5.5.5
2018-12-04 Tweak10 Fix6Tweaks
- Add Per-Content SSL toggle to the upcoming Block Editor interface.
- Add filter to the recipients list for email notifications: "itsec_notification_{$notification}_email_recipients" and "itsec_notification_email_recipients".
- Detect Server IPs in Security Check.
- Update jquery.file-upload plugin to the latest version ( 9.28.0 ).
- Improve File Change locking to help prevent failing scans on sites with inconsistent cron scheduling.
- Improve "System Tweaks – Suspicious Query Strings – SQLI" to reduce false positives.
- Improve "System Tweaks – Disable PHP" to block PHP files in apache configurations that serve files with a trailing dot.
- Add additional safety checks when writing to system config files.
- Remove "Seznam Bot" from HackRepair List as it isn't present in the latest version.
- Add Recaptcha Opt-in styles wherever the recaptcha is displayed, not just WP Login.
Fixes
- Notification Center. Only send notifications to users with an exact role match of selected roles instead of a fuzzy match based on selected capabilities.
- Resolve warnings on PHP 5.2.
- Don't run Trusted Devices checks on authenticated loopback requests. Please re-run "Security Check" to initialize this detection. This should resolve conflicts with plugins that make authenticated loopback requests as a form of async processing.
- Persist and reload storage to avoid Imported settings being lost in some circumstances.
- Trigger module activation/deactivation routines when using the Importer.
- Remove "Nekudo" GeoIP service as it has been sunset.