Changelog for Security Ninja
= 5.145 =
* Improved MainWP integration with Secret Access URL.
= 5.144 =
* Fix: PHP error on some installs - Thank you @fakkel and @computerbuddha.
* New: Expand all details for security tests. Thank you Alauddin.
* Fix: Typo in warning messages.
= 5.143 =
* Improve vulnerabilities interface and text.
* New: Detected vulnerabilities list update when website
finishes update routines.
* Fix: PHP notice on tests page.
* Fix: PHP notice on vulnerabilities page.
* Fix: Whitelabel - missing name replacements several places. Thank you Jay.
* Fix: PHP pruning visitor log in some cases.
* Fix: Plugin name was showing up even if whitelabel feature enabled. Thank you Jay.
* Fix: Not detecting themes properly.
* Compatibility check with WordPress 6.0
* Updated language files.
= 5.142 =
* Fix: PHP notice when amount of vulnerabilities change.
* Fix: Error if multiple Strict-Transport-Security headers are used - Thank you Jay.
* Fix: PHP notice in auto-fixer module, thank you Jay.
* Fix: When renaming the login URL the default page now returns 404. Thank you Alauddin.
= 5.141 =
* New: Filter for whitelisting custom files and folder for malware scanner. https://wpsecurityninja.com/docs/filters-hooks/securityninja_whitelist/
* Wizard: Auto update plugin enabled per default.
* The autofix is back and improved - Easy fixes for many of the security tests.
* Fix for the "Remove unnecessary themes". Thank you Jay.
* Fix whitelisting folders and files in malware scanner
* Fix for Russian language websites. Opt-in dialogue failed. Thank you Mikhail 🙂
- Improved MainWP integration.
- Improved auto-updates integration.
- Fix: Logging database tables sometimes not created before plugin tried to log something.
- NEW - Notice to easily enable automatic background updates.
- Wizard - automatically sends email with unblock URL to administrator currently logged in.
- FIX - PHP Notice missing database table when deactivating and reactivating.
- Updated the description of the Content Security Policy, thank you Reza.
- Code preparation for integration with MainWP! 😀
- Cleanup JS code.
- Improved test "Check if automatic WordPress core updates are enabled." with better explanation - thank you Reza.
- Removed clutter in interface.
- Fixed potential bug in installation script.
- Updated firewall with new rules.
- Tested up to WP 5.9.2
- Removed events logger step from wizard - it is automatically enabled.
- Improved the Wizard layout and process.
- Fix bug in event log, thank you Eelco.
- Security Tests – Improved layout changes, “Details” link moved.
- Security Tests – Fixed the test for unnecessary themes. Thank you Jay
- Fix – Opt in reset link.
- Visitor Log: Rearrange details for each request, easier to get an overview.
- Event logging is always on, helps detect patterns, eg. failed logins and repeated attacks spread over longer periods of time.
- Retired old database optimizer module.
- Removed syslog feature from events module.
- Cleanup old code.
- Minor improvements to event logger page styling.
- Core Scanner - Now with "Delete all" button.
- Security fix.
- Rename login - when activated shows same message as set in the settings for blocked pages.
- Fix - Firewall rename login module was deactivated in settings.
- Fix - First time activation goes to main page.
- Fix for empty table name when updating.
- Code tightening and 3rd party library updates.
- Tested WP 5.9.1
- Disable "Rename login URL" feature when the firewall module is disabled. Thank you Alauddin.
- Updated IP detection functionality - fix for firewall issues.
- Fix for firewall - thank you Barry 🙂
- Fixes to firewall issues reported on some websites. Sorry to those affected.
- Pro: New feature, automatically remove unwanted files - Enable on Fixes page.
- Pro: Improved event logging detecting user in some cases.
- Pro: Fixed problem loading the wizard on some websites.
- Pro: More details in "Event logger" - see raw data for more events.
- Improved test interface, less clicks needed.
Pro: New feature, enforce secure cookies on your website. Easy 1-click fix.
Improved PHP 8 compatibility
Updated 3rd party libraries.
Tested up to WP 5.9
- NEW - Rename login. Hide your login page from automated scripts.
- NEW - Core Scanner now runs automatically every day. No need to manually scan the core WordPress files. This now happens automatically for you 🙂
- NEW - Added applebot.apple.com to verifyable crawlers.
- NEW - Whitelisting IPs for WP Rocket and Broken Link Checker services.
- Updated 3rd party libraries.
- Tested up to WP 5.8.2
- FIX - Made the notice about updated vulnerability list dismissable.
- FIX - Minor bug in test if Admin SSL is enforced - Thank you Christopher.
- FIX - Updated malware scanner to fix false positive - Thank you Benjamin.
- NEW - Added petalsearch.com to list of validated crawlers - Thank you Thomas.
- Language files updated.
= 5.123 =
* NEW: Improved firewall with better search engine crawler detection - Thank you Thomas.
* FIX: Missing details when logging a failed login - Thank you Eric.
= 5.122 =
* Fix - High memory usage when activating plugin - getting vulnerabilities could stop activating the plugin. Thank you Patrick for the help locating this!
* Fix - Internal links
* Fix - Wizard CSS layout was not properly loading
= 5.121 =
* Fix: Vulnerabilities - Small display error when showing how many vulnerabilities added in last update.
* Fix: Vulnerabilities - Memory issue converting data on some servers, thank you John.
* Improved visitor logging, faster code.
= 5.120 =
* New: Get email warning if any vulnerabilities are detected on your website!
* Fix: Some visits were not properly logged, thank you Thomas, John and others for reporting.
* New: Improved reporting of blocked IPs -> Faster plugin 🙂
* New: Our global IP network of blocked IPs is now out of beta -> More protection for your website.
* New: Notice shows new vulnerabilities added since last update.
* Improved the visitor log -> Only updates when the browser window is in focus, less work for your server.
* Updated language files. Thanks to all the translators for their hard work! 🙂
= 5.119 =
* Tested up to WP 5.7.2
* Minor PHP fixes.
* Updated language file.
* New - Visitor log with live updates (Pro)
* Improve IP reporting network functionality (Pro)
* Improve firewall rules (Pro)
* Fix - PHP notice regarding wizard (Pro)
* Fix - Removed visitor logs on Firewall tab (Pro)
* Fix - Firewall visitor log mistakenly reported administrators as blocked, eventhough they were not (Pro)
* Fix - Visitor log not including WP_AJAX requests (Pro)
* Fix - Visitor log not including cron jobs.
= 5.118 =
* New - Pointer introduction for new users!
* Fix Welcome page layout and improved styling
= 5.117 =
* Fix minor issue in malware scanner
* Fix persistent error in WC logging.
= 5.116 =
* Fix - Event logging not working properly on some WooCommerce shops.
= 5.115 =
* Fix - Downloading vulnerability list showed error notification on some website configurations.
* Fix - Properly overwrite settings in wp-config.php
* Fix - General cleanup of code.
* Tested up to WP 5.7
* New - PRO: Added basic WooCommerce tracking to Events Logger.
* PRO: Feature-Policy has been deprecated, it has been renamed to Permissions-Policy. Currently both headers are used temporarily.
* Updated 3rd party libraries.
* Fix problem on some systems - error when activating firewall - "Undocumented error. Page will automatically reload. Reworked code.
* Fixed notice in welcome module when deactivating plugin. Thank you Ebrahim.
* Whitelabel now available for 20+ site licenses.
* Languages available: Bulgarian, English (US), Spanish (Ecuador), Spanish (Spain), and Spanish (Venezuela). Thanks to all the translators! 😀
= 5.114.1 =
* Quick fix for PHP notice showing up in debug log on some websites.
= 5.114 =
* NEW: Settings for vulnerability module - control what is being checked for and disable the counter in the admin menu.
* Improved plugin loading time - Doing more tasks in background.
* **Pro Changes:**
* NEW: Wizard - Get started in minutes with a few simple steps - protect your website with ease.
* NEW: Introducing IP ban network - all sites reports heavy attacks to a central API to send out block warning to all sites in the network.
* NEW: Fixes: Disable WP XML Sitemaps introduced in WordPress 5.5
* NEW: Fixes: Enable/disable username enumeration
* Import/export works with vulnerability settings.
* Improved handling of importing data.
* Removed debug page in plugin in favor of "Site Health" included with WP.
= 5.113 =
* Fix: MySQL no longer creates database tables with "MyISAM" as the engine. Uses the site default configuration. Thank you Kien.
* Fix: "Test this IP" did not work correctly with IP ranges. Thank you Justin.
* Fix: Core Scanner module - now works faster and loads data without reloading the entire plugin page. Improved user interface.
= 5.112 =
* New: Check for Application Password feature introduced in WP 5.6
* New: Enable/disable the Application Password feature (Pro)
* Fix: PHP notice when downloading and saving vulnerability list.
* Tested with WordPress 5.6
= 5.111 =
* Update Freemius to 2.4.1 and other 3rd party libraries.
= 5.110 =
* NEW: Fixes page - Enable/disable security features on your website.
* NEW: Set Security Headers values on "Fixes" page.
* NEW: Hide PHP Version and Server info.
* Improved user interface, made changes to colors and layout.
* Tested up to WP 5.5.1
* Further work on PHP compatibility - Thank you Barry.
* 185,502 downloads
= 5.109 =
* FIX - Nginx example corrected for "Referrer-Policy" from "no-referrer" to the correct "same-origin". Thank you Mk.
* FIX - Nginx example corrected for "Feature-Policy" security header. Thank you Mk.
* FIX - "Secure the site" showing up multiple places on plugins page in admin.
* Improvement - Better instructions on how to change weak database passwords and removing the autofixer.
* Minor cleanup in logging routines.
* Fix: Loading outdated plugin list from file instead of from database - caused problem on some servers.
* Fix: Wrongly saying "Vulnerabilities found" eventhough no vulns were found.
* Fix: Check for wp-config permissions (chmod) failed if the file had been moved. Thank you Mk.
* Fix: Minor error showing last blocked logins in sidebar.
* Updated 3rd party libraries for better PHP 7.4 compatibility.
* 182,512 downloads
= 5.108 =
* FIX: "Secure this site" link under all plugins. Thank you Mk.
* FIX: Opening up welcome page for all new plugin installations.
* Updating jQuery code due to changes to WordPress 5.5
* Tested WP 5.5 compatible.
* More detailed description in Firewall for "Hide login errors".
* 177,103 downloads
= 5.107 =
* NEW: Introducing check for outdated plugins - not updated in 5+ years.
* NEW: Turn login form protection on or off. Thank you Mk.
* NEW: Feature added - Block login error messages.
* NEW: Added warning on WooCommerce login form.
* FIX: Improved loading speed in plugin admin pages.
* FIX: The warning "Vulnerabilities found on your system!" was shown even if there were no vulnerabilities detected. Thank you all who reported this issue.
* Updated Freemius SDK to 2.4.0
* General code cleanup.
* 175,961 downloads
= 5.106 =
* New: Tests - Filter "untested" - tests not run yet.
* Fix: Tests - Fixed bug in getting permissions for WP config file.
* Fix: Whitelabel - removed plugin name showing up under debug info. Thank you Jay.
* Layout improvements - fixing visual bugs.
* Moved vulnerability check to every 24 hours.
* Firewall: Added option to immediately block any attempts to log in with username "admin".
* Firewall: Fixed bug with setting limits for failed logins in admin.
* PHP 7.4 compatibility check
* Code cleanup.
* 171,569 downloads
= 5.105 =
* FIX: Compatibility with Yoast SEO - Thank you Thomas 😉
* FIX: PHP warning - undefined index - Thank you Mariusz.
* Improvement - Loading of JS and CSS files in Firewall module.
* Updated language files.
* 167,963 downloads
= 5.104 =
* NEW: Added vulnerability testing for installed themes.
* NEW: Added vulnerability count to the menu.
* NEW: Added visitor log pruning - Keep the visitor log size down. Customizable interval and you can also turn off firewall logging entirely.
* NEW: Dismiss vulnerability warnings for 24 hours directly in warning notice.
* NEW: Plugin translated to Bulgarian - Thank you Valentin!
* FIX: Scheduled Scanner results - Broken results for "Core Scanner" - Thank you Mk.
* Added missing Nginx examples for username enumeration. Thank you Fahmi.
* More options for how often to send email notifications in event logger - Thank you Mk.
* Code cleanup.
* 165,593 downloads
= 5.103 =
* Updated malware scanner patterns - Thank you Cathal for submitting sample.
* Update: Showing when malware patterns were last updated on malware tab.
* Fix: Layout of suggestions under "Details" were improved.
* Fix: Bug where results for "Check if active plugins are compatible with your version of WP" were empty - Thank you @lsbk
* 161,873 downloads
= 5.102 =
* Updated list of vulnerable plugins.
* Added more user agents to block - Thank you Laurent.
* Fixed bug with importing settings - Thank you Thomas.
* Tested up to newly released WP 5.4.1
* 159,186 downloads
= 5.101 =
* Downgrade IP2location library to 8.1.1 - Fixes problem with library requiring PHP 7.1
* 156,477 downloads
= 5.100 =
* Fix: Removed syslog logging to file. Many users had problems with the
* Improved welcome page for new installations.
* Improved layout on settings page, fixing markup mistakes.
* Updated language files.
* Code cleanup and security hardening.
* 155,476 downloads
= 5.99 =
* Added Nginx examples to security headers - Thank you Dzul.
* Security hardening.
* PRO: Event logging can now be turned on and off - Thank you Matt.
* 153,294 downloads
= 5.98 =
* Security hardening the automatic fixers.
* Added name to vulnerability warning.
* Added warning to "Check if database table prefix is the default one" test - Thank you Martin.
* Reworked the fix for changing database table prefix. Thank you Martin.
* 151,318 downloads
= 5.97 =
* Fix: The "filter test by status" not working properly if status changed. If you ran a test, fixed a failed test and ran again, the test would not change status.
* Fix: Removed the "pointer" introducion in favor of the new "welcome page" for new users.
* Added a link to the welcome page in the sidebar if you want to view it.
* Vulnerabilities: More details for each vulnerability.
* 147,072 downloads
= 5.96 =
* NEW: Quick filter tests - Failed tests, tests with warnings or those tests that are OK.
* NEW: Quickly see how many vulnerabilities you have in the tab view.
* Improved admin view layout and styling.
* Vulnerabilities - Easier to visually scan recommendations - hiding clutter in interface.
* Fix - PHP Notice in some cases - Thank you Mike 🙂
* 144,961 downloads
= 5.95 =
* Added more details to the wp-config.php test - Thanks @lsbk.
* Work on following WordPress Coding Standards.
* Minor change in the WP constants test.
* Moved the malware definitions API to a faster location.
* Code cleanup.
* Plugin has been tested up to WordPress 5.4
* 143,732 downloads
= 5.94 =
* FIX: Security Tests - Fixed the test for wp-config.php file permissions - thank you @lsbk 🙂
* Updated language files.
* Work on following WordPress Coding Standards.
* 142,778 downloads
= 5.93 =
* FIX: Fatal error happened in some situations - "Call to undefined method".
* Improved the welcome page.
* 141,800 downloads
= 5.92 =
* NEW: Plugin onboarding - welcome page for new users.
* Fix: PHP notice when blocking some visitors.
* Security hardening and working on WordPress coding standards.
* 140,243 downloads
= 5.91 =
* Fix: Vulnerability warning did not load properly on all admin pages.
* Fix: "Thank you for installing" pointer was reset when updating. Thank you Thomas for helping getting this fixed.
* Code cleanup.
* Updated language files.
* 137,665 downloads
= 5.90 =
* New: Sitewide warnings for when vulnerabilities are detected. Warnings can be dismissed for 24 hours.
* Security Tests: Added more dangerous filenames to look for.
* More code refactoring to follow WordPress Standards.
* 136,037 downloads
= 5.89 =
* Code cleanup - Removing unused code.
* Refactoring code to better follow WordPress Standards.
* 134,362 downloads
= 5.88 =
* NEW: Quick overview Dashboard Widget - Get a quick overview of your security status.
* Improvement - Load required composer component libraries with a unique namespace to prevent clashes with other plugins including same libraries.
* Fix: Cloud Firewall - Error saving GeoIP in WordPress Multisite configuration. Thank you Roy.
* Updated language files.
* 132,555 downloads
= 5.87 =
* NEW: Test for "Referrer-Policy" security header. Thank you Jonathan.
* NEW: Test for "Feature-Policy" security header. Thank you Jonathan.
* Fix: The instructions to completely disable XML-RPC was wrong, thank you Ivan for spotting this!
* Fix: Typos in some of the security header test descriptions and details.
* Fix: Not using whitelabel name in emails. Thank you Ivan.
* Fix: Only load pointers if the whitelabel feature is not enabled. Thank you Ivan.
* Tightening and optimizing code.
* Updated language file.
* 130,473 downloads
= 5.86 =
* New: Check if the debug.log file exists and advice how to block it.
* New: Check if the REST API is enabled. Thank you Cuong.
* New: More details if a test fails about what went wrong.
* Fix: If opening details window about a test and the test have not been run yet, the spinner stayed looping forever.
* Fix: Some completed tests might have extra details and they were missing.
* Fix: Not removing all settings when deactivating the plugin.
* Typo - "incompatibile" -> "incompatible".
* 128,964 downloads
= 5.85 =
* New: See when last time a test was run and for how long when you click corresponding "Details" button.
* Improvement: Do not remove settings when deactivating plugin temporarily, remove when uninstalling plugin. Thank you Cuong.
* Improvement: Added polyfill for BC Math PHP extension which might not be installed per default in all server configurations.
* 127,333 downloads
= 5.84 =
* Testing: Security test rewrite - Testing is much faster now.
* Testing: You can now select individual tests to run.
* Testing: Live updates, no page refresh needed.
* Fix: Updated firewall country blocking to work with IP2Location, replacing MaxMinds GeoLite2.
* Fix: WordPress Export tool blocked when username enumeration block was enabled. Thank you Cuong.
* Fix: Minor warnings in HTML output on Whitelabel tab.
* 125,794 downloads
= 5.83 =
* Fixed wording in the two tests for the Shellshock bug. Thank you Ivan.
* New email template for issues with Outlook email rendering.
* 124,228 downloads
= 5.82 =
* Vulnerability list now also checks WordPress version and shows known vulnerabilities.
* Vulnerability scanner: Improved recommendations and visuals.
* 122,400 downloads
= 5.81 =
* Improved Vulnerabilities module.
* 120,713 downloads
= 5.80 =
* Introducing Vulnerabilities checking for all users. This module keeps an eye on known vulnerable plugins on your site and warns you if there is a potential problem.
* Update dependencies, Monolog 1.25.1 -> 1.25.3 and psr 1.1.0 -> 1.1.2
* 118,744 downloads
= 5.79 =
* Fix - Activation bug. Errors could occur and these would be logged to the database. This would fail if it happens before the tables were actually created. Thank you Cuong.
* Fix - Whitelabel feature created a double plugin listing. Thank you Cuong and Jay.
* 116,049 downloads
= 5.78 =
* Improvements to feature "dangerous files in your root folder" - Easier overview - added checks for more unwanted files
* Better details on privacy and data sharing when you activate plugin.
* Enriched opt-in and license activation forms.
* Updated license and account system Freemius SDK to version 2.3.2
* 114,586 downloads
= 5.77 =
* Fix: Fixes for identifying license.txt and readme.html
* Fix: Identifying correct installed MySQL version when using MariaDB.
* 112,555 downloads
= 5.76 =
* Fix: Security recommendation from X-Content-Type-Options nosniff had wrong code, thank you Yasaf.
* Fix: Whitelabel - Removing the plugin from list of active plugins if name was changed in whitelabel settings.
= 5.75 =
* Fix: Core Scanner - Problem with localized versions of WordPress file detection - Thank you Cuong.
* Fix: Whitelabel - The plugin name showed up in a message if core scans have not been run for a while. Thank you Jay.
* Fix: Whitelabel - Remove plugin name from list of active plugins on "Debug" page. Thank you Jay.
= 5.74 =
* Fixes problem with malware definitions that were picked up as false positives by other security software.
* Cleaning up old unused files that created warnings on some servers.
* Minor styling changes to admin interface.
= 5.73.1 =
* Fix bug with "ghost plugin" when the Whitelabel is enabled. Thank you Cuong.
* Updated Firewall bad query list.
* Firewall - Fixed responsiveness in "Latest Firewall Events".
* Fix malware results list - missing whitelist and delete buttons. Thank you Chris
= 5.72 =
* WordPress 5.3 compatibility
* Security Tests - Added more checks for unwanted files.
* Responsive view on mobile devices look much better. Thank you Cuong.
* Fixed up Debug page - removed never-ending spinner and tweaked output to remove directory sizes. Thank you Cuong.
* Reworked security tests overview to look better and more WordPress-like.
* Fix: Malware Scanner - Error in JS code prevented tests to be completed on some systems. Thank you Cuong and everyone else reporting this bug.
= 5.71 =
* FIX: Removed extra styling some plugin authors just load on all pages, which then messed up this plugin styling.
* FIX: Scheduled Scans failed with Core Scanning enabled, due to recent structure change. Thank you Cuong.
* FIX: The security test for incompatible plugins was not working properly. Thank you Cuong.
* FIX: Debug page not working correctly with Whitelabel enabled - Thank you Cuong.
* Fixed small visual issues - CSS styling.
* Multiple email recipients for reports/alerts - Suggestion by Jose.
* Minor language changes + internationalization work for translators.
= 5.70 =
* NEW: Security test: Check for files often found in root of website. Such as SQL database dump files, phpinfo.php, *.bak files etc.
* FIX: Malware Scanner download latest definitions.
* 99,638 downloads
= 5.69 =
* New: Added Debug page.
* Security Tests: Removed Wordfence warning - No longer needed.
* Core Scanner: Fixed problem with local WP versions not being found - Thank you Yodana 🙂
* Updated language files.
* Fix: "Your IP address is" in admin showed wrong IP.
* 98,226 downloads
= 5.68 =
* Fix: Visual bug on some tabs.
* Fix: The Firewall and Cloudflare did not play well together. Thanks Chandra, Atley and Yasaf 🙂
* New: Firewall - Automatically whitelists any new IP from where an admin is logged in.
* Fix: Events IP were sometimes not logged properly, now uses same code as Firewall module.
* 97,382 downloads
= 5.67 =
* Rearranged interface, made more space for new features coming up 😉
* NEW: Firewall - Turn cloud firewall on/off
* Fix: Core Scanner - Fixed unknown error popup and improved error messages for easier debugging.
* Fix: Core Scanner - Fix error where checksums for a particular locale was not available by WordPress.
* Fix: Firewall - Fixed too agressive blocking - IP blocking routines.
* Fix: Firewall - Better visitor logging. Some visits were not registered in the log.
* Cleaned up JS code.
* 96,366 downloads
= 5.66 =
* Fix: Minor language and CSS styling changes.
* Fix: Pro - Malware scan sometimes got stuck.
* 94,923 downloads
= 5.65 =
* New: Check for Content Security Policy header. It can be tricky to configure this one, read instructions carefully.
* Improved suggestions for some of the security headers.
* Minor adjustment to interface, preparing for upcoming WordPress 5.3 admin style changes.
* New: Firewall - You can now manually blacklist IPs!
* New: Firewall - Country name alt tag when hovering over a flag.
* New: Firewall - Added Latest visitors log.
* New: Firewall - Blocked requests and whitelisted visitors are easily visible in the visitor log.
* New: Firewall - Made all stat sections collapsible on firewall page = less crowded interface.
* New: Whitelabel - Change Plugin name, description, the author name and URL as well as the the menu icon.
* Fix: Hides Whitelabel tab when Whitelabel enabled.
* Minor improvements to whitelabel options.
* Minor improvements to API integration.
* 93,450 downloads
= 5.64 =
* Fix: Not automatically updating all databases and files when updating.
* Fix: PHP notices - Undefined index - Thank you Ivar 🙂
* Fix: Removed debug error_log() notices in code.
* Fix: Suspicious request details were not added to the log.
* Whitelabel tab added.
* 91,578 downloads
= 5.63 =
* WordPress Multisite compatible.
* Tested WP 5.2.4 compatible.
* NEW: Checks for Strict Transport Security (HSTS) security header.
* NEW: Checks for security header "X-XSS-Protection".
* NEW: Checks for security header "X-Frame-Options".
* NEW: Checks for security header "X-Content-Type-Options".
* Fix problem with .htaccess code for blocking username enumeration. Thank you David 🙂
* Fix problem clicking arrow in results list opened and then closed the result details. Thank you Thomas 🙂
* Added more inline help on Core Scanner page.
* Updated 3rd party library - Freemius SDK to 2.3.1
* More details shown for blocked suspicious requests.
* 89,418 downloads
= 5.62 =
* Security Tests - Added check for if license.txt exists.
* Auto Fix - Remove license.txt if exists.
* Firewall - Added direct link to VirusTotal details lookup for IPs. Thank you Jose.
* Event Log - Rotating syslog can now be set to 7 or 30 days. Thank you Jose.
* 86,242 downloads
= 5.61 =
* Security Tests - Reworked the way the scan works - See which tests are being made.
* Security Tests - Added timer showing the progress.
* Security Tests - Added error notices in case a test causes problems with the scans.
* Event Logger - Improved syslog integration, get detailed event logging for use with Splunk or other Security information and event management (SIEM) systems.
* Whitelabel still in beta - Improvements - hiding plugin from list - Thanks Jay.
* Scheduled Scanner - Fixes "Unknown Error" and e-mails now include details about what changed - Thank you Thomas 🙂
* 84,143 downloads
= 5.60 =
* BUGFIX: Getting country ISO code could end up in PHP Error "Call to undefined function" - Thank you Thomas 🙂
* Beta: Event logging to rotating 7-day syslog files in wp-content/uploads/security-ninja/logs/ - Thank you Jose 🙂
* 81,876 downloads
= 5.59 =
* This update introduces a couple of improvements to the security tests and a couple of minor fixes.
* Thank you all for bug reports and suggestions! Check out the public roadmap here: https://trello.com/b/6qxtAlzY/wp-security-ninja-public-roadmap
* FIX: Security Testing - Fixed bug in detecting EditURI XML-RPC is disabled. Thank you Thomas 🙂
* FIX: Security Testing - Autofixer now properly blocks EditURI and also access to
* FIX: Core Scanner: Fix false positive with renamed install.php and upgrade.php
* Security Testing - Changed suggestion for readme.html, install.php and upgrade.php
* Improvement: Security Testing - Auto Fixer - Delete install.php and upgrade.php instead of renaming.
* Updated browser detection routines - Thanks Jay 🙂
* Malware Scanner - Improved the core WP checksum scanning.
* Whitelabel feature now in beta testing 🙂
* 80,553 downloads
= 5.58 =
* Warning if running Security Scans with less than PHP 7
* Fixed some options not getting deleted when deleting plugin.
* 78,396 downloads
v. 5.57 - 2019/09/12
* Added warning for potential conflict with Anti-Spam by CleanTalk. Thank you, Courtney, for the report.
* Bugfix - Tests not always loading properly with different user capacities.
* Readme update - added video and more tests.
* 76,958 downloads
v. 5.56 - 2019/09/10
* Bugfix - Security tests not working properly in some environments.
* Added instructions for fixing "Check if the REST API links are shown in code".
* 75,392 downloads
v. 5.55 - 2019/09/08
* Cleaned up plugin code.
* Added more strings for translators.
* 73,947 downloads
v. 5.54 - 2019/09/06
* Fix - Security tests popups with details not working.
* NEW: Added test if REST API links are visible in the header.
* 72,766 downloads
v. 5.53 - 2019/09/05
* Tested with WP 5.2.3.
* Attempted a fix for loading JS code when other plugins have faulty code. Thank you, Vanessa.
* Removed noticed regarding Security Ninja Pro, not on official wordpress.org repository. Thank you, Ivar.
* Removed script, jQuery.ScrollTo - not used anymore.
* Cleaned up JS code.
* 71,672 downloads
v. 5.52 - 2019/08/29
* Fix - Admin notices could sometimes break internal admin pages from showing correctly.
* Removed language files from the plugin.
* 69,202 downloads
v. 5.51 - 2019/08/27
* Minor language updates and small bugfixes.
* 67,868 downloads
v 5.50 - 2019/08/23
* Major rewrite and a lot of new features added.
* Started making plugin translatable.
* Malware Scanner - Plugin integrity checker is more accurate and reports fewer false positives.
* Bumped version from 2.x to 5.50 - Aligning free and pro version numbers.
* More userfriendly for new users with tips in the admin interface.
* More inline help on relevant pages.
* New: Getting started tips - Notices that inform you of next steps.
* Malware: Updated whitelists
* Fixes problem with databases not created properly.
* New cached JSON folders are removed on deactivation
* NEW: Plugin Integrity check - validate installed plugins against wordpress.org API.
* Moved WordFence warning to "Security Tests" tab only.
* Nicer emails in "Your secret access link"
* Improved: Emails sent by Scheduled Scanner is much nicer looking and more informative.
* Better logging blocked login attempts.
* Firewall - New: Top countries. See which countries are bringing the most traffic.
* Fix for database tables not always being created when updating from Free to Pro.
* Firewall - fixed empty results showing up.
* More details on why a visitor is blocked in the log.
* New: Malware Scanner - View whitelisted files.
* New: Core Scanner - Detects unknown files in core folders.
* New: Core Scanner - Find leftover files from older WordPress installations.
* New: Core Scanner - Delete unwanted files individually or all unknown files.
* New: Firewall - Country blocking, useful if you get a lot of bad traffic from specific countries.
* New: Firewall - Top visitors log kept for the last 30 days. Discover top visitors and use to decide on which IPs or countries to block.
* New: Firewall - Logging individual visits per IP
* New: Firewall - Suspicious requests are blocked - based on the great <a href="https://wordpress.org/plugins/block-bad-queries/" target="_blank">BBQ: Block Bad Queries</a> by Jeff Starr.
* New: Firewall - Redirect blocked visitors - You can show a message or redirect blocked visitors to another website.
* Design overhaul to get closer to WP look and feel.
* Updated 3rd party libraries, Select2
* 66,070 downloads
v5.42 - 2019-02-22
- Fixed inactive themes count includes child theme
v5.41 - 2019-01-22
- Improved schedule scans email notifications
v5.40 - 2019-01-22
- Minor bug fixes
v5.39 - 2018-10-15
- fixed issue interpreting MariaDB version
v5.38 - 2018-07-18
- bugfix in Cloud Firewall
v5.37 - 2018-07-06
- bugfix in Events Logger
v5.36 - 2018-06-17
- bugfix in Events Logger
v5.35 - 2018-06-17
- IP ban test in Cloud Firewall
- new test and fix: usernames enumeration
v5.30 - 2018-04-06
- new module - Cloud Firewall
v5.20 - 2017-12-07
- new module - Database Optimizer
v5.15 - 2017-04-09
- new module - Auto Fixer
- added new tests
- bug fixes
v5.0 - 2016-10-12
- the first release of PRO version
- all modules updated and optimised
- basic and PRO versions now have separate codebases