Nexcess.comServers.comLiquidWeb.com

7.0.0

2021-06-24 Tweak20 Feature4 Deprecated5 Fix3

Tweaks

  • iThemes Security now requires WordPress 5.7 and PHP 7.0 or later.
  • The settings UI is now fully responsive and works great across mobile, tablet, and desktop devices.
  • Improved keyboard and screen reader support.
  • The User Security Profile Card now supports searching for specific users and filtering by User Role.
  • The User Security Profile Card can now be used to Force password changes, force a user to lockout, and send a Two-Factor setup reminder.
  • The Banned Users Card can add multiple bans at once.
  • Add a new Global setting to control "Automatically Temporarily Authorize Hosts".
  • When the Global setting "Hide Security Menu in Admin Bar" is enabled, notices will no longer be printed on non-iThemes Security pages. Instead, you can access the Message Center from the Settings or Dashbaord toolbars.
  • The Security Dashboard has moved back to the Security menu and is now the default page.
  • Your first security dashboard will be created automatically when you visit the dashboard for the first time. Create your own by clicking the dashboard's title, then select "Create New Dashboard".
  • The Database Backups module is no longer available if you have BackupBuddy installed. If this behavior isn't desired, enable the "ITSEC_ENABLE_BACKUPS" constant.
  • Activating the Magic Links module now enables the feature. The extraneous "Enable Lockout Bypass" setting has been removed.
  • The Geolocation API configuration used by Trusted Devices has been moved into it's own dedicated "Geolocation" module.
  • Modules are now based on a module.json configuration file. If you are registering custom iThemes Security module, you should update it to include a module.json file that adheres to the core/module-schema.json JSON Schema.
  • Add a WP CLI command for running tools. See "wp help itsec tool" for more information.
  • Split the Two-Factor and Dashboard module into a Core module and a Pro module. Settings for these modules are still stored in the base module.
  • The Network Brute Force module had it's folder updated to "network-brute-force" from "ipcheck".
  • New Object Oriented API for creating Password Requirements.
  • New Settings and Modules REST API endpoints.
  • New RPC REST API namespace. There is no backward compatibility promise for these API endpoints.

Features

  • iThemes Security gets a redesigned interface focused on making it easier to configure and find what you're looking for. Read More: https://ithemes.com/?p=64448.
  • Instantly search over everything in iThemes Security with a new instant search feature.
  • Security Tools have been grouped into their own page. "Identify Server IPs" and "Security Check Pro" can be run manually without using Debug Mode.
  • Relevant content from the Help Center, iThemes Blog, and iThemes YouTube channel is surfaced in a new Help area based on the current page. Click the "Help" button in the toolbar or the "Info" icon next to the page title to access it.

Deprecateds

  • The following modules have been removed: 404 Detection, Away Mode, Change Content Directory, and Multisite Tweaks.
  • The following WordPress and System Tweaks have been removed: Remove Windows Live Writer Header, EditURI Header, Comment Spam, Mitigate Attachment File Traversal Attack, Protect Against Tabnapping, Filter Long URL Strings, Filter Non-English Characters, Filter Request Methods, Remove File Writing Permissions.
  • The "Backup Full Database" setting has been removed from the Backups module.
  • The "Require SSL", "Front End SSL Mode", and "SSL for Dashboard" settings have been removed from the SSL module.
  • The "Strengthen when Outdated" setting has been removed from the Version Management module.

Fixes

  • Fix fatal errors when using PHP 8.
  • Fix infinite loop when restricting who can use App Passwords on multisite installs.
  • Ensure the ITSEC_Setup class does not exist before trying to load it. Display schema errors on multisite in the Network Admin.