iThemes Security Pro 8.5.3

-Enhancement: Add setting to customize On-Board text.
-Enhancement: Require user to confirm Two-Factor email method when signing up via On-Boarding. Can be disabled by disabling the new Two-Factor Email Confirmation email in the Notification Center.
-Enhancement: Add setting for customizing who is required to use two-factor when "Vulnerable User Protection" and "Vulnerable Site Protection" are enabled and who is presented the On-Board flow.
-Tweak: Check if an IP is blacklisted on page load for compatibility with servers that cannot process server configuration level bans immediately.
-Bug Fix: Provide better error messages in case the server for SSL support detection is non-responsive.

-Enhancement: Add mitigation for the WordPress Attachment File Traversal and Deletion vulnerability.
-Tweak: Display the subject line of the Two-Factor Email when logging in.
-Tweak: Fire a WordPress action whenever settings are updated.
-Bug Fix: Improved input sanitization on the logs page to prevent triggering warnings.
-Bug Fix: Don't track post status transitions to the identical post status.

-Security Fix: Fixed SQL injection vulnerability in the logs page. Note: Admin privileges are required to exploit this vulnerability. Thanks to Çlirim Emini, Penetration Tester at sentry.co.com, for reporting this vulnerability.
-Tweak: Recommend Strong Passwords and Refuse Compromised Passwords in the Grade Report.
-Bug Fix: Provide default values for enabled requirements.