Kadence Security Pro
Tweaks
- When ITSEC_DISABLE_MODULES is set, prevent hide backend from running.
Fixes
- Error on the WordPress dashboard screen when the Security Dashboard module does not completely load.
Features
- A new dashboard widget powered by the iThemes Security Dashboard.
Fixes
- Prevent "headers already sent" warning when logging in with the Two-Factor email method on certain systems.
- Tabnapping: Apply noopener to links instead of using blankshield script when available to prevent new pop-up blocker behavior from killing the links.
Features
- Add "Click to Continue" button to email Two-Factor method to simplify usage.
Tweaks
- Don't require logging in again after overriding Two-Factor in Sync in mid-login.
- Improve redirecting after processing a login interstitial from a front-end login form.
- Add display description for log when safe guarding against an empty config file write.
Fixes
- Include Hide Backend token when emailing a password reset URL.
- Duplicate key error when consolidating Dashboard Events.
- Fix Recaptcha opt-in CSS not always loading.
Features
- reCAPTCHA v3 support. Can toggle between loading the api on all pages ( recommended ) or only the required pages. Adjust the Block Threshold from the recommended default of "0.5" based on the data in the Google reCAPTCHA console.
- On page reCAPTCHA opt-in to allow users to agree to Google's ToS without refreshing the page.
Fixes
- Prevent dashboard error when the "Show Avatars" setting is disabled.
- Styling issue that made "Identified Loopback IP" look like an error message instead of a success.
Features
- Introducing the iThemes Security Dashboard. See a real-time overview of the security activity on your website with this dynamic dashboard. Turn it on by activating the Security Dashboard module.
Tweaks
- Add loopback IP detection to Security Check.
- Add define "ITSEC_DISABLE_TEMP_WHITELIST" to disable the Temporary IP Whitelisting for logged-in administrators.
- Only run Remote Messages API on Pro versions.
Fixes
- Only re-add Trusted Devices restricted capabilities filter if it was registered in the first place.
- Error when trying to edit reusable blocks with per-post SSL enabled.
Tweaks
- Use new "determine_locale()" function for loading the plugin textdomain.
Fixes
- Update Grade Report Software version fallback data.
Fixes
- Don't try to get users with the selected role if no roles are selected.
Tweaks
- Add Per-Content SSL toggle to the upcoming Block Editor interface.
- Add filter to the recipients list for email notifications: "itsec_notification_{$notification}_email_recipients" and "itsec_notification_email_recipients".
- Detect Server IPs in Security Check.
- Update jquery.file-upload plugin to the latest version ( 9.28.0 ).
- Improve File Change locking to help prevent failing scans on sites with inconsistent cron scheduling.
- Improve "System Tweaks – Suspicious Query Strings – SQLI" to reduce false positives.
- Improve "System Tweaks – Disable PHP" to block PHP files in apache configurations that serve files with a trailing dot.
- Add additional safety checks when writing to system config files.
- Remove "Seznam Bot" from HackRepair List as it isn't present in the latest version.
- Add Recaptcha Opt-in styles wherever the recaptcha is displayed, not just WP Login.
Fixes
- Notification Center. Only send notifications to users with an exact role match of selected roles instead of a fuzzy match based on selected capabilities.
- Resolve warnings on PHP 5.2.
- Don't run Trusted Devices checks on authenticated loopback requests. Please re-run "Security Check" to initialize this detection. This should resolve conflicts with plugins that make authenticated loopback requests as a form of async processing.
- Persist and reload storage to avoid Imported settings being lost in some circumstances.
- Trigger module activation/deactivation routines when using the Importer.
- Remove "Nekudo" GeoIP service as it has been sunset.