Solid Security
Features
- The Firewall page has a new IP Management tab to provide easy access to blocking or authorizing IP addresses.
Fixes
- Truncate log item columns that are too long before inserting into the database.
- Consistently order the Security Profile tabs.
- Add missing text domain to new Solid Security Admin Menu items.
- Reset filters on the Vulnerabilities page when starting a Site Scan.
- PHP warning on the logs page when the File Change module logs unexpected data.
Tweaks
- Usage Data Sharing (opt-in only) allows users to share non-personal and non-sensitive information with StellarWP to inform decisions about how to improve Solid Security in the future.
- Add a snackbar notice when making changes on the Firewall Configure page.
- Remove some straggling references and links to iThemes.
- Consistently refer to 2FA as Two-Factor Authentication on the Profile page.
- Allow performing more Site Scan actions when the issue is muted.
Features
- Refreshed UI for manging per-user security settings like Two-Factor. The previous Two-Factor UI can be enabled using the SOLID_SECURITY_LEGACY_2FA_UI constant.
- A new block "Solid Security User Security Settings" let's you display this UI on the front-end of your website. The [solid_security_user_profile_settings] shortcode can be used if you're not yet using the Block Editor.
Fixes
- Trying to enable Network Brute Force from the Security messages center linked to the wrong place.
- During onboarding, a double scrollbar was displayed on some screen sizes.
Tweaks
- Solid Security now requires WordPress 6.3 or later.
- Display a snackbar notice when sending a 2FA reminder from the Site Scan page.
- Include a link directly to the Patchstack database in the Site Scanner alert email.
- Remove iThemes Security is now Solid Security banners from the admin.
Features
- Add support for creating custom firewall rules.
- Add support for configuring firewall settings from the Firewall page.
Fixes
- The firewall page would appear empty when geolocation could not retrieve a country code.
Fixes
- Remove an extra folder containing duplicate plugin files
Fixes
- Adding missing dist files to SVN
Fixes
- Prevent the User Security page from crashing when "Show Avatars" is disabled in the WordPress discussion settings.
- Fix some filters on the User Security page not working as expected.
- Fix spacing on the Two-Factor form when backup methods are enabled.
- Fix fatal error when there is an error retrieving Patchstack license information.
- Styling issues on WordPress 6.4.
Security
- Don't disclose the login URL when using Hide Backend on a site with comments enabled and comment registration required. Thanks to Naveen Muthusamy for disclosing this issue.
- Check for the promote_user capability when using Privilege Escalation in addition to edit_user.
Tweaks
- Remove the iThemes Security is now Solid Security banner from admin-facing email notifications.
Features
- iThemes Security is now Solid Security! Learn More: https://go.solidwp.com/security-welcome-to-solidwp
- The Firewall screen brings together the Firewall functionality Solid Security provides into one easy to use screen. More Firewall features are coming soon!
- The Vulnerabilities screen identifies what vulnerable software you have on your site and guides you through next steps.
- Identify risks in your site's security with the the expanded Site Scan functionality.
- The User Security screen keeps you appraised of the security practices your site's users are following. Easily apply actions to multiple users in one-click like resetting passwords or logging out active sessions.
- The dashboard and settings screens have been redesigned to make it easier to find what you're looking for.
- The Security Summary dashboard card gives you a snapshot of the most important security issues affecting your site.
- Add support for loading Solid Security via an MU-Plugin for improved performance when blocking attackers.
Tweaks
- Solid Security now requires WordPress 6.2 or later.
- Remove the IP Tracker Online link from the logs page.
Fixes
- PHP 8.2 compatibility.
- Resolved PHP warnings when unexpected data is encountered during software updates.
Tweaks
- iThemes Security is becoming Solid Security soon. Learn More: https://go.solidwp.com/security-free-notice-ithemes-becoming-solidwp
Fixes
- Don't require "Write to Files" to be enabled to use the "Rotate Encryption Key" tool.
Tweaks
- Enforce encryption for Two-Factor secrets.
- Add Stellar and Solid banners.
Fixes
- Fallback to the homepage when Enforce SSL encounters a non-safelisted redirect destination.
- IP Detection on sites behind Load Balancers that appended their IP address to X-Forwarded-For and did not provide a Real IP header.