Changelog for Security Ninja
= 5.209 =
* Improved 2FA setup and verification process.
* Fix: Resolved an issue where the 2FA setup wizard was not displayed for some users.
* Updated IP2Location package to 9.7.3 to fix an issue with country detection.
* Fix: Issue with country detection in the visitor log module - wrong flag used in some cases.
* Enhanced send_webhook_event function for better reliability and security.
* Enhanced: Vulnerability scanner now displays when each vulnerability list was last updated.
* Fix: Resolved an issue with saving country settings on some sites.
* Improved 'PHP Headers' security test for better accuracy and reliability. Thank you Stefan.
* Enhanced error handling and sensitive information detection in server responses.
= 5.208 =
* General: Added and updated PHPDoc comments for better code documentation and consistency.
* General: Refactored white labeling functionality for improved performance and maintainability.
* General: Optimized code organization, readability, and adherence to WordPress coding standards.
* General: Enhanced internationalization and output escaping for user-facing strings.
* General: Added a mechanism to prevent error pages from being cached by defining the DONOTCACHEPAGE constant. Thank you Björn.
* Security: Strengthened nonce verification in AJAX calls.
* Security: Enhanced SQL injection prevention in visitor log queries.
* Security: Added validation to prevent banning of private or reserved IP addresses.
* Security: Implemented a 5MB file size limit and directory traversal prevention in the File Viewer module.
* Security: Restricted viewable file types to a predefined whitelist.
* 2FA: Improved error handling and logging.
* 2FA: Addressed potential issues in 2FA setup and verification process.
* Core Scanner: Improved input sanitization for file deletion functionality.
* Core Scanner: Enhanced error handling, logging, and security checks.
* Core Scanner: Refined error messages for more useful debugging information.
* File Viewer: Limited file content display to 10,000 lines to prevent excessive memory usage.
* File Viewer: Updated path handling for better security and performance.
* File Viewer: Fixed potential vulnerabilities in file path handling and content rendering.
* Code Quality: Refactored methods to use prepared statements consistently.
* Code Quality: Improved static caching for better performance.
* Code Quality: Implemented proper escaping when outputting dynamic values.
* Code Quality: Added constants for frequently used values.
* UI: Updated warning message and button text in the setup wizard.
* Tested: Confirmed compatibility with WordPress 6.6.2.
* Enhanced security and code quality in secnin-wizard.js
= 5.207 =
* Fixed issue with White label feature warning in vulnerability module.
= 5.206 =
* A linebreak too much in the test descriptions allowed some text to show up in the footer of the plugin.
= 5.205 =
* Fixed bug not able to storing CIDR ranges.
* Improved IP and CIDR validation logic to correctly handle both IPv4 and IPv6 addresses, including CIDR ranges.
* Improved language translation strings for making more of the plugin translated.
= 5.204 =
* Fixed an issue in the Scheduled Scanner where email reports always indicated changes, even when none occurred. The reports now accurately reflect individual test changes.
* Enhanced core scanner functionality for better performance and accuracy.
* Improved security tests to provide more detailed results and clearer error messages.
* Optimized internal code to reduce impact and improve efficiency. This is part of ongoing improvements.
* Made minor adjustments to the file viewer for a smoother user experience.
= 5.203 =
* Fix: Resolved an issue that caused theme tests to fail for some users, ensuring smoother theme compatibility checks.
= 5.202 =
* New: Introduced a file viewer for both the Core Scanner and Malware Scanner, enhancing the plugin's security auditing capabilities.
* Fix: Resolved installation and activation errors, including the missing 'bl_ips' table. Special thanks to Josh and others for reporting this issue.
* Update: Upgraded to Freemius 2.7.4.
= 5.201 =
* Tests: Updated MySQL recommendation to align with the latest WordPress minimum requirements. Thanks to Kittipot for the contribution.
* White Label Instructions: Enhanced the white label instructions for better clarity and ease of use.
* Compatibility: Tested and confirmed compatibility up to WordPress version 6.6.1.
* Added more details to the scheduled scanner tab to correctly show the next time the scans are scheduled.
* Changes to the scheduled scanner email sending logic, emails should be sending more accurately now.
* 2FA: Enabling 2FA no longer starts the setup process immediately.
= 5.200 =
* Updated wp-config.php file permissions test.
* Updated and tested with WP 6.6.
* Updated language files.
* Fixes for 2FA issues.
= 5.199 =
* Fix in malware scanner whitelist, thank you Christian.
* Fix tests results that gave wrong response to tests results and automatic fixing.
= 5.198 =
* Fixed a minor PHP notice triggered by the test for potential sensitive information leaks in headers. Special thanks to Koichi for reporting this issue.
* Fixed a problem with the security headers test on some websites.
= 5.197 =
* Fix for White label not hiding on some specific configurations, thank you Michael.
* Fix for saving blacklist IPs under firewall on some systems.
* Fix for detecing TimThumb - the test was giving false positives even on modern themes such as WP Astra. Thank you everyone reporting this issue.
= 5.196 =
* Improved responses from security tests to include more details.
* Enhanced handling of HTTP security headers including `Content-Security-Policy`, `Content-Security-Policy-Report-Only`, `Strict-Transport-Security`, `Referrer-Policy`, and `Permissions-Policy` to support case-insensitive checks and identification of duplicate headers. Thank you Marcel.
* Enhanced error diagnostics in messages for failed tests to pinpoint the cause of failure more accurately.
* Improved function that reverts whitelisted files.
* Improved functionality that shows any results from the malware scanner.
= 5.195 =
* Improved 2FA business logic. Special thanks to all users for their valuable feedback and suggestions.
* Resolved an issue where the scheduled scanner was not running properly on some systems.
* Scheduled Scanner: Added the ability to send reports to multiple email recipients. Separate email addresses with a comma.
* Fixed the autofixer to correctly change the datatable prefix for your site. Thanks, Anthony!
= 5.194 =
* Regression fixes from issues in 5.192 + version bump to 5.194
= 5.192 =
* Enhancement: Added more details to security test reports and fixed minor issues.
* Enhancement: Improved the vulnerability scanner's automatic update function to download new vulnerabilities on schedule when upgrading to the premium version.
* Update: Enhanced the email notification system to send more reliable warnings when vulnerabilities are detected.
* Improvement: Added extra checks to better detect and prevent spam registrations.
* Bugfix: Fixed issue with firewall settings not saving properly on some new installations.
* Improvement: Adjusted the firewall to block fewer requests for certain phrases. Thanks, Kamran.
* Enhancement: Improved the `php_headers` function to check for sensitive server headers like `x-powered-by` and `x-debug-token`.
* Update: Enhanced `php_headers` test to check not just for the presence of headers, but also for leaked information. Now, if the 'Server' header exists without detailed information, the test passes.
* Update: Added internationalization for error and status messages using the 'security-ninja' language domain.
* Update: Modified whitelisted plugin files.
* Bugfix: Made minor fixes to the 2FA logic to correctly handle redirects after verifying the code.
= 5.191 =
* Tested up to WordPress 6.5.4
* Enhanced crawler validation function now supports additional crawlers including Ahrefs, Microsoft, DuckDuckGo, Facebook, Apple, Yandex, Huawei, Common Crawl, Semrush, Swiftype, and Sogou.
* Introducing 2FA (Two-Factor Authentication) in beta! Test it out before deploying to all users.
* Improved handling of locally banned IPs, enhancing plugin stability and performance.
* WPMUDEV service IPs now automatically whitelisted for smoother integration.
* Uptimia service now available for whitelisting IPs.
* Resolved issue with remove 'Server' header functionality that failed on some installations. Note: Some webhosts overwrites the output.
= 5.190 =
* New: Added MainwP integration for White label. Remote control your white label settings.
= 5.189 =
* Enhancement: Improved automatic removal of unwanted files, including common backup and development files, as well as files matching specific patterns like `deleteme.wp*.php`. For more details, visit: https://wpsecurityninja.com/docs/security-fixes/remove-unwanted-files/
* Enhancement: Added names of readme HTML files in various languages to the list of unwanted files.
* Enhancement: Improved malware scanner with detailed information about validated plugins from the public repository.
* Enhancement: Updated malware scanner page to align with the styling of the rest of the plugin and WordPress.
* Bug Fix: Fixes to the email sending part of the vulnerability module.
* Bug Fix: Resolved a JS issue in the event logger module.
* Bug Fix: Fixed a cron job issue that could cause automatic removal of unwanted files to fail in certain situations.
= 5.188 =
* Improvement: Reworked the dashboard widget overview.
* Improvement: Cleaned unused code and refactored functions to improve speed.
* Enhancement: Improved the feature to automatically remove unwanted files, including common backup and development files, as well as files matching specific patterns like `deleteme.wp*.php`. https://wpsecurityninja.com/docs/security-fixes/remove-unwanted-files/
= 5.187 =
* Improvement: Stopped logging changes to posts without a title to avoid cluttering logs with irrelevant data.
* Fix: Resolved an issue where the "Update Database Tables" button was not functioning correctly.
* Improvement: If there is an error loading the events there is now a more helpful error message shown with more details that can help debug what is going on. Before there was a popup you had to click to continue.
= 5.186 =
* Fix: Scheduled Scanner not working properly in some configurations and did not execute the scheduled scans. Optimized the module to load faster and refactored part of the module.
* Improved visitor checking, fixing an issue with blocked IPs still attempting logins. Thank you Shaun.
= 5.185 =
* Fix: Resolved an issue where the white label feature did not consistently rename the plugin in all locations when a new name was entered in the settings.
* Fix: Addressed a problem with the white label feature where a blank image was displayed if no new image URL was provided. The image is now entirely removed in the absence of a suitable alternative.
* Fix: Corrected events tracking issues related to WooCommerce actions.
= 5.184 =
* Improved cloud firewall IP detection - made the firewall faster.
* Improved Events log - Among other only show details button if there are any details and to the way the time is presented.
* Updated: collizo4sky/persist-admin-notices-dismissal from 1.4.4 to 1.4.5
* Updated: phpseclib/bcmath_compat from 1.0.7 to 1.0.8
= 5.183 =
* **Enhanced Multisite Compatibility**: Corrected the counting of network activated plugins. Special thanks to Tom for identifying this issue.
* **Image Size Fix**: Resolved an issue with the maximum image size when white label settings are enabled. Thanks to Aldin for pointing this out.
* **Firewall Updates**: Introduced whitelisting for known services such as ManageWP and WP Rocket, now featuring easy one-click whitelisting.
* **UI Enhancements**: Added country flags to the visitor log and events pages for improved user experience and visual identification.
= 5.182 =
* New: Events logger can now be deactivated; default is off.
* Fix: Resolved PHP warnings in Scheduled Scanner by properly initializing default options.
* Fix: "Add-ons" now hidden when white label feature is active. Thanks to Mr. 3 for the feedback.
* Update: Changed the default warning message to "Warning: Multiple failed login attempts will result in a temporary lockout." Thanks to Anthony for the suggestion.
* Adjustment: Modified firewall settings to reduce false blocks on login attempts. Thanks to Simon for the input.
* Documentation: Updated instructions on how to customize or disable firewall filters. Details at https://wpsecurityninja.com/docs/firewall/customizing-firewall-filter-rules/
= 5.181 =
* Added more details to blocked requests, eg. request_uri to help pinpoint patterns or methods. Thank you Bill.
* Fixed an issue where white label feature was not available for some users. (Feature is for 20 or more site licenses).
= 5.180 =
* Resolved a problem with IP blocking that allowed repeated login attempts to go unchecked.
= 5.179 =
* Fixed problem where the license.txt and readme.html file was not automatically removed even if featured turned on. Thank you Ismael.
* Merged 4 tests for unwanted files, eg readme.html and license text to the "unwanted files" test.
* Added fix regarding removing PHP server info - Thank you Brian.
* Fixed Whitelabel issue where several test descriptions included the plugin name. Thank you Mr.3
* Hiding the newsletter signup box for customers.
= 5.178 =
* Added our first addon - MainWP
= 5.177 =
* Improvement for the White Label feature - Setting a maxiumum size if using SVG as an icon. Thank you Daniel.
* Improvement to the security headers interface - removed redundant text.
* Fix: Content-Security-Policy header did not load properly on some sites.
* Improvement to the white label module.
= 5.176 =
* Fix for a PHP warning in the vulnerability module if no vulnerabilites were found, thank you Stéphane.
* Fix for country selection "No results found".
* Updated 3rd party libraries
= 5.175 =
* Fix for where vulnerable theme version numbers would incorrectly match, eg. '6.4' would not be considered the same as '6.4.0' - Thank you @tischtennis
* Added "Select All" and "Select None" for the country selection. Thank you comoweb.
* Fix: Duplicate define() definitions in wp-config.php, Thank you Stéphane.
= 5.174 =
* Fix: Problem saving the "Email report" setting in the Scheduled Scanner. Thank you Pawel.
* Improved the Content Security Policy recommended header settings. Thank you Jeff for the suggestion.
* Fix: Country blocking would not properly identify some IPs. Thank you DJ for reporting.
= 5.173 =
* Streamlined performance by eliminating unused dependencies such as the phpuseragentparser library.
* Boosted loading speed through the optimization of redundant timing functions.
* Verified compatibility with WordPress 6.5.
* Introducing: A new filter 'securityninja_ignored_file_extensions' for enhanced customization.
* Improved Scheduled Scanner interface and functionality.
* Bug Fix: Resolved an issue with the Scheduled Scanner interface, special thanks to Pawel for reporting.
* Bug Fix: Addressed a concern where Webhooks continued to send data despite being disabled. Once enabled, the system would persist in sending data.
* Bug Fix: Users can now access posts even when "disable username enumeration" restricts frontend access while allowing backend accessibility.
* Bug Fix: Scheduled Scanner settings not saving properly. Thank you Pawel.
* Pro: Updated firewall rules to ensure enhanced protection.
* Pro: Rectified a warning message within the rename login module. Thank you Dorel.
* Updated to Freemius 2.7.0
= 5.172 =
* Fix error showing up on some installations after removing the X-XSS-Protection header. Thank you Franz.
= 5.171 =
* Optimized by removing redundant code, enhancing overall plugin performance.
* Streamlined database interactions, significantly reducing the number of calls for faster operations.
* Discontinued the use of the "X-XSS-Protection" header. Modern browsers have deprecated this feature due to advanced built-in XSS protections, eliminating false security assumptions and potential compatibility issues. Special thanks to Ivan for the recommendation.
* Enhanced Webhook Features: Fixed PHP warnings related to the recent webhook integration, ensuring smoother operation.
* Improved webhook logic for more efficient logging and faster webhook processing.
* Export Functionality Bugfix: Addressed and corrected an issue where some users experienced errors during data export.
* Security Enhancement: Introduced two new actions for improved security logging, specifically targeting attempts to access renamed login URLs: 'attempted_access_to_wp_admin_url' and 'attempted_access_to_wplogin_php'.
= 5.170 =
* Update 3rd party libraries
* Language files updated.
* New: Introducing Webhook functionality (Pro users). Send selected events to a webhook URL. Works great with Zapier.
* Fix for reactivating plugin with empty firewall settings. This could cause a PHP Fatal Error warning.
* Improvement to the Events logger settings page.
= 5.169 =
* Fixed: Resolved an issue where the installation date display error occurred if the initial date saving process was unsuccessful. Special thanks to Alberto for highlighting this.
= 5.168 =
* Enhancement: Now meticulously tracking each user's last login moment without depending on previously stored session data. Thank you Kittipot.
* Improvement: Streamlined events log by retaining only IP addresses and User Agent details for logged-in users.
* Fix: Sometimes not saving firewall settings properly. Thank you Ben.
* Fix: Removed - Some unnecessary JavaScript was loaded outside of the plugin admin pages. Thank you Lars.
* Update Freemius SDK to 2.6.2
* Added IP in sidebar for firewall events.
= 5.167 =
* Fix for the "Check if REST API is enabled". Thank you Dorel.
= 5.166 =
* Improved MainWP integration for MainWP users.
* Improved integration with SN Vulnerability API server - GZ compression.
* Improved "Remove unwanted files" fix to look for and delete even more files.
* Fix for exporting - Thank you Dorel.
* Fix for "Username enumeration" test - Thank you Dorel.
* Added 10+ knowledgebase articles on https://wpsecurityninja.com/docs/
* Updated 3rd party libraries.
= 5.165 =
* Update the events log pruning routines.
* Code cleanup
= 5.164 =
* FIX: Clicking "Details" button in the events log. Now you can see all details properly. Thank you Tom.
= 5.163 =
* Fix for 'undefined array' - related to the newly introduced feature where you can change the login error message. Thank you Tom.
* Fix for emails sent out by vulnerability module even if you had no vulnerabilites.
= 5.162 =
* Fix for compatibility with "Stop Spammers Security | Block Spam Users, Comments, Forms" - Thank you @bobf000.
= 5.161 =
* Fix - Vulnerability folder creation bug on some installations. Result was that some users could not download vulnerabilities first time the function ran.
* New: Change the message shown to users when they fail to log in. Default "Something went wrong"
= 5.160 =
* Major Update with many improvements
* New Feature: Users page - Show last time a user logged in. Help identify inactive users. Go to "Users" and check the added column "Last Login".
* New: Added inline HelpScout beacon help for free users.
* Improvement: Better email warnings with more details for any detected vulnerabilites.
* Improvement: The plugin longer stores vulnerabilites in database, saves to a local file instead. This lowers the memory usage and overall speed.
* Improvement: The events log now loads after pageload, and makes searching the log much easier and faster.
* FIX: Upgrade from free to premium error - Fatal error "Cannot redeclare"
* Improvement: Added details in sidebar for firewall activities.
* WordPress 6.3.2 compatibility.
* Improvement: Trimming backup folder /sn-backups/ monthly to keep only latest 15 backups.
* Fix: Some autofixes not working correctly.
* Fix: Missing help beacon for some users. Also, we just added over 100+ articles to the inline help.
* Updated 3rd party libraries.
= 5.159 =
* Fix: "Check if Application Passwords are enabled" gave warning eventhough function was disabled. Thank you @tischtennis
= 5.158 =
* More details for debugging API connection issues.
* Visitor log visual updates.
* Updated Freemius SDK to 2.5.7
= 5.157.1 =
* Hotfix for referencing a wrong class name after moving to PHP namespaces in 5.157
= 5.157 =
* Speed: Plugin options are no longer autoloaded. Older users might notice an improvement in website speed - Thank you Parag.
* Fix: When deleting an unwanted file via Core Scanner, the message reported an error even when file was successfully deleted.
* Fix: Malware scan could fail due to unexpected output in JavaScript.
* Improved visual layout problem in Events Logger.
* Improved visual layout in the visitor log
* General code improvements and cleaning.
* Worked on PHP 8.2 compatibility - almost complete.
= 5.156 =
* Checked WP 6.2 compatibility
* Updated Freemius SDK to 2.5.6
= 5.155 =
* NEW: Added details about blocked visitors on dashboard widget.
* FIX: Notice that detected low memory incorrectly on systems with no limit memory setting (-1)
* FIX: Warning notices regarding undefined array keys in the event logger. Thank you Jean-Claude 🙂
= 5.154 =
* FIX: PHP warning the first time the settings in the vulnerabilites module was updated.
* Updated the "Application Passwords" test to include info on how to disable the feature. Thank you @lsbk 🙂
* New: More details in email report, user IP and improved layout. Thank you Kevin for the suggestion.
* New: You can now email events log reports to more than one recipient. Thank you Kevin.
= 5.153 =
* FIX: The two Shellshock tests would fail on some servers. Thank you Jeroen and Oliver.
* FIX: A bug in the visitor log details when there is a lot of info to display.
* FIX: The "Enable background plugin updates" notice was shown everywhere. Thank you Ian for pointing out.
* Enable background plugin updates notice is now hidden forever when dismissed.
* Change default time to store visitors to 7 days (much better for big sites with a lot of traffic)
* Fix bug with unexpected results for tests to show up.
* FIX: Remove unused code for plugins not updated for a while. Thank you.
* "Outdated plugins" module completely removed for now to be reworked.
* FIX: Scheduled Scanner tests with Core Scanner sometimes failed. Error found and fixed.
* Updated language files for translators, thank you 🙂
= 5.152 =
* Fix for not cleaning up old files when downloading vulnerable plugin list. Thank you @michaing.
* Fix for visitor log not working properly on some installations. Thank you Jean-Claude.
* Fix for bug in events logger related to comments. Thank you Thomas.
* Fix for descriptions not showing properly for some vulnerabilites.
- Upgrading phpseclib/phpseclib (2.0.40 => 2.0.41)
* Language files updated.
= 5.151 =
* New: Updated visitor log styling and the log now filters out requests not relevant to show, eg. favicon.ico
You can also filter additional requests by using the new filter documented here:
<a href="https://wpsecurityninja.com/docs/filters-hooks/filter-securityninja_visitorlog_filter_url/">Filter visitor log URLs in Security Ninja</a>
* Fix: Problems reported with blocking regular visitors.
= 5.150 =
* WP 6.1.1 compatibility.
* Improved visitor log visuals and logging.
* Updated language files. Volounteer translators are translating the plugin and making it easier to use in Bulgarian, German, Spanish (Colombia), Spanish (Ecuador), Spanish (Spain), Spanish (Venezuela). Thank you translators 🙂
* New: Remove settings when deactivating. Now you can choose if the plugin database and settings should be removed when deactivating the plugin. Per default this is not enabled to help with debugging. Thank you Thomas 🙂
= 5.149 =
* WP 6.1 compatibility.
= 5.148 =
* Prettified the interface
* Minor improvements to translated strings. Language files updated.
* Added more events from WooCommerce to the Events Logger - more detailed activity.
= 5.147 =
* Fix: PHP notice on some installations showing update status notification.
* Fix: IP Range CIDR matching - improved matching of IP ranges.
* Improve memory usage and reduce unnecessary details and options that load automatically = Faster plugin.
* Update Freemius SDK to 2.4.5
= 5.146 =
* FIX: Firewall blocked exports - Thank you Kevin 🙂
* FIX: Restore upgrade.php on sites where missing.
= 5.145 =
* Improved MainWP integration with Secret Access URL.
= 5.144 =
* Fix: PHP error on some installs - Thank you @fakkel and @computerbuddha.
* New: Expand all details for security tests. Thank you Alauddin.
* Fix: Typo in warning messages.
= 5.143 =
* Improve vulnerabilities interface and text.
* New: Detected vulnerabilities list update when website
finishes update routines.
* Fix: PHP notice on tests page.
* Fix: PHP notice on vulnerabilities page.
* Fix: Whitelabel - missing name replacements several places. Thank you Jay.
* Fix: PHP pruning visitor log in some cases.
* Fix: Plugin name was showing up even if whitelabel feature enabled. Thank you Jay.
* Fix: Not detecting themes properly.
* Compatibility check with WordPress 6.0
* Updated language files.
= 5.142 =
* Fix: PHP notice when amount of vulnerabilities change.
* Fix: Error if multiple Strict-Transport-Security headers are used - Thank you Jay.
* Fix: PHP notice in auto-fixer module, thank you Jay.
* Fix: When renaming the login URL the default page now returns 404. Thank you Alauddin.
= 5.141 =
* New: Filter for whitelisting custom files and folder for malware scanner. https://wpsecurityninja.com/docs/filters-hooks/securityninja_whitelist/
* Wizard: Auto update plugin enabled per default.
* The autofix is back and improved - Easy fixes for many of the security tests.
* Fix for the "Remove unnecessary themes". Thank you Jay.
* Fix whitelisting folders and files in malware scanner
* Fix for Russian language websites. Opt-in dialogue failed. Thank you Mikhail 🙂
5.140
- Improved MainWP integration.
- Improved auto-updates integration.
- Fix: Logging database tables sometimes not created before plugin tried to log something.
5.139
- NEW - Notice to easily enable automatic background updates.
- Wizard - automatically sends email with unblock URL to administrator currently logged in.
- FIX - PHP Notice missing database table when deactivating and reactivating.
- Updated the description of the Content Security Policy, thank you Reza.
- Code preparation for integration with MainWP! 😀
- Cleanup JS code.
5.138
- Improved test "Check if automatic WordPress core updates are enabled." with better explanation - thank you Reza.
- Removed clutter in interface.
- Fixed potential bug in installation script.
- Updated firewall with new rules.
- Tested up to WP 5.9.2
5.137
- Removed events logger step from wizard - it is automatically enabled.
- Improved the Wizard layout and process.
- Fix bug in event log, thank you Eelco.
5.136
- Security Tests – Improved layout changes, “Details” link moved.
- Security Tests – Fixed the test for unnecessary themes. Thank you Jay
- Fix – Opt in reset link.
- Visitor Log: Rearrange details for each request, easier to get an overview.
- Event logging is always on, helps detect patterns, eg. failed logins and repeated attacks spread over longer periods of time.
- Retired old database optimizer module.
- Removed syslog feature from events module.
- Cleanup old code.
- Minor improvements to event logger page styling.
5.135
- Core Scanner - Now with "Delete all" button.
- Security fix.
5.134
- Rename login - when activated shows same message as set in the settings for blocked pages.
- Fix - Firewall rename login module was deactivated in settings.
- Fix - First time activation goes to main page.
5.133
- Fix for empty table name when updating.
- Code tightening and 3rd party library updates.
- Tested WP 5.9.1
5.132
- Disable "Rename login URL" feature when the firewall module is disabled. Thank you Alauddin.
- Updated IP detection functionality - fix for firewall issues.
5.131
- Fix for firewall - thank you Barry 🙂
5.130
- Fixes to firewall issues reported on some websites. Sorry to those affected.
- Pro: New feature, automatically remove unwanted files - Enable on Fixes page.
- Pro: Improved event logging detecting user in some cases.
- Pro: Fixed problem loading the wizard on some websites.
- Pro: More details in "Event logger" - see raw data for more events.
5.129
- Improved test interface, less clicks needed.
Pro: New feature, enforce secure cookies on your website. Easy 1-click fix.
Improved PHP 8 compatibility
Updated 3rd party libraries.
Tested up to WP 5.9
5.126
- NEW - Rename login. Hide your login page from automated scripts.
- NEW - Core Scanner now runs automatically every day. No need to manually scan the core WordPress files. This now happens automatically for you 🙂
- NEW - Added applebot.apple.com to verifyable crawlers.
- NEW - Whitelisting IPs for WP Rocket and Broken Link Checker services.
- Updated 3rd party libraries.
- Tested up to WP 5.8.2
5.124
- FIX - Made the notice about updated vulnerability list dismissable.
- FIX - Minor bug in test if Admin SSL is enforced - Thank you Christopher.
- FIX - Updated malware scanner to fix false positive - Thank you Benjamin.
- NEW - Added petalsearch.com to list of validated crawlers - Thank you Thomas.
- Language files updated.
= 5.123 =
* 2021/08/31
* NEW: Improved firewall with better search engine crawler detection - Thank you Thomas.
* FIX: Missing details when logging a failed login - Thank you Eric.
= 5.122 =
* 2021/07/23
* Fix - High memory usage when activating plugin - getting vulnerabilities could stop activating the plugin. Thank you Patrick for the help locating this!
* Fix - Internal links
* Fix - Wizard CSS layout was not properly loading
= 5.121 =
* 2021/07/23
* Fix: Vulnerabilities - Small display error when showing how many vulnerabilities added in last update.
* Fix: Vulnerabilities - Memory issue converting data on some servers, thank you John.
* Improved visitor logging, faster code.
= 5.120 =
* 2021/07/14
* New: Get email warning if any vulnerabilities are detected on your website!
* Fix: Some visits were not properly logged, thank you Thomas, John and others for reporting.
* New: Improved reporting of blocked IPs -> Faster plugin 🙂
* New: Our global IP network of blocked IPs is now out of beta -> More protection for your website.
* New: Notice shows new vulnerabilities added since last update.
* Improved the visitor log -> Only updates when the browser window is in focus, less work for your server.
* Updated language files. Thanks to all the translators for their hard work! 🙂
= 5.119 =
* 2021/05/20
* Tested up to WP 5.7.2
* Minor PHP fixes.
* Updated language file.
* New - Visitor log with live updates (Pro)
* Improve IP reporting network functionality (Pro)
* Improve firewall rules (Pro)
* Fix - PHP notice regarding wizard (Pro)
* Fix - Removed visitor logs on Firewall tab (Pro)
* Fix - Firewall visitor log mistakenly reported administrators as blocked, eventhough they were not (Pro)
* Fix - Visitor log not including WP_AJAX requests (Pro)
* Fix - Visitor log not including cron jobs.
= 5.118 =
* 2021/04/29
* New - Pointer introduction for new users!
* Fix Welcome page layout and improved styling
= 5.117 =
* 2021/04/28
* Fix minor issue in malware scanner
* Fix persistent error in WC logging.
= 5.116 =
* 2021/04/27
* Fix - Event logging not working properly on some WooCommerce shops.
= 5.115 =
* 2021/04/23
* Fix - Downloading vulnerability list showed error notification on some website configurations.
* Fix - Properly overwrite settings in wp-config.php
* Fix - General cleanup of code.
* Tested up to WP 5.7
* New - PRO: Added basic WooCommerce tracking to Events Logger.
* PRO: Feature-Policy has been deprecated, it has been renamed to Permissions-Policy. Currently both headers are used temporarily.
* Updated 3rd party libraries.
* Fix problem on some systems - error when activating firewall - "Undocumented error. Page will automatically reload. Reworked code.
* Fixed notice in welcome module when deactivating plugin. Thank you Ebrahim.
* Whitelabel now available for 20+ site licenses.
* Languages available: Bulgarian, English (US), Spanish (Ecuador), Spanish (Spain), and Spanish (Venezuela). Thanks to all the translators! 😀
= 5.114.1 =
* 2021/02/04
* Quick fix for PHP notice showing up in debug log on some websites.
= 5.114 =
* 2021/02/04
* NEW: Settings for vulnerability module - control what is being checked for and disable the counter in the admin menu.
* Improved plugin loading time - Doing more tasks in background.
* **Pro Changes:**
* NEW: Wizard - Get started in minutes with a few simple steps - protect your website with ease.
* NEW: Introducing IP ban network - all sites reports heavy attacks to a central API to send out block warning to all sites in the network.
* NEW: Fixes: Disable WP XML Sitemaps introduced in WordPress 5.5
* NEW: Fixes: Enable/disable username enumeration
* Import/export works with vulnerability settings.
* Improved handling of importing data.
* Removed debug page in plugin in favor of "Site Health" included with WP.
= 5.113 =
* 2020/12/28
* Fix: MySQL no longer creates database tables with "MyISAM" as the engine. Uses the site default configuration. Thank you Kien.
* Fix: "Test this IP" did not work correctly with IP ranges. Thank you Justin.
* Fix: Core Scanner module - now works faster and loads data without reloading the entire plugin page. Improved user interface.
= 5.112 =
* 2020/12/10
* New: Check for Application Password feature introduced in WP 5.6
* New: Enable/disable the Application Password feature (Pro)
* Fix: PHP notice when downloading and saving vulnerability list.
* Tested with WordPress 5.6
= 5.111 =
* 2020/11/09
* Update Freemius to 2.4.1 and other 3rd party libraries.
= 5.110 =
* 2020/09/30
* NEW: Fixes page - Enable/disable security features on your website.
* NEW: Set Security Headers values on "Fixes" page.
* NEW: Hide PHP Version and Server info.
* Improved user interface, made changes to colors and layout.
* Tested up to WP 5.5.1
* Further work on PHP compatibility - Thank you Barry.
* 185,502 downloads
= 5.109 =
* 2020/09/03
* FIX - Nginx example corrected for "Referrer-Policy" from "no-referrer" to the correct "same-origin". Thank you Mk.
* FIX - Nginx example corrected for "Feature-Policy" security header. Thank you Mk.
* FIX - "Secure the site" showing up multiple places on plugins page in admin.
* Improvement - Better instructions on how to change weak database passwords and removing the autofixer.
* Minor cleanup in logging routines.
* Fix: Loading outdated plugin list from file instead of from database - caused problem on some servers.
* Fix: Wrongly saying "Vulnerabilities found" eventhough no vulns were found.
* Fix: Check for wp-config permissions (chmod) failed if the file had been moved. Thank you Mk.
* Fix: Minor error showing last blocked logins in sidebar.
* Updated 3rd party libraries for better PHP 7.4 compatibility.
* 182,512 downloads
= 5.108 =
* 2020/08/11
* FIX: "Secure this site" link under all plugins. Thank you Mk.
* FIX: Opening up welcome page for all new plugin installations.
* Updating jQuery code due to changes to WordPress 5.5
* Tested WP 5.5 compatible.
* More detailed description in Firewall for "Hide login errors".
* 177,103 downloads
= 5.107 =
* 2020/07/30
* NEW: Introducing check for outdated plugins - not updated in 5+ years.
* NEW: Turn login form protection on or off. Thank you Mk.
* NEW: Feature added - Block login error messages.
* NEW: Added warning on WooCommerce login form.
* FIX: Improved loading speed in plugin admin pages.
* FIX: The warning "Vulnerabilities found on your system!" was shown even if there were no vulnerabilities detected. Thank you all who reported this issue.
* Updated Freemius SDK to 2.4.0
* General code cleanup.
* 175,961 downloads
= 5.106 =
* 2020/07/08
* New: Tests - Filter "untested" - tests not run yet.
* Fix: Tests - Fixed bug in getting permissions for WP config file.
* Fix: Whitelabel - removed plugin name showing up under debug info. Thank you Jay.
* Layout improvements - fixing visual bugs.
* Moved vulnerability check to every 24 hours.
* Firewall: Added option to immediately block any attempts to log in with username "admin".
* Firewall: Fixed bug with setting limits for failed logins in admin.
* PHP 7.4 compatibility check
* Code cleanup.
* 171,569 downloads
= 5.105 =
* 2020/06/03
* FIX: Compatibility with Yoast SEO - Thank you Thomas 😉
* FIX: PHP warning - undefined index - Thank you Mariusz.
* Improvement - Loading of JS and CSS files in Firewall module.
* Updated language files.
* 167,963 downloads
= 5.104 =
* 2020/05/27
* NEW: Added vulnerability testing for installed themes.
* NEW: Added vulnerability count to the menu.
* NEW: Added visitor log pruning - Keep the visitor log size down. Customizable interval and you can also turn off firewall logging entirely.
* NEW: Dismiss vulnerability warnings for 24 hours directly in warning notice.
* NEW: Plugin translated to Bulgarian - Thank you Valentin!
* FIX: Scheduled Scanner results - Broken results for "Core Scanner" - Thank you Mk.
* Added missing Nginx examples for username enumeration. Thank you Fahmi.
* More options for how often to send email notifications in event logger - Thank you Mk.
* Code cleanup.
* 165,593 downloads
= 5.103 =
* 2020/05/06
* Updated malware scanner patterns - Thank you Cathal for submitting sample.
* Update: Showing when malware patterns were last updated on malware tab.
* Fix: Layout of suggestions under "Details" were improved.
* Fix: Bug where results for "Check if active plugins are compatible with your version of WP" were empty - Thank you @lsbk
* 161,873 downloads
= 5.102 =
* 2020/04/29
* Updated list of vulnerable plugins.
* Added more user agents to block - Thank you Laurent.
* Fixed bug with importing settings - Thank you Thomas.
* Tested up to newly released WP 5.4.1
* 159,186 downloads
= 5.101 =
* 2020/04/19
* Downgrade IP2location library to 8.1.1 - Fixes problem with library requiring PHP 7.1
* 156,477 downloads
= 5.100 =
* 2020/04/18
* Fix: Removed syslog logging to file. Many users had problems with the
* Improved welcome page for new installations.
* Improved layout on settings page, fixing markup mistakes.
* Updated language files.
* Code cleanup and security hardening.
* 155,476 downloads
= 5.99 =
* 2020/04/13
* Added Nginx examples to security headers - Thank you Dzul.
* Security hardening.
* PRO: Event logging can now be turned on and off - Thank you Matt.
* 153,294 downloads
= 5.98 =
* 2020/04/08
* Security hardening the automatic fixers.
* Added name to vulnerability warning.
* Added warning to "Check if database table prefix is the default one" test - Thank you Martin.
* Reworked the fix for changing database table prefix. Thank you Martin.
* 151,318 downloads
= 5.97 =
* 2020/03/13
* Fix: The "filter test by status" not working properly if status changed. If you ran a test, fixed a failed test and ran again, the test would not change status.
* Fix: Removed the "pointer" introducion in favor of the new "welcome page" for new users.
* Added a link to the welcome page in the sidebar if you want to view it.
* Vulnerabilities: More details for each vulnerability.
* 147,072 downloads
= 5.96 =
* 2020/03/08
* NEW: Quick filter tests - Failed tests, tests with warnings or those tests that are OK.
* NEW: Quickly see how many vulnerabilities you have in the tab view.
* Improved admin view layout and styling.
* Vulnerabilities - Easier to visually scan recommendations - hiding clutter in interface.
* Fix - PHP Notice in some cases - Thank you Mike 🙂
* 144,961 downloads
= 5.95 =
* 2020/03/06
* Added more details to the wp-config.php test - Thanks @lsbk.
* Work on following WordPress Coding Standards.
* Minor change in the WP constants test.
* Moved the malware definitions API to a faster location.
* Code cleanup.
* Plugin has been tested up to WordPress 5.4
* 143,732 downloads
= 5.94 =
* 2020/03/05
* FIX: Security Tests - Fixed the test for wp-config.php file permissions - thank you @lsbk 🙂
* Updated language files.
* Work on following WordPress Coding Standards.
* 142,778 downloads
= 5.93 =
* 2020/03/04
* FIX: Fatal error happened in some situations - "Call to undefined method".
* Improved the welcome page.
* 141,800 downloads
= 5.92 =
* 2020/03/02
* NEW: Plugin onboarding - welcome page for new users.
* Fix: PHP notice when blocking some visitors.
* Security hardening and working on WordPress coding standards.
* 140,243 downloads
= 5.91 =
* 2020/02/22
* Fix: Vulnerability warning did not load properly on all admin pages.
* Fix: "Thank you for installing" pointer was reset when updating. Thank you Thomas for helping getting this fixed.
* Code cleanup.
* Updated language files.
* 137,665 downloads
= 5.90 =
* 2020/02/19
* New: Sitewide warnings for when vulnerabilities are detected. Warnings can be dismissed for 24 hours.
* Security Tests: Added more dangerous filenames to look for.
* More code refactoring to follow WordPress Standards.
* 136,037 downloads
= 5.89 =
* 2020/02/17
* Code cleanup - Removing unused code.
* Refactoring code to better follow WordPress Standards.
* 134,362 downloads
= 5.88 =
* 2020/02/13
* NEW: Quick overview Dashboard Widget - Get a quick overview of your security status.
* Improvement - Load required composer component libraries with a unique namespace to prevent clashes with other plugins including same libraries.
* Fix: Cloud Firewall - Error saving GeoIP in WordPress Multisite configuration. Thank you Roy.
* Updated language files.
* 132,555 downloads
= 5.87 =
* 2020/02/07
* NEW: Test for "Referrer-Policy" security header. Thank you Jonathan.
* NEW: Test for "Feature-Policy" security header. Thank you Jonathan.
* Fix: The instructions to completely disable XML-RPC was wrong, thank you Ivan for spotting this!
* Fix: Typos in some of the security header test descriptions and details.
* Fix: Not using whitelabel name in emails. Thank you Ivan.
* Fix: Only load pointers if the whitelabel feature is not enabled. Thank you Ivan.
* Tightening and optimizing code.
* Updated language file.
* 130,473 downloads
= 5.86 =
* 2020/02/05
* New: Check if the debug.log file exists and advice how to block it.
* New: Check if the REST API is enabled. Thank you Cuong.
* New: More details if a test fails about what went wrong.
* Fix: If opening details window about a test and the test have not been run yet, the spinner stayed looping forever.
* Fix: Some completed tests might have extra details and they were missing.
* Fix: Not removing all settings when deactivating the plugin.
* Typo - "incompatibile" -> "incompatible".
* 128,964 downloads
= 5.85 =
* 2020/02/02
* New: See when last time a test was run and for how long when you click corresponding "Details" button.
* Improvement: Do not remove settings when deactivating plugin temporarily, remove when uninstalling plugin. Thank you Cuong.
* Improvement: Added polyfill for BC Math PHP extension which might not be installed per default in all server configurations.
* 127,333 downloads
= 5.84 =
* 2020/01/30
* Testing: Security test rewrite - Testing is much faster now.
* Testing: You can now select individual tests to run.
* Testing: Live updates, no page refresh needed.
* Fix: Updated firewall country blocking to work with IP2Location, replacing MaxMinds GeoLite2.
* Fix: WordPress Export tool blocked when username enumeration block was enabled. Thank you Cuong.
* Fix: Minor warnings in HTML output on Whitelabel tab.
* 125,794 downloads
= 5.83 =
* 2020/01/28
* Fixed wording in the two tests for the Shellshock bug. Thank you Ivan.
* New email template for issues with Outlook email rendering.
* 124,228 downloads
= 5.82 =
* 2020/01/23
* Vulnerability list now also checks WordPress version and shows known vulnerabilities.
* Vulnerability scanner: Improved recommendations and visuals.
* 122,400 downloads
= 5.81 =
* 2020/01/20
* Improved Vulnerabilities module.
* 120,713 downloads
= 5.80 =
* 2020/01/15
* Introducing Vulnerabilities checking for all users. This module keeps an eye on known vulnerable plugins on your site and warns you if there is a potential problem.
* Update dependencies, Monolog 1.25.1 -> 1.25.3 and psr 1.1.0 -> 1.1.2
* 118,744 downloads
= 5.79 =
* 2020/01/05
* Fix - Activation bug. Errors could occur and these would be logged to the database. This would fail if it happens before the tables were actually created. Thank you Cuong.
* Fix - Whitelabel feature created a double plugin listing. Thank you Cuong and Jay.
* 116,049 downloads
= 5.78 =
* 2020/01/02
* Improvements to feature "dangerous files in your root folder" - Easier overview - added checks for more unwanted files
* Better details on privacy and data sharing when you activate plugin.
* Enriched opt-in and license activation forms.
* Updated license and account system Freemius SDK to version 2.3.2
* 114,586 downloads
= 5.77 =
* 2019/12/25
* Fix: Fixes for identifying license.txt and readme.html
* Fix: Identifying correct installed MySQL version when using MariaDB.
* 112,555 downloads
= 5.76 =
* Fix: Security recommendation from X-Content-Type-Options nosniff had wrong code, thank you Yasaf.
* Fix: Whitelabel - Removing the plugin from list of active plugins if name was changed in whitelabel settings.
= 5.75 =
* Fix: Core Scanner - Problem with localized versions of WordPress file detection - Thank you Cuong.
* Fix: Whitelabel - The plugin name showed up in a message if core scans have not been run for a while. Thank you Jay.
* Fix: Whitelabel - Remove plugin name from list of active plugins on "Debug" page. Thank you Jay.
= 5.74 =
* Fixes problem with malware definitions that were picked up as false positives by other security software.
* Cleaning up old unused files that created warnings on some servers.
* Minor styling changes to admin interface.
= 5.73.1 =
* Fix bug with "ghost plugin" when the Whitelabel is enabled. Thank you Cuong.
* Updated Firewall bad query list.
* Firewall - Fixed responsiveness in "Latest Firewall Events".
* Fix malware results list - missing whitelist and delete buttons. Thank you Chris
= 5.72 =
* WordPress 5.3 compatibility
* Security Tests - Added more checks for unwanted files.
* Responsive view on mobile devices look much better. Thank you Cuong.
* Fixed up Debug page - removed never-ending spinner and tweaked output to remove directory sizes. Thank you Cuong.
* Reworked security tests overview to look better and more WordPress-like.
* Fix: Malware Scanner - Error in JS code prevented tests to be completed on some systems. Thank you Cuong and everyone else reporting this bug.
= 5.71 =
* FIX: Removed extra styling some plugin authors just load on all pages, which then messed up this plugin styling.
* FIX: Scheduled Scans failed with Core Scanning enabled, due to recent structure change. Thank you Cuong.
* FIX: The security test for incompatible plugins was not working properly. Thank you Cuong.
* FIX: Debug page not working correctly with Whitelabel enabled - Thank you Cuong.
* Fixed small visual issues - CSS styling.
* Multiple email recipients for reports/alerts - Suggestion by Jose.
* Minor language changes + internationalization work for translators.
= 5.70 =
* 2019/11/07
* NEW: Security test: Check for files often found in root of website. Such as SQL database dump files, phpinfo.php, *.bak files etc.
* FIX: Malware Scanner download latest definitions.
* 99,638 downloads
= 5.69 =
* 2019/11/05
* New: Added Debug page.
* Security Tests: Removed Wordfence warning - No longer needed.
* Core Scanner: Fixed problem with local WP versions not being found - Thank you Yodana 🙂
* Updated language files.
* Fix: "Your IP address is" in admin showed wrong IP.
* 98,226 downloads
= 5.68 =
* 2019/11/01
* Fix: Visual bug on some tabs.
* Fix: The Firewall and Cloudflare did not play well together. Thanks Chandra, Atley and Yasaf 🙂
* New: Firewall - Automatically whitelists any new IP from where an admin is logged in.
* Fix: Events IP were sometimes not logged properly, now uses same code as Firewall module.
* 97,382 downloads
= 5.67 =
* 2019/10/31
* Rearranged interface, made more space for new features coming up 😉
* NEW: Firewall - Turn cloud firewall on/off
* Fix: Core Scanner - Fixed unknown error popup and improved error messages for easier debugging.
* Fix: Core Scanner - Fix error where checksums for a particular locale was not available by WordPress.
* Fix: Firewall - Fixed too agressive blocking - IP blocking routines.
* Fix: Firewall - Better visitor logging. Some visits were not registered in the log.
* Cleaned up JS code.
* 96,366 downloads
= 5.66 =
* 2019/10/29
* Fix: Removed debug output in JavaScript console.
* Fix: Minor language and CSS styling changes.
* Fix: Pro - Malware scan sometimes got stuck.
* 94,923 downloads
= 5.65 =
* 2019/10/26
* New: Check for Content Security Policy header. It can be tricky to configure this one, read instructions carefully.
* Improved suggestions for some of the security headers.
* Minor adjustment to interface, preparing for upcoming WordPress 5.3 admin style changes.
* New: Firewall - You can now manually blacklist IPs!
* New: Firewall - Country name alt tag when hovering over a flag.
* New: Firewall - Added Latest visitors log.
* New: Firewall - Blocked requests and whitelisted visitors are easily visible in the visitor log.
* New: Firewall - Made all stat sections collapsible on firewall page = less crowded interface.
* New: Whitelabel - Change Plugin name, description, the author name and URL as well as the the menu icon.
* Fix: Hides Whitelabel tab when Whitelabel enabled.
* Minor improvements to whitelabel options.
* Minor improvements to API integration.
* 93,450 downloads
= 5.64 =
* 2019/10/20
* Fix: Not automatically updating all databases and files when updating.
* Fix: PHP notices - Undefined index - Thank you Ivar 🙂
* Fix: Removed debug error_log() notices in code.
* Fix: Suspicious request details were not added to the log.
* Whitelabel tab added.
* 91,578 downloads
= 5.63 =
* 2019/10/15
* WordPress Multisite compatible.
* Tested WP 5.2.4 compatible.
* NEW: Checks for Strict Transport Security (HSTS) security header.
* NEW: Checks for security header "X-XSS-Protection".
* NEW: Checks for security header "X-Frame-Options".
* NEW: Checks for security header "X-Content-Type-Options".
* Fix problem with .htaccess code for blocking username enumeration. Thank you David 🙂
* Fix problem clicking arrow in results list opened and then closed the result details. Thank you Thomas 🙂
* Added more inline help on Core Scanner page.
* Updated 3rd party library - Freemius SDK to 2.3.1
* More details shown for blocked suspicious requests.
* 89,418 downloads
= 5.62 =
* 2019/10/03
* Security Tests - Added check for if license.txt exists.
* Fixed minor bugs in JavaScript code.
* Auto Fix - Remove license.txt if exists.
* Firewall - Added direct link to VirusTotal details lookup for IPs. Thank you Jose.
* Event Log - Rotating syslog can now be set to 7 or 30 days. Thank you Jose.
* 86,242 downloads
= 5.61 =
* 2019/09/27
* Security Tests - Reworked the way the scan works - See which tests are being made.
* Security Tests - Added timer showing the progress.
* Security Tests - Added error notices in case a test causes problems with the scans.
* Event Logger - Improved syslog integration, get detailed event logging for use with Splunk or other Security information and event management (SIEM) systems.
* Whitelabel still in beta - Improvements - hiding plugin from list - Thanks Jay.
* Scheduled Scanner - Fixes "Unknown Error" and e-mails now include details about what changed - Thank you Thomas 🙂
* 84,143 downloads
= 5.60 =
* 2019/09/23
* BUGFIX: Getting country ISO code could end up in PHP Error "Call to undefined function" - Thank you Thomas 🙂
* Beta: Event logging to rotating 7-day syslog files in wp-content/uploads/security-ninja/logs/ - Thank you Jose 🙂
* 81,876 downloads
= 5.59 =
* 2019/09/21
* This update introduces a couple of improvements to the security tests and a couple of minor fixes.
* Thank you all for bug reports and suggestions! Check out the public roadmap here: https://trello.com/b/6qxtAlzY/wp-security-ninja-public-roadmap
* FIX: Security Testing - Fixed bug in detecting EditURI XML-RPC is disabled. Thank you Thomas 🙂
* FIX: Security Testing - Autofixer now properly blocks EditURI and also access to
* FIX: Core Scanner: Fix false positive with renamed install.php and upgrade.php
* Security Testing - Changed suggestion for readme.html, install.php and upgrade.php
* Improvement: Security Testing - Auto Fixer - Delete install.php and upgrade.php instead of renaming.
* Updated browser detection routines - Thanks Jay 🙂
* Malware Scanner - Improved the core WP checksum scanning.
* Whitelabel feature now in beta testing 🙂
* 80,553 downloads
= 5.58 =
* 2019/09/15
* Warning if running Security Scans with less than PHP 7
* Fixed some options not getting deleted when deleting plugin.
* 78,396 downloads
v. 5.57 - 2019/09/12
* Added warning for potential conflict with Anti-Spam by CleanTalk. Thank you, Courtney, for the report.
* Bugfix - Tests not always loading properly with different user capacities.
* Readme update - added video and more tests.
* 76,958 downloads
v. 5.56 - 2019/09/10
* Bugfix - Security tests not working properly in some environments.
* Added instructions for fixing "Check if the REST API links are shown in code".
* 75,392 downloads
v. 5.55 - 2019/09/08
* Minor fixes in JavaScript code.
* Cleaned up plugin code.
* Added more strings for translators.
* 73,947 downloads
v. 5.54 - 2019/09/06
* Fix - Security tests popups with details not working.
* NEW: Added test if REST API links are visible in the header.
* 72,766 downloads
v. 5.53 - 2019/09/05
* Tested with WP 5.2.3.
* Attempted a fix for loading JS code when other plugins have faulty code. Thank you, Vanessa.
* Removed noticed regarding Security Ninja Pro, not on official wordpress.org repository. Thank you, Ivar.
* Removed script, jQuery.ScrollTo - not used anymore.
* Cleaned up JS code.
* 71,672 downloads
v. 5.52 - 2019/08/29
* Fix - Admin notices could sometimes break internal admin pages from showing correctly.
* Removed language files from the plugin.
* 69,202 downloads
v. 5.51 - 2019/08/27
* Minor language updates and small bugfixes.
* 67,868 downloads
v 5.50 - 2019/08/23
* Major rewrite and a lot of new features added.
* Started making plugin translatable.
* Malware Scanner - Plugin integrity checker is more accurate and reports fewer false positives.
* Bumped version from 2.x to 5.50 - Aligning free and pro version numbers.
* More userfriendly for new users with tips in the admin interface.
* More inline help on relevant pages.
* New: Getting started tips - Notices that inform you of next steps.
* Malware: Updated whitelists
* Fixes problem with databases not created properly.
* New cached JSON folders are removed on deactivation
* NEW: Plugin Integrity check - validate installed plugins against wordpress.org API.
* Moved WordFence warning to "Security Tests" tab only.
* Nicer emails in "Your secret access link"
* Improved: Emails sent by Scheduled Scanner is much nicer looking and more informative.
* Better logging blocked login attempts.
* Firewall - New: Top countries. See which countries are bringing the most traffic.
* Fix for database tables not always being created when updating from Free to Pro.
* Firewall - fixed empty results showing up.
* More details on why a visitor is blocked in the log.
* New: Malware Scanner - View whitelisted files.
* New: Core Scanner - Detects unknown files in core folders.
* New: Core Scanner - Find leftover files from older WordPress installations.
* New: Core Scanner - Delete unwanted files individually or all unknown files.
* New: Firewall - Country blocking, useful if you get a lot of bad traffic from specific countries.
* New: Firewall - Top visitors log kept for the last 30 days. Discover top visitors and use to decide on which IPs or countries to block.
* New: Firewall - Logging individual visits per IP
* New: Firewall - Suspicious requests are blocked - based on the great <a href="https://wordpress.org/plugins/block-bad-queries/" target="_blank">BBQ: Block Bad Queries</a> by Jeff Starr.
* New: Firewall - Redirect blocked visitors - You can show a message or redirect blocked visitors to another website.
* Design overhaul to get closer to WP look and feel.
* Updated 3rd party libraries, Select2
* 66,070 downloads
v5.42 - 2019-02-22
- Fixed inactive themes count includes child theme
v5.41 - 2019-01-22
- Improved schedule scans email notifications
v5.40 - 2019-01-22
- Minor bug fixes
v5.39 - 2018-10-15
- fixed issue interpreting MariaDB version
v5.38 - 2018-07-18
- bugfix in Cloud Firewall
v5.37 - 2018-07-06
- bugfix in Events Logger
v5.36 - 2018-06-17
- bugfix in Events Logger
v5.35 - 2018-06-17
- IP ban test in Cloud Firewall
- new test and fix: usernames enumeration
v5.30 - 2018-04-06
- new module - Cloud Firewall
v5.20 - 2017-12-07
- new module - Database Optimizer
v5.15 - 2017-04-09
- new module - Auto Fixer
- added new tests
- bug fixes
v5.0 - 2016-10-12
- the first release of PRO version
- all modules updated and optimised
- basic and PRO versions now have separate codebases