Kadence Security Pro
Tweaks
- Add Per-Content SSL toggle to the upcoming Block Editor interface.
- Add filter to the recipients list for email notifications: "itsec_notification_{$notification}_email_recipients" and "itsec_notification_email_recipients".
- Detect Server IPs in Security Check.
- Update jquery.file-upload plugin to the latest version ( 9.28.0 ).
- Improve File Change locking to help prevent failing scans on sites with inconsistent cron scheduling.
- Improve "System Tweaks – Suspicious Query Strings – SQLI" to reduce false positives.
- Improve "System Tweaks – Disable PHP" to block PHP files in apache configurations that serve files with a trailing dot.
- Add additional safety checks when writing to system config files.
- Remove "Seznam Bot" from HackRepair List as it isn't present in the latest version.
- Add Recaptcha Opt-in styles wherever the recaptcha is displayed, not just WP Login.
Fixes
- Notification Center. Only send notifications to users with an exact role match of selected roles instead of a fuzzy match based on selected capabilities.
- Resolve warnings on PHP 5.2.
- Don't run Trusted Devices checks on authenticated loopback requests. Please re-run "Security Check" to initialize this detection. This should resolve conflicts with plugins that make authenticated loopback requests as a form of async processing.
- Persist and reload storage to avoid Imported settings being lost in some circumstances.
- Trigger module activation/deactivation routines when using the Importer.
- Remove "Nekudo" GeoIP service as it has been sunset.
Tweaks
- Add support for displaying status messages about services that might be encountering issues without updating the plugin.
- Add support for suppressing malware email notifications if the Malware Scanner is experiencing wide spread issues without updating the plugin.
Fixes
- Fix issue with saving Global settings if Security Check Pro has detected the correct Proxy Header to use.
Tweaks
- Allow for selecting the particular Proxy header a server is configured to use. Improve the language to indicate the importance of configuring this setting. H/t Filippo Cavallarin CEO at wearesegment.com
Tweaks
- Delete a user's device fingerprints when their account is deleted.
Fixes
- Ensure you can save Two-Factor when "Trusted Devices" is disabled on a new site.
Features
- Trusted Devices identifies the devices users use to login and can apply additional restrictions to unknown devices.
Tweaks
- Allow a device to be remembered and bypass Two-Factor for 30 days. Requires "Trusted Devices" to be active.
- Display Recaptcha in the wp_login_form() template function.
- Block access to git and svn repositories when System Tweaks -> Protect System Files is enabled.
- Update jQuery Validation library to 1.17.0
- Don't require Two-Factor on-boarding if the user is required to use Two-Factor because of a vulnerable site.
Fixes
- Improve detection of blocking the File Change Scan from being scheduled if one is already being run.
- Prevent infinite recursion error when trying to access directories outside of the allowed file tree.
- Grade Report styling issue on IE 11.
Tweaks
- Add schedule options to the "Grade Report Change" email.
Fixes
- Don't send "Grade Report Change" email if the grade is reverted back to the original grade during the waiting period before sending the notification.
- Plugins were deactivated when updating through Grade Report.
- REST API Protection blocked the Taxonomies route for all users.
Fixes
- Fixed how the Grade Report enable/disable status is stored to fix admin page loading issues on some sites.
Tweaks
- Added a setting to enable/disable the Grade Report feature of Pro.
