Kadence Security Pro
Features
- Added support for the new WordPress privacy features.
Tweaks
- Removed sending the remote_ip argument to Google's reCAPTCHA server as it reduces the amount of personal information that is sent.
Fixes
- Changed the rules generated by the Filter Suspicious Query Strings feature in order to avoid blocking privacy export/erasure request confirmations.
Tweaks
- The number of users listed in the User Security Check model is now limited to 20 by default. This can be modified by using the itsec_user_security_check_users_per_page filter.
- Introduce Distributed Storage framework for reducing the amount of data stored in the WordPress options table. This should improve performance for large sites using File Change.
Fixes
- iThemes Licensing: Fixed fatal error that could occur when clicking the "View details" link for an available plugin update.
Tweaks
- Two-Factor Flow: Allow the user to proceed after downloading or copying the backup codes without dismissing the notice.
- File Change: Only scan a maximum of 10 plugins in a single chunk.
- File Change: Move "latest_changes" entry to a separate storage bucket to improve performance on large sites.
- iThemes Licensing: Added ability to manage licensing from WP-CLI.
Fixes
- Fix error on Multisite settings page when Two-Factor is not enabled.
- Properly enforce strong passwords when on the WP Login Reset Password page.
- Fix clearing or previous file scans results.
- iThemes Licensing: Fixed the "View details" link failing to work properly after updating.
- iThemes Licensing: Fixed an issue that could cause data changes to not save properly on specific background page requests.
- iThemes Licensing: Added a compatibility fix to avoid conflicts with plugins that change the plugin_action_links filter value from an array to a string.
- iThemes Licensing: Updated handing of wp_remote_get() response due to changes documented in https://core.trac.wordpress.org/ticket/33055.
Tweaks
- Allow for customizing access to the Application Passwords feature.
- Added comment to prevent Tide from marking the plugin as not compatible with PHP 5.3.
- Differentiate between "Enforced Two-Factor" and "Configured Two-Factor" in User Security Check.
Fixes
- Improve clearing of previous File Change file hashes.
- Internal links to a filtered logs page.
- Prevent duplicate "user-logged-in" log items when logging-in with Two Factor.
- Prevent multiple session tokens from being created when logging-in with Two Factor.
- Prevent missing provider information when logging a successful Two Factor authentication.
- Fixed incorrect detail text for Local Brute Force Protection on the Grade Report.
Features
- Add Two-Factor On-Board flow.
Tweaks
- Support disabling enforced Two-Factor the first time a user logs-in.
- Introduced Login Interstitial framework to consolidate code between Password Requirements & Two Factor.
Fixes
- Resolve warnings when upgrading file change settings.
- Allow read-only Application Passwords to make HEAD requests.
Tweaks
- Move Online Files hashes to a separate storage setting to improve performance on sites with large number of plugins or themes.
- Add description for File Change recovery related logs.
- Don't report removed files if the removal is caused by a new file extension being excluded.
Fixes
- Improved detection of REST API requests on sites without a home dir.
- Improve File Change recovery system on high-traffic websites.
- Fix warnings on debug file change log items.
Fixes
- Fixed a fatal error condition that could occur on the Grade Report page when specific combinations of manual roles for Two-Factor Protection > User Type Protection were selected.
Features
- Added Grade Report, a tool to identify security weaknesses on the site with options to fix the detected issues.
Fixes
- Ensure all users with the
manage_optionscapability are available when selecting contacts in the Notification Center.
Tweaks
- Added minimal API for adding additional entries to the Security admin menu.
Fixes
- Warning when uninstalling a plugin while File Change module is active.
Tweaks
- Shrink storage size of file scans.
- Make recovering file scan log smaller.