disable PHP Execution in Plugins and Themes were reversed.
  • Add missing constants to the debug page.
  • Remove deleted recipients when saving notifications.
  • Correct Site Scan statuses for scans with no issues.

Tweaks

  • iThemes Security now requires WordPress 5.7 and PHP 7.0 or later.
  • Security Tools have been grouped into their own page. "Identify Server IPs" and "Security Check Pro" can be run manually without using Debug Mode.
  • The settings UI is now fully responsive and works great across mobile, tablet, and desktop devices.
  • Improved keyboard and screen reader support.
  • The Banned Users Card can add multiple bans at once.
  • Add a new Global setting to control "Automatically Temporarily Authorize Hosts".
  • When the Global setting "Hide Security Menu in Admin Bar" is enabled, notices will no longer be printed on non-iThemes Security pages. Instead, you can access the Message Center from the Settings or Dashbaord toolbars.
  • The Database Backups module is no longer available if you have BackupBuddy installed. If this behavior isn't desired, enable the "ITSEC_ENABLE_BACKUPS" constant.
  • The Geolocation API configuration used by Trusted Devices has been moved into it's own dedicated "Geolocation" module.
  • Move "Have I Been Pwned" integration to the Core plugin.
  • Reduce filename length and complexity for built CSS and JS files.
  • The following modules have been removed: 404 Detection, Away Mode, Change Content Directory, and Multisite Tweaks.
  • The following WordPress and System Tweaks have been removed: Remove Windows Live Writer Header, EditURI Header, Comment Spam, Mitigate Attachment File Traversal Attack, Protect Against Tabnapping, Filter Long URL Strings, Filter Non-English Characters, Filter Request Methods, Remove File Writing Permissions.
  • The "Backup Full Database" setting has been removed from the Backups module.
  • The "Require SSL", "Front End SSL Mode", and "SSL for Dashboard" settings have been removed from the SSL module.
  • Modules are now based on a module.json configuration file. If you are registering custom iThemes Security module, you should update it to include a module.json file that adheres to the core/module-schema.json JSON Schema.
  • The Network Brute Force module had it's folder updated to "network-brute-force" from "ipcheck".
  • New Object Oriented API for creating Password Requirements.
  • New Settings and Modules REST API endpoints.
  • New RPC REST API namespace. There is no backward compatibility promise for these API endpoints.