You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
iThemes Security Pro 8.5.4
Download iThemes Security Pro 8.5.4 from nulled fire. iThemes Security Pro takes the guesswork out of WordPress security.
- Author Apanha
- Last update
Bug Fix: Removed "comodo" from the list of user agents blocked by the HackRepair.com blacklist. This ensures that Comodo's AutoSSL feature of cPanel/WHM is able to function.
Updated Feature: Updated the "REST API" feature in the WordPress Tweaks section. The feature now has proper support for protecting privacy on your site without preventing the REST API from functioning.
Enhancement: Updated Security Check to enforce setting the "REST API" setting to "Restricted Access".
Enhancement: Updated the lockouts notification email to a new design. This new design also cleaned up the translation strings to allow better translations.
New Feature: Added a "Protect Against Tabnapping" feature in the WordPress Tweaks section. Details of what this feature protects against can be found here: Target="_blank" - the most underestimated vulnerability ever
Misc: Updated the description for the Lockout Period setting to indicate that the default value of 15 minutes is recommended.
-Bug Fix: Remote IP is now correctly identified if the server is behind a reverse proxy that sends requests with more than one IP listed in a single header.
-Bug Fix: Fixed the link for a user in the logs page so that it properly works on sites that are inside a subdirectory.
-Bug Fix: Improved how Strong Password Enforcement works on password resets to improve compatibility with various plugins.
-Bug Fix: Improved the logic for determining whether a user should have Strong Password Enforcement applied. This covers situations where the user may have a custom role, a customized default role, or added capabilities beyond their role.
-Bug Fix: Removed warning that could happen when updating a user without changing their password.
-Enhancement: Improved the logic for determing the requesting IP address to better handle situations where the site is behind a reverse proxy.
-Enhancement: Strong Password Enforcement now uses a PHP port of zxcvbn to ensure that a strong password was selected.
-Enhancement: All links in Security that have target="_blank" now have added rel attributes to protect against tabnapping.
-Misc: Updated remaining ip-lookup.net links to instead link to traceip.net in keeping with other links that were previously updated to traceip.net.