- New Feature: Introduces a scheduling framework for handling events. Cron is now used by default, and will switch to using an alternate scheduling system if it detects an error. To disable this detection set ITSEC_DISABLE_CRON_TEST in your wp-config.php file.
- Important: The ITSEC_FILE_CHECK_CRON and ITSEC_BACKUP_CRON constants have been deprecated. Use ITSEC_USE_CRON instead.
- Bug Fix: Fix occasional duplicate backups and file scans.
-Enhancement: Preserve notification settings when the responsible module is deactivated.
-Bug Fix: Process 404 lockouts on the 'wp' hook to prevent a headers have already been sent warning message.
-Bug Fix: Ensure Hide Backend emails are properly sent when activating Hide Backend before saving the Notification Center for the first time.
-Bug Fix: Prevent warning from being issued on new installs by allowing previous settings to be preserved if they exist.
-Bug Fix: Better handle WP_Error...
Enhancement: Updated queries and prepare statements to account for changes to the esc_sql() function in WordPress 4.8.3.
Bug Fix: Fixed the File Change module being incorrectly enabled when upgrading.
Bug Fix: Fixed source of the following warning: "mysql_real_escape_string() expects parameter 1 to be string, object given".
Bug Fix: Only enable the Lockout email notification is the Daily Digest was previously disabled.
Bug Fix: Don't store WP Error objects for mail errors preventing a fatal error for rare PHPMailer errors.
Bug Fix: Prevent error on upgrade warning the subject line was empty.
Bug Fix: Ensure file change notification is properly enabled/disabled on upgrade.
Bug Fix: Fallback to correct default...
New Feature: Introduces the Notification Center, a centralized place to manage and customize email notifications sent by iThemes Security.
Bug Fix: Properly restrict Application Password's to read only REST API rqeuests when overriding the HTTP method used.
Bug Fix: Ensure scheduled malware scan cron hook is setup when the module is activated.
Tweak: Simplify script enqueuing for Two Factor.
Bug Fix: Fixed SQL query bug that resulted in the "Minutes to Remember Bad Login (check period)" setting being ignored.
Bug Fix: Fixed bug that prevents wp-admin/install.php blocking from working properly on nginx servers.
Bug Fix: Don't attempt to do an SSL redirect when WP CLI is running.
New Feature: Introduces Magic Links module. Users can now request a magic login link when logging in during a brute force attack on their username.
New Feature: Added a new setting in WordPress Tweaks: "Login with Email Address or Username".
Enhancement: Host email images from the plugin instead of relying on iThemes servers to help email clients marking messages as spam or blocking images.
Bug Fix: Improved Recaptcha compatibility with WooCommerce.
Bug Fix: Error when searching for modules...