iThemes Security Pro 8.5.3

Bug Fix: Accessing password requirement settings would not resolve properly in some instances.

-Enhancement: Only pre-select Two-Factor methods during on-board process if the user requires Two-Factor. This should help prevent users from rolling through the on-board process too quickly.
-Enhancement: Show if a "force password change" is in-effect and allow for the change to be removed.
-Enhancement: Add debug settings JSON editor.
-Tweak: If no last password change date is recorded for the user, treat their registration date as the last change date.
-Bug Fix: If a password requirement has been disabled or is no longer available, don't consider the password as needing a change.
-Bug Fix: Remove distributed storage table on uninstall.
-Bug Fix: Don't display backup Two-Factor method form if it is not available to the user. Previously it would only be prevented from being submitted.

-New Feature: Integration with Have I Been Pwned to prevent users from using passwords found in data breaches.
-Enhancement: Introduce Password Requirements module for managing and enforcing password requirements.
-Enhancement: Continually evaluate password strength for users instead of only during registration.
-Enhancement: Add basic admin debug page to help diagnosing and resolving issues. Particularly with the events.
-Bug Fix: Password strength would not be evaluated if password was set using custom PHP or CLI commands.
-Bug Fix: Only hide "Acknowledge Weak Password" checkbox if the user was not allowed to use a weak password.
-Bug Fix: Ensure Grade Report instructions in the Security Digest is accurate when the Grade score is capped.