Kadence Security Pro
Security
- Don't disclose the login URL when using Hide Backend on a site with comments enabled and comment registration required. Thanks to Naveen Muthusamy for disclosing this issue.
Tweaks
- Check for the promote_user capability when using Privilege Escalation in addition to edit_user.
- Remove the iThemes Security is now Solid Security banner from admin-facing email notifications.
- The lib/updater library has been updated to 1.8.1
- Add a
wp ithemes-licensing set-licensed-urlWP-CLI command.
Fixes
- Prevent the User Security page from crashing when "Show Avatars" is disabled in the WordPress discussion settings.
- Fix some filters on the User Security page not working as expected.
- Fix spacing on the Two-Factor form when backup methods are enabled.
- Fix fatal error when there is an error retrieving Patchstack license information.
- Styling issues on WordPress 6.4.
Tweaks
- Add pagination to the Firewall logs table.
- Various UI improvements.
Fixes
- On sites with no logo, a broken image appeared in some emails.
- In some email clients, the Solid Security logo would stretch too wide.
Fixes
- Ensure new database tables are created.
Tweaks
- iThemes Security is now Solid Security! Learn More: https://go.solidwp.com/changelog-what-is-patchstack
- Solid Security now requires WordPress 6.2 or later.
- The dashboard and settings screens have been redesigned to make it easier to find what you're looking for.
- The Security Summary dashboard card gives you a snapshot of the most important security issues affecting your site.
- Add support for loading Solid Security via an MU-Plugin for improved performance when blocking attackers.
- Remove the IP Tracker Online link from the logs page.
Features
- Virtual Patching powered by Patchstack protects your site from vulnerable software even when you can't update to a fixed version.
- The Firewall screen brings together the Firewall functionality Solid Security provides into one easy to use screen. More Firewall features are coming soon!
- The Vulnerabilities screen identifies what vulnerable software you have on your site and guides you through next steps.
- Identify risks in your site's security with the the expanded Site Scan functionality.
- The User Security screen keeps you appraised of the security practices your site's users are following. Easily apply actions to multiple users in one-click like resetting passwords or logging out active sessions.
Fixes
- PHP 8.2 compatibility.
- Resolved PHP warnings when unexpected data is encountered during software updates.
Tweaks
- iThemes Security is becoming Solid Security soon. Learn More: https://go.solidwp.com/security-wpadmin-ithemes-becoming-solidwp
Fixes
- Username First login compatibility with WordPress 6.3.
Fixes
- Passwordless Login compatibility with WordPress 6.3.
Tweaks
- Add support for mandating User Verification when using passkeys.
Fixes
- Don't require "Write to Files" to be enabled to use the "Rotate Encryption Key" tool.
Tweaks
- Kick off staged rollout of encryption.
Tweaks
- Start enabling encryption for existing iThemes Security sites. Read more: https://ithemes.com/?p=84653
Fixes
- Fallback to the homepage when Enforce SSL encounters a non-safelisted redirect destination.
- IP Detection on sites behind Load Balancers that appended their IP address to X-Forwarded-For and did not provide a Real IP header.
Security
- Prevent open redirects attacks against the Enforce SSL module. This attack requires spoofing the Host header which requires additional conditions to exploit. Thanks to nlpro for reporting the issue.