iThemes Security Pro 8.5.3

New: Passwordless Login can now be setup from the frontend of your website. Use the new iThemes Security block in the Block Editor or the [itsec_passwordless_login_settings] shortcode.
Tweak: Don't show "Ban" buttons in Security Dashboard if the user won't be able to create a ban.
Bug Fix: Prevent Headers Already Sent warning when a lockout occurs during a WP Cron request on some server setups.
Bug Fix: Manually load Sodium Polyfill for servers that have an older version of libsodium installed.
Bug Fix: Error when saving the File Change settings when the "notify_admin" setting was set.

Security: Add support for encrypting Two-Factor Mobile App secrets. Enable via Tools -> Set Encryption Key.
Security: Deprecate Automatic Proxy Detection. Instead, manually configure Proxy Detection or use Security Check. Fix IP spoofing attacks.
Enhancement: Add "Ban Lockout" button to the Active Lockouts card.
Tweak: Delete passkeys that have been in the "trash" for seven days.
Bug Fix: File Logs not rotating.
Bug Fix: MaxMind DB Lite not being automatically refreshed.
Bug Fix: PHP warning when loading Icon Fonts in certain configurations.

Thanks to Calvin Alkan for reporting the security issues fixed in this release.

Bug Fix: Fatal error when running on a site with an unprefixed version of Pimple or Psr/Container that was loaded before iThemes Security.