iThemes Security Pro 8.5.3

New Feature: Ability to require Two Factor for users with specific roles.
New Feature: Ability to require Two Factor for vulnerable users.
New Feature: Ability to require Two Factor when the site is vulnerable.
Enhancement: Added logging details about which two-factor provider was used when a two-factor authentication failed.
Enhancement: Improved efficiency of the Two Factor feature.
Enhancement: Added check for the ITSEC_DISABLE_INACTIVE_USER_CHECK define which allows for disabling the inactive user email notification.
Enhancement: Added check for the ITSEC_DISABLE_TWO_FACTOR define which allows for disabling all two-factor authentication. This should only be used temporarily to gain access to the site when locked out due to loss of valid two-factor methods.
Bug Fix: Fixed logging for failed recaptcha submissions.

-Bug Fix: Fixed issue that could notify that WordPress 4.7.1 (the current version) is an outdated version of WordPress.
-Removed Feature: Removed additional authentication method for REST API requests.

Bug Fix: Removed "comodo" from the list of user agents blocked by the HackRepair.com blacklist. This ensures that Comodo's AutoSSL feature of cPanel/WHM is able to function.
Updated Feature: Updated the "REST API" feature in the WordPress Tweaks section. The feature now has proper support for protecting privacy on your site without preventing the REST API from functioning.
Enhancement: Updated Security Check to enforce setting the "REST API" setting to "Restricted Access".