Kadence Security Pro
Features
- Users can register for an account using passkeys on WP Login.
Tweaks
- Improve highlighting settings search results.
Fixes
- Checkbox styling issue on WordPress 6.6.
- If Login Methods is set to "Email Only" use the user's email address for the passkey's name.
- Fire an action when a vulnerability is unresolved due to plugin activation.
Fixes
- The Security Dashboard widget would not appear on new Solid Security installs.
- Activating a Patchstack license on sites with a www. subdomain would not show the license as active.
Security
- Fix a Google reCAPTCHA v3 bypass.
Deprecateds
- "Automatic (Insecure)" IP detection has been removed. Read more: https://go.solidwp.com/firewall-features-not-available
Tweaks
- Block repeated session hijacking attacks from the same device even if the user has not specifically blocked the attacker's device. Previously, subsequent attacks after the first block would have their capabilities reduced.
- Remove the "Accept-Language" and "DNT" header from the list of sources for Trusted Devices.
- The Updater library has been updated to 1.8.4. The list of Patchstack licensed domains have been removed from the SolidWP licensing page.
Fixes
- Fix the Trusted Devices "Approve" link in Outlook mail clients.
- The "Privilege Escalation" tab would not appear in a user's profile unless Passwordless Login was enabled.
Tweaks
- The "Trusted Devices" user experience has been reworked to make it clearer and simpler, especially for end users. Learn more: https://academy.solidwp.com/?p=10906
- Allow generating a new Two-Factor TOTP secret from the WP-Login UI.
Fixes
- The SolidWP logo appeared too large in some email clients.
- An error would occur if we could not determine the length of database columns while saving log items.
Tweaks
- Add a notice when a user's role is demoted from the Site Scans page.
- Update Privacy Policy generator text.
Fixes
- Could not proceed through onboarding when BuddyPress or BuddyBoss was active.
- Some firewall rules could not be deactivated.
- Allow opting in to Telemetry via the Settings Page.
- PHP 8.2 deprecation warnings.
Fixes
- A PHP Fatal Error on PHP 8+ when logging a WP_Error to the Security Logs.
Features
- The Firewall page has a new IP Management tab to provide easy access to blocking or authorizing IP addresses.
Tweaks
- Usage Data Sharing (opt-in only) allows users to share non-personal and non-sensitive information with StellarWP to inform decisions about how to improve Solid Security in the future.
- The "Trusted Devices" manager has been redesigned and relocated to the Security Profile tabbed UI.
- Add a snackbar notice when making changes on the Firewall Configure page.
- Make the GDPR Optin text in the CAPTCHA module more visible.
- Remove some straggling references and links to iThemes.
- Consistently refer to 2FA as Two-Factor Authentication on the Profile page.
- Allow performing more Site Scan actions when the issue is muted.
Fixes
- Truncate log item columns that are too long before inserting into the database.
- Consistently order the Security Profile tabs.
- Add missing text domain to new Solid Security Admin Menu items.
- Reset filters on the Vulnerabilities page when starting a Site Scan.
- PHP warning on the logs page when the File Change module logs unexpected data.
Features
- Refreshed UI for manging per-user security settings like Passwordless Login, Passkeys, Two-Factor and Privilege Escalation. The previous Two-Factor UI can be enabled using the SOLID_SECURITY_LEGACY_2FA_UI constant.
- A new block "Solid Security User Security Settings" let's you display this UI on the front-end of your website. The [solid_security_user_profile_settings] shortcode can be used if you're not yet using the Block Editor.
Tweaks
- Solid Security now requires WordPress 6.3 or later.
- Display a snackbar notice when sending a 2FA reminder from the Site Scan page.
- Include a link directly to the Patchstack database in the Site Scanner alert email.
- Remove iThemes Security is now Solid Security banners from the admin.
Fixes
- An error occurred when trying to create a new Firewall rule as a draft.
- Trying to enable Network Brute Force from the Security messages center linked to the wrong place.
- During onboarding, a double scrollbar was displayed on some screen sizes.
Features
- Add support for creating custom firewall rules.
Tweaks
- Add support for configuring firewall settings from the Firewall page.
Fixes
- The firewall page would appear empty when geolocation could not retrieve a country code.
Security
- Harden SolidWP Updater against XSS attacks. Thanks to Robin Wood (digi.ninja) for disclosing this issue.