Kadence Security Pro
Features
- Introduces the Notification Center, a centralized place to manage and customize email notifications sent by iThemes Security.
Fixes
- Corrected some Javascript and CSS links not generating correctly on Windows servers.
- Properly restrict Application Password's to read only REST API rqeuests when overriding the HTTP method used.
- Ensure scheduled malware scan cron hook is setup when the module is activated.
Tweaks
- Simplify script enqueuing for Two Factor.
Fixes
- Fixed SQL query bug that resulted in the "Minutes to Remember Bad Login (check period)" setting being ignored.
- Fixed bug that prevents wp-admin/install.php blocking from working properly on nginx servers.
- Don't attempt to do an SSL redirect when WP CLI is running.
Features
- Introduces Magic Links module. Users can now request a magic login link when logging in during a brute force attack on their username.
- Added a new setting in WordPress Tweaks: "Login with Email Address or Username".
Tweaks
- Host email images from the plugin instead of relying on iThemes servers to help email clients marking messages as spam or blocking images.
- Added Magic Links, a new Pro-only feature, to be activated by Security Check.
- Rearranged modules to be listed alphabetically.
Fixes
- Improved Recaptcha compatibility with WooCommerce.
- Error when searching for modules preventing modules from appearing.
- Use the wp_options table when acquiring locks in Multisite.
- Prevent duplicate daily digest emails on sites with high load.
Fixes
- Fixed logical error that prevented backups from executing.
- Fixed issue that could cause database locks to flood the database.
Features
- Security Check now attempts to automatically determine the location of the remote IP in the $_SERVER variable in order to protect against IP spoofing.
- Security Check now attempts to automatically determine if the site supports https connections. If support is found, it asks the user if they wish to redirect http requests to https.
Tweaks
- Changed Two Factor login confirmation code emails to avoid spam filters.
Tweaks
- Periodically retry malware scans when there is a temporary error with the scanning service before alerting users of the issue.
- Improved compatibility for Recaptcha on the front-end on slower to load websites.
Removeds
- Removed the "Replace jQuery With a Safe Version" feature as its use (protecting against a specific jQuery bug: https://bugs.jquery.com/ticket/9521) is many years old and is no longer a concern.
Fixes
- Fixed way to work around Hide Backend on some hosts.
- Bumped version number of some scripts to ensure that they refresh properly.
Features
- Added support for email notifications when automatic updates are installed.
Tweaks
- Multisite Support for Settings Exports
- Added warnings to the Version Management settings page if the system or site configuration could prevent automatic updates from working as expected.
- Added support for validating the Recaptcha hostname by using the 'itsec_recaptcha_validate_host' filter.
- Refresh module settings after an import has been completed.
- Notify the user of invalid file paths for Log Files, Backups and NGINX Conf file during an import.
- Replaced file locking with database locking. This method of locking is compatible with all systems as it does not require the ability to write files. It also allows for locking to work on sites that have multiple front-end servers with a shared database. Since file locking is no longer used, the Global Settings > Disable File Locking setting was removed.
- Add "Copy to Clipboard" functionality for server and wp-config rules.
Fixes
- Prevent 404s when following links in email notifications on a site with Hide Backend enabled.
- Ensure uninstall process is not run when another version of iThemes Security is still active.
- Fixed method of working around Hide Backend.
- Warnings are no longer generated when saving a user profile with a role of "No role for this site" selected.