Tweak: Start enabling encryption for existing iThemes Security sites. Read more: Release Note: 2FA Codes Encrypted for Existing Security Pro Users
Bug Fix: Fallback to the homepage when Enforce SSL encounters a non-safelisted redirect destination.
Bug Fix: IP Detection on sites behind Load Balancers that appended their IP address to X-Forwarded-For and did not provide a Real IP header.
Security Hardening: Prevent open redirects attacks against the Enforce SSL module. This attack requires spoofing the Host header which requires additional conditions to exploit.