iThemes Security Pro 3.7.4

iThemes Security Pro takes the guesswork out of WordPress security.

Last Update:Apr 14, 2017      
3 ratings

  1. 3.7.4

    Bug Fix: Fixed a timing issue that prevented Privilege Escalation from giving the escalated user access to Appearance > Customize.
    Bug Fix: Reimplemented support for some removed reCAPTCHA class functions to fix a compatibility issue with iThemes Exchange.
  2. 3.7.3

    New Feature: Added support for the new Invisible reCAPTCHA.
    Enhancement: Removed AhrefsBot from the HackRepair blacklist as they are legitimate bot.
    Bug Fix: Removed warning that could appear: "Undefined offset: 0 in ithemes-security-pro/pro/user-security-check/class-itsec-user-security-check.php"
    Bug Fix: Removed warning: "Non-static method ITSEC_Setup::uninstall() should not be called statically".
  3. 3.7.2

    Bug Fix: When a requesting IP address cannot be found, default to This fixes issues with some alternate cron setups.
    Bug Fix: Having more than one iThemes Security modification in a .htaccess, nginx.conf, or wp-config.php file will no longer result in having all the file content between each section removed when updating the file.
    Bug Fix: Modifications to the wp-config.php file added by W3 Total Cache now have their Windows-style newlines preserved when iThemes Security updates...
  4. 3.7.1

    Bug Fix: Fixed a bug that could prevent settings from saving properly if the site was migrated to a new server or a new home path on the server.
  5. 3.7.0

    New Feature: Added the ability to create Application Passwords that are valid for the REST API, XML-RPC requests, or both.
    New Feature: When a user has an Application Password that is valid for use by the REST API, authenticated REST API requests can be made using HTTP Basic Authentication which allows for including the username and and password with the request.
    New Feature: Application Passwords that are valid for the REST API can be set to read-only. This allows for creation of services...
  6. 3.6.2

    Bug Fix: Fixed bug that prevented Away Mode from activating on some sites.
  7. 3.6.1

    Bug Fix: Removed warning that could occur when upgrading from pre-3.6.0 versions of iThemes Security Pro.
    Bug Fix: Fixed scenario that could cause users to have to provide two-factor authentication during login when the Two-Factor Authentication feature is disabled.
    Bug Fix: Fixed link sent to users when using User Security Check to send an email reminder to a user prompting them to configure two-factor.
    Bug Fix: Fixed bug that could prevent generation of new two-factor codes on the...
  8. 3.6.0

    New Feature: Ability to require Two Factor for users with specific roles.
    New Feature: Ability to require Two Factor for vulnerable users.
    New Feature: Ability to require Two Factor when the site is vulnerable.
    Enhancement: Added logging details about which two-factor provider was used when a two-factor authentication failed.
    Enhancement: Improved efficiency of the Two Factor feature.
    Enhancement: Added check for the ITSEC_DISABLE_INACTIVE_USER_CHECK define which allows...
  9. 3.5.0

    -Bug Fix: Fixed issue that could notify that WordPress 4.7.1 (the current version) is an outdated version of WordPress.
    -Removed Feature: Removed additional authentication method for REST API requests.
  10. 3.4.0

    Bug Fix: Removed "comodo" from the list of user agents blocked by the blacklist. This ensures that Comodo's AutoSSL feature of cPanel/WHM is able to function.
    Updated Feature: Updated the "REST API" feature in the WordPress Tweaks section. The feature now has proper support for protecting privacy on your site without preventing the REST API from functioning.
    Enhancement: Updated Security Check to enforce setting the "REST API" setting to "Restricted Access".