Changelog for Security Ninja
= 5.88 =
* NEW: Quick overview Dashboard Widget – Get a quick overview of your security status.
* Improvement – Load required composer component libraries with a unique namespace to prevent clashes with other plugins including same libraries.
* Fix: Cloud Firewall – Error saving GeoIP in WordPress Multisite configuration. Thank you Roy.
* Updated language files.
* 132,555 downloads
= 5.87 =
* NEW: Test for “Referrer-Policy” security header. Thank you Jonathan.
* NEW: Test for “Feature-Policy” security header. Thank you Jonathan.
* Fix: The instructions to completely disable XML-RPC was wrong, thank you Ivan for spotting this!
* Fix: Typos in some of the security header test descriptions and details.
* Fix: Not using whitelabel name in emails. Thank you Ivan.
* Fix: Only load pointers if the whitelabel feature is not enabled. Thank you Ivan.
* Tightening and optimizing code.
* Updated language file.
* 130,473 downloads
= 5.86 =
* New: Check if the debug.log file exists and advice how to block it.
* New: Check if the REST API is enabled. Thank you Cuong.
* New: More details if a test fails about what went wrong.
* Fix: If opening details window about a test and the test have not been run yet, the spinner stayed looping forever.
* Fix: Some completed tests might have extra details and they were missing.
* Fix: Not removing all settings when deactivating the plugin.
* Typo – “incompatibile” -> “incompatible”.
* 128,964 downloads
= 5.85 =
* New: See when last time a test was run and for how long when you click corresponding “Details” button.
* Improvement: Do not remove settings when deactivating plugin temporarily, remove when uninstalling plugin. Thank you Cuong.
* Improvement: Added polyfill for BC Math PHP extension which might not be installed per default in all server configurations.
* 127,333 downloads
= 5.84 =
* Testing: Security test rewrite – Testing is much faster now.
* Testing: You can now select individual tests to run.
* Testing: Live updates, no page refresh needed.
* Fix: Updated firewall country blocking to work with IP2Location, replacing MaxMinds GeoLite2.
* Fix: WordPress Export tool blocked when username enumeration block was enabled. Thank you Cuong.
* Fix: Minor warnings in HTML output on Whitelabel tab.
* 125,794 downloads
= 5.83 =
* Fixed wording in the two tests for the Shellshock bug. Thank you Ivan.
* New email template for issues with Outlook email rendering.
* 124,228 downloads
= 5.82 =
* Vulnerability list now also checks WordPress version and shows known vulnerabilities.
* Vulnerability scanner: Improved recommendations and visuals.
* 122,400 downloads
= 5.81 =
* Improved Vulnerabilities module.
* 120,713 downloads
= 5.80 =
* Introducing Vulnerabilities checking for all users. This module keeps an eye on known vulnerable plugins on your site and warns you if there is a potential problem.
* Update dependencies, Monolog 1.25.1 -> 1.25.3 and psr 1.1.0 -> 1.1.2
* 118,744 downloads
= 5.79 =
* Fix – Activation bug. Errors could occur and these would be logged to the database. This would fail if it happens before the tables were actually created. Thank you Cuong.
* Fix – Whitelabel feature created a double plugin listing. Thank you Cuong and Jay.
* 116,049 downloads
= 5.78 =
* Improvements to feature “dangerous files in your root folder” – Easier overview – added checks for more unwanted files
* Better details on privacy and data sharing when you activate plugin.
* Enriched opt-in and license activation forms.
* Updated license and account system Freemius SDK to version 2.3.2
* 114,586 downloads
= 5.77 =
* Fix: Fixes for identifying license.txt and readme.html
* Fix: Identifying correct installed MySQL version when using MariaDB.
* 112,555 downloads
= 5.76 =
* Fix: Security recommendation from X-Content-Type-Options nosniff had wrong code, thank you Yasaf.
* Fix: Whitelabel – Removing the plugin from list of active plugins if name was changed in whitelabel settings.
= 5.75 =
* Fix: Core Scanner – Problem with localized versions of WordPress file detection – Thank you Cuong.
* Fix: Whitelabel – The plugin name showed up in a message if core scans have not been run for a while. Thank you Jay.
* Fix: Whitelabel – Remove plugin name from list of active plugins on “Debug” page. Thank you Jay.
= 5.74 =
* Fixes problem with malware definitions that were picked up as false positives by other security software.
* Cleaning up old unused files that created warnings on some servers.
* Minor styling changes to admin interface.
= 5.73.1 =
* Fix bug with “ghost plugin” when the Whitelabel is enabled. Thank you Cuong.
* Updated Firewall bad query list.
* Firewall – Fixed responsiveness in “Latest Firewall Events”.
* Fix malware results list – missing whitelist and delete buttons. Thank you Chris
= 5.72 =
* WordPress 5.3 compatibility
* Security Tests – Added more checks for unwanted files.
* Responsive view on mobile devices look much better. Thank you Cuong.
* Fixed up Debug page – removed never-ending spinner and tweaked output to remove directory sizes. Thank you Cuong.
* Reworked security tests overview to look better and more WordPress-like.
* Fix: Malware Scanner – Error in JS code prevented tests to be completed on some systems. Thank you Cuong and everyone else reporting this bug.
= 5.71 =
* FIX: Removed extra styling some plugin authors just load on all pages, which then messed up this plugin styling.
* FIX: Scheduled Scans failed with Core Scanning enabled, due to recent structure change. Thank you Cuong.
* FIX: The security test for incompatible plugins was not working properly. Thank you Cuong.
* FIX: Debug page not working correctly with Whitelabel enabled – Thank you Cuong.
* Fixed small visual issues – CSS styling.
* Multiple email recipients for reports/alerts – Suggestion by Jose.
* Minor language changes + internationalization work for translators.
= 5.70 =
* NEW: Security test: Check for files often found in root of website. Such as SQL database dump files, phpinfo.php, *.bak files etc.
* FIX: Malware Scanner download latest definitions.
* 99,638 downloads
= 5.69 =
* New: Added Debug page.
* Security Tests: Removed Wordfence warning – No longer needed.
* Core Scanner: Fixed problem with local WP versions not being found – Thank you Yodana 🙂
* Updated language files.
* Fix: “Your IP address is” in admin showed wrong IP.
* 98,226 downloads
= 5.68 =
* Fix: Visual bug on some tabs.
* Fix: The Firewall and Cloudflare did not play well together. Thanks Chandra, Atley and Yasaf 🙂
* New: Firewall – Automatically whitelists any new IP from where an admin is logged in.
* Fix: Events IP were sometimes not logged properly, now uses same code as Firewall module.
* 97,382 downloads
= 5.67 =
* Rearranged interface, made more space for new features coming up 😉
* NEW: Firewall – Turn cloud firewall on/off
* Fix: Core Scanner – Fixed unknown error popup and improved error messages for easier debugging.
* Fix: Core Scanner – Fix error where checksums for a particular locale was not available by WordPress.
* Fix: Firewall – Fixed too agressive blocking – IP blocking routines.
* Fix: Firewall – Better visitor logging. Some visits were not registered in the log.
* Cleaned up JS code.
* 96,366 downloads
= 5.66 =
* Fix: Minor language and CSS styling changes.
* Fix: Pro – Malware scan sometimes got stuck.
* 94,923 downloads
= 5.65 =
* New: Check for Content Security Policy header. It can be tricky to configure this one, read instructions carefully.
* Improved suggestions for some of the security headers.
* Minor adjustment to interface, preparing for upcoming WordPress 5.3 admin style changes.
* New: Firewall – You can now manually blacklist IPs!
* New: Firewall – Country name alt tag when hovering over a flag.
* New: Firewall – Added Latest visitors log.
* New: Firewall – Blocked requests and whitelisted visitors are easily visible in the visitor log.
* New: Firewall – Made all stat sections collapsible on firewall page = less crowded interface.
* New: Whitelabel – Change Plugin name, description, the author name and URL as well as the the menu icon.
* Fix: Hides Whitelabel tab when Whitelabel enabled.
* Minor improvements to whitelabel options.
* Minor improvements to API integration.
* 93,450 downloads
= 5.64 =
* Fix: Not automatically updating all databases and files when updating.
* Fix: PHP notices – Undefined index – Thank you Ivar 🙂
* Fix: Removed debug error_log() notices in code.
* Fix: Suspicious request details were not added to the log.
* Whitelabel tab added.
* 91,578 downloads
= 5.63 =
* WordPress Multisite compatible.
* Tested WP 5.2.4 compatible.
* NEW: Checks for Strict Transport Security (HSTS) security header.
* NEW: Checks for security header “X-XSS-Protection”.
* NEW: Checks for security header “X-Frame-Options”.
* NEW: Checks for security header “X-Content-Type-Options”.
* Fix problem with .htaccess code for blocking username enumeration. Thank you David 🙂
* Fix problem clicking arrow in results list opened and then closed the result details. Thank you Thomas 🙂
* Added more inline help on Core Scanner page.
* Updated 3rd party library – Freemius SDK to 2.3.1
* More details shown for blocked suspicious requests.
* 89,418 downloads
= 5.62 =
* Security Tests – Added check for if license.txt exists.
* Auto Fix – Remove license.txt if exists.
* Firewall – Added direct link to VirusTotal details lookup for IPs. Thank you Jose.
* Event Log – Rotating syslog can now be set to 7 or 30 days. Thank you Jose.
* 86,242 downloads
= 5.61 =
* Security Tests – Reworked the way the scan works – See which tests are being made.
* Security Tests – Added timer showing the progress.
* Security Tests – Added error notices in case a test causes problems with the scans.
* Event Logger – Improved syslog integration, get detailed event logging for use with Splunk or other Security information and event management (SIEM) systems.
* Whitelabel still in beta – Improvements – hiding plugin from list – Thanks Jay.
* Scheduled Scanner – Fixes “Unknown Error” and e-mails now include details about what changed – Thank you Thomas 🙂
* 84,143 downloads
= 5.60 =
* BUGFIX: Getting country ISO code could end up in PHP Error “Call to undefined function” – Thank you Thomas 🙂
* Beta: Event logging to rotating 7-day syslog files in wp-content/uploads/security-ninja/logs/ – Thank you Jose 🙂
* 81,876 downloads
= 5.59 =
* This update introduces a couple of improvements to the security tests and a couple of minor fixes.
* Thank you all for bug reports and suggestions! Check out the public roadmap here: https://trello.com/b/6qxtAlzY/wp-security-ninja-public-roadmap
* FIX: Security Testing – Fixed bug in detecting EditURI XML-RPC is disabled. Thank you Thomas 🙂
* FIX: Security Testing – Autofixer now properly blocks EditURI and also access to
* FIX: Core Scanner: Fix false positive with renamed install.php and upgrade.php
* Security Testing – Changed suggestion for readme.html, install.php and upgrade.php
* Improvement: Security Testing – Auto Fixer – Delete install.php and upgrade.php instead of renaming.
* Updated browser detection routines – Thanks Jay 🙂
* Malware Scanner – Improved the core WP checksum scanning.
* Whitelabel feature now in beta testing 🙂
* 80,553 downloads
= 5.58 =
* Warning if running Security Scans with less than PHP 7
* Fixed some options not getting deleted when deleting plugin.
* 78,396 downloads
v. 5.57 – 2019/09/12
* Added warning for potential conflict with Anti-Spam by CleanTalk. Thank you, Courtney, for the report.
* Bugfix – Tests not always loading properly with different user capacities.
* Readme update – added video and more tests.
* 76,958 downloads
v. 5.56 – 2019/09/10
* Bugfix – Security tests not working properly in some environments.
* Added instructions for fixing “Check if the REST API links are shown in code”.
* 75,392 downloads
v. 5.55 – 2019/09/08
* Cleaned up plugin code.
* Added more strings for translators.
* 73,947 downloads
v. 5.54 – 2019/09/06
* Fix – Security tests popups with details not working.
* NEW: Added test if REST API links are visible in the header.
* 72,766 downloads
v. 5.53 – 2019/09/05
* Tested with WP 5.2.3.
* Attempted a fix for loading JS code when other plugins have faulty code. Thank you, Vanessa.
* Removed noticed regarding Security Ninja Pro, not on official wordpress.org repository. Thank you, Ivar.
* Removed script, jQuery.ScrollTo – not used anymore.
* Cleaned up JS code.
* 71,672 downloads
v. 5.52 – 2019/08/29
* Fix – Admin notices could sometimes break internal admin pages from showing correctly.
* Removed language files from the plugin.
* 69,202 downloads
v. 5.51 – 2019/08/27
* Minor language updates and small bugfixes.
* 67,868 downloads
v 5.50 – 2019/08/23
* Major rewrite and a lot of new features added.
* Started making plugin translatable.
* Malware Scanner – Plugin integrity checker is more accurate and reports fewer false positives.
* Bumped version from 2.x to 5.50 – Aligning free and pro version numbers.
* More userfriendly for new users with tips in the admin interface.
* More inline help on relevant pages.
* New: Getting started tips – Notices that inform you of next steps.
* Malware: Updated whitelists
* Fixes problem with databases not created properly.
* New cached JSON folders are removed on deactivation
* NEW: Plugin Integrity check – validate installed plugins against wordpress.org API.
* Moved WordFence warning to “Security Tests” tab only.
* Nicer emails in “Your secret access link”
* Improved: Emails sent by Scheduled Scanner is much nicer looking and more informative.
* Better logging blocked login attempts.
* Firewall – New: Top countries. See which countries are bringing the most traffic.
* Fix for database tables not always being created when updating from Free to Pro.
* Firewall – fixed empty results showing up.
* More details on why a visitor is blocked in the log.
* New: Malware Scanner – View whitelisted files.
* New: Core Scanner – Detects unknown files in core folders.
* New: Core Scanner – Find leftover files from older WordPress installations.
* New: Core Scanner – Delete unwanted files individually or all unknown files.
* New: Firewall – Country blocking, useful if you get a lot of bad traffic from specific countries.
* New: Firewall – Top visitors log kept for the last 30 days. Discover top visitors and use to decide on which IPs or countries to block.
* New: Firewall – Logging individual visits per IP
* New: Firewall – Suspicious requests are blocked – based on the great <a href=”https://wordpress.org/plugins/block-bad-queries/” target=”_blank”>BBQ: Block Bad Queries</a> by Jeff Starr.
* New: Firewall – Redirect blocked visitors – You can show a message or redirect blocked visitors to another website.
* Design overhaul to get closer to WP look and feel.
* Updated 3rd party libraries, Select2
* 66,070 downloads
v5.42 – 2019-02-22
- Fixed inactive themes count includes child theme
v5.41 – 2019-01-22
- Improved schedule scans email notifications
v5.40 – 2019-01-22
- Minor bug fixes
v5.39 – 2018-10-15
- fixed issue interpreting MariaDB version
v5.38 – 2018-07-18
- bugfix in Cloud Firewall
v5.37 – 2018-07-06
- bugfix in Events Logger
v5.36 – 2018-06-17
- bugfix in Events Logger
v5.35 – 2018-06-17
- IP ban test in Cloud Firewall
- new test and fix: usernames enumeration
v5.30 – 2018-04-06
- new module – Cloud Firewall
v5.20 – 2017-12-07
- new module – Database Optimizer
v5.15 – 2017-04-09
- new module – Auto Fixer
- added new tests
- bug fixes
v5.0 – 2016-10-12
- the first release of PRO version
- all modules updated and optimised
- basic and PRO versions now have separate codebases