Kadence Security Pro
Features
- Add support for CloudFlare Turnstile and hCaptcha. Learn More: https://ithemes.com/?p=82867
Tweaks
- Add support for logging in with Discoverable Passkeys.
Fixes
- Update Password Strength library to the latest version. This fixes discrepancies between the realtime password strength estimation and the enforced password strength.
- Upgrade the iThemes Updater to 1.7.2 to fix PHP 8 issues.
Deprecateds
- Remove Grade Report.
Tweaks
- Add "All" tab to the Features page.
- Don't show Passkeys onboarding flow during front-end Passwordless Login attempts.
Fixes
- Properly render the Passwordless Login block when not using a Full Site Editing theme.
- Prevent a redirect loop when logging in on sites that take more than 5 seconds to load the Dashboard.
Features
- Passwordless Login can now be setup from the frontend of your website. Use the new iThemes Security block in the Block Editor or the [itsec_passwordless_login_settings] shortcode.
Tweaks
- Don't show "Ban" buttons in Security Dashboard if the user won't be able to create a ban.
Fixes
- Prevent Headers Already Sent warning when a lockout occurs during a WP Cron request on some server setups.
- Manually load Sodium Polyfill for servers that have an older version of libsodium installed.
- Error when saving the File Change settings when the "notify_admin" setting was set.
Security
- Add support for encrypting Two-Factor Mobile App secrets. Enable via Tools -> Set Encryption Key.
- Deprecate Automatic Proxy Detection. Instead, manually configure Proxy Detection or use Security Check. Fix IP spoofing attacks.
Tweaks
- Add "Ban Lockout" button to the Active Lockouts card.
- Delete passkeys that have been in the "trash" for seven days.
- Thanks to Calvin Alkan for reporting the security issues fixed in this release.
Fixes
- File Logs not rotating.
- MaxMind DB Lite not being automatically refreshed.
- PHP warning when loading Icon Fonts in certain configurations.
Fixes
- Fatal error when running on a site with an unprefixed version of Pimple or Psr/Container that was loaded before iThemes Security.
Tweaks
- iThemes Security now requires PHP 7.3 and WordPress 5.9 or later.
Features
- Introducing passkeys for Passwordless Login! Users can log into their site using biometrics like Face ID, Touch ID, or Windows Hello. Enable the new "Passkeys" module to add it as a Passwordless Login method.
Fixes
- Preliminary PHP 8.1 compatibility.
Tweaks
- Add Security Alert when running a PHP version older than 7.3.0. Future versions of iThemes Security will require PHP 7.3.0.
Fixes
- Don't attempt to Hide Backend when a Cron request is being processed.
- Prevent entering invalid date values when selecting a custom date range in the Security Dashboard.
Tweaks
- Require a Title when creating a new Dashboard.
Fixes
- Don't attempt to send a Site Scan notification for Clean scans preventing a fatal error after scheduled site scans.
- Initialize Theme in Dashboard Widget rectifying the "An error occurred while rendering this card" message.
- Use Site Registration Authentication when performing a Site Scan on Multisite Subsites rectifying the "Request is missing verification credentials" message.
Tweaks
- Schedule the Automatic Updater to run 5 minutes after a Site Scan finds Vulnerable Software.
Fixes
- Help styling on WordPress 5.9.
- Compatibility with plugins that expected a logged-in user during lockouts.
- Error when visiting the Notifications page after activating a module with notifications for the first time.
- Update deprecated withState usages to useState.
- Set a default value for the Notification User Roles control.
Tweaks
- iThemes Security now requires WordPress 5.8 or later.
Features
- Introduce a new Import Export feature that allows for greater customization and flexibility.
Fixes
- Scroll to top of window when navigating.
- Allow searching for Password Requirements.
- Login page would be blank when Passwordless Login was configured to use the "Username First" flow.
- Don't load WordPress and System Tweaks modules when the
ITSEC_DISABLE_MODULESconstant is enabled. - Prevent incidentally loading the Two-Factor module when it is unregistered.
- Conditionally display the NGINX File Path setting.
- Allow saving Notifications when "default recipients must contain at least 1 item" error is present.