افزونه آیتمز سکوریتی | Solid Security Pro | iThemes Security Pro | افزونه Solid Security
در نسخه 8، افزونه iThemes Security به نام جدید Solid Security تغییر پیدا کرد.
معرفی افزونه IThemes Security Pro / Solid Security Pro
شرکت آیتمز اخیرا تغییر برندی انجام داده و محصولات خود را با ویژگی های جدید و باورنکردنی در قالب برند جدیدی با نام SolidWP ارائه میکند.
افزونه آیتمز سکوریتی پرو نیز به نام افزونه سالید سکوریتی (Solid Security Pro Plugin) با ویژگی های جدید و باورنکردنی منتشر شده است. در نسخه جدید، علاوه بر بهبود و سادگی بخش تنظیمات و پیشخوان امنیتی، ویژگی های جدید و پیشرفته ای در بخش اسکن سایت، فایروال، بررسی و رفع آسیب پذیری ها برگرفته از سایت patchstack نیز اضافه گردیده است. که بیش از پیش در حفظ و امنیت سایت وردپرسی خودمی توانید از آنها بهره مند شوید.
در این نسخه تغییرات بسیار چشمگیری صورت گرفته است. نسخه جدید به گونه ای طراحی شده که به هر کسی امکان می دهد به راحتی و در کمتر از 10 دقیقه تنظیمات امنیتی متناسب با وب سایت خود را فعال کند. از نسخه 7 به بعد، iThemes Security Pro به شما امکان می دهد نوع سایت خود را برای اعمال بهترین تنظیمات امنیتی انتخاب کنید.
بخش تنظیمات نیز به طور کلی عوض شده و همه چیز بسیار کاربرپسند و ساده گردیده است.
در حال حاضر بالغ بر 30% سایت ها از طریق وردپرس ایجاد می شوند، بنابرین این گونه سایت ها جزو اهداف هکرها قرار دارند، بنابراین قالب وردپرسی شما نیاز به یک استراتژی امنیتی دارد که افزونه iThemes Security Pro بهترین و قابل اعتمادترین انتخاب برای جلوگیری از هک وردپرس است.
توجه: iThemes Security Pro 7.0 به بعد نیازمند وردپرس 5.9 و PHP 7.3 یا بالاتر است.
ساده ترین و امن ترین راه برای ورود به سایت وردپرسی تان اینجاست!
iThemes Security Pro روش های ورود بدون رمز بیومتریک مانند اثر انگشت، تشخیص چهره و windows hello یا هر کلید عبوری که دستگاه تان پشتیبانی می کند و توسط همه مرورگرهای اصلی، از جمله Chrome ،Firefox و Safari پشتیبانی میشود، اضافه کرده است تا برای ورود به سایت وردپرس تان از آن روش ها استفاده کرده و دیگر نیازی به وارد کردن رمز عبور نباشید.
با استفاده از این قابلیت مدیران وبسایت ها میتوانند بدون زحمت اضافی برای استفاده از برنامههای احراز هویت دوعاملی، مدیریت رمز عبور یا الزامات رمز عبور پیچیده، ورود به سیستم امن داشته باشند.
ویژگی های افزونه آیتمز سکوریتی | solid security :
- جلوگیری از هک شدن
- اصلاح نقص های امنیتی وردپرس
- حفاظت در برابر بد افزارها
- ورود بدون رمز عبور
- و ...
امکانات افزونه آیتمز سکوریتی | solid security:
- تحریم کاربران بدخواه
مانع ورود کاربران بدخواه به سایتتان شوید. افرداد بدخواه افرادی هستند که به تعداد زیادی لاگین کرده اند اما با خطا روبرو شده اند، افرادی که تعداد زیادی خطای 404 تولید کرده اند و یا اسامی انها در لیست سیاه قرار دارد.
- مدیریت و ورود پنهانی
با تغییر آدرس پیش فرض سایتتان (wp-admin)، حمله کنندگان به سایتتان را گمراه سازید. و از حملات خودکار ربات ها که به صورت برنامه ریزی شده به صفحه wp-admin سایت های وردپرسی حمله می کنند جلوگیری کنید.
- آگاه سازی از طریق ایمیل
اگر فردی چندین بار ورود ناموفق داشته باشد و از سیستم حذف گردد و یا فایلی در سیستم تغییر کند و … این موضوع از طریق ایمیل اطلاع رسانی می شود.
- تغییر WordPress Salts & Keys
iThemes Security Pro به سادگی WordPress Salts & Keys را به روز رسانی می کند. کلیدهای تصدیق را که هر از گاهی لایه ای از پیچیدگی ایجاد می کند را به روز رسانی می کند.
- تطبیق و مقاسه فایل به صورت انلاین
iThemes Security Pro هرگونه تغییرات بر روی فایل های وردپرس روی سیستم را با نسخه WordPress.org مقایسه می کند تا اگر هکرها روی آن تغییری ایجاد کرده باشند مشخص شود.
بررسی امنیت کاربران وردپرس در افزونه iThemes Security Pro :
- بررسی امنیت کاربران و انجام اقدامات لازم
بررسی در سطح کاربر برای سایت های وردپرسی بسیار ضروری است. امنیت ضعیف بر روی فقط یک حساب کاربری وردپرس می تواند کل سایت شما را به اسیب پذیری هایی که منجر به هک شود باز کند. افزونه افزایش امنیت وردپرس | ithemes security pro با بررسی امنیت کاربران وردپرس، دست یابی به امنیت تمام حساب های کاربری وردپرس در یک زمان و اقدام در مورد انها در صورت نیاز را امکان پذیر می سازد.
- اسکن بدافزارها
به کمک قابلیت اسکن خودکار افزونه امنیتی iThemes، اسکن افزونههای آسیبپذیر وردپرس، قالب ها و هسته وردپرس، بدافزارهای شناخته شده، وضعیت لیست سیاه، خطاهای وب سایت و نرم افزارهای تاریخ مصرف گذشته سریعتر و دقیقتر از همیشه انجام می گیرد. هکرها می توانند از طریق آسیب پذیری های موجود در نسخه های قدیمی برخی افزونه ها و قالب های وردپرسی به راحتی به سایت شما دسترسی پیدا کنند.
قابلیت اسکن خودکار، دو بار در روز وب سایت شما را برای کشف آسیب پذیری های جدید در افزونه های وردپرس، قالب ها و هسته وردپرس اسکن می کند. سپس در صورت فعال بودن ماژول مدیریت نسخه، به طور خودکار و در عرض 5 دقیقه نرم افزارهای آسیب پذیر را در صورت در دسترس بودن به روز رسانی می کند.
- امنیت رمزعبور وردپرس
رمزعبور یک جزء حیاتی استراتژی امنیت وردپرس است. افزونه افزایش امنیت وردپرس | ithemes security pro با مجبور کردن شما در استفاده از کلمات عبور قویتر، امنیت رمز عبور وردپرس را بیشتر میکند. از تنظیمات قدرتمند رمزعبور ithemes security pro برای افزودن یک ژنراتور قوی رمزعبور به پروفایل های کاربری، فعال کردن قابلیت نپذیرفتن رمز های در معرض خطر و کنترل حداقل نقش های کاربری که باید رمز عبور قوی داشته باشند، استفاده کنید.
توجه: افزونه امنیتی iThemes Security Pro به نام تجاری پلاگین Solid Security Pro تغییر کرده است.
دانلود افزونه سالید سکوریتی پرو (solid security premium Plugin) از طریق خرید از ژاکت امکان پذیر می باشد.
نکته: برای حل مشکل تغییر مسیرهای profile builder وعدم سازگاری با احراز هویت افزونه iThemes Security می توانید از افزونه هماهنگ ساز پروفایل بیلدر و آیتمز استفاده نمایید.
توجه: iThemes Security Pro 8 به بعد نیازمند وردپرس 6.3 و PHP 7.3 یا بالاتر است.
لیست تغییرات نسخه های اخیر:
در نسخه 7.2 iThemes Security Pro ، امکان ورود با قابلیت بیومتریک اضافه شده است.
در نسخه 7.2.1 امکان ورود با قابلیت بیومتریک مثل اثر انگشت، تشخیص چهره و windows hello یا هر کلید عبوری که دستگاه تان پشتیبانی می کند، اضافه شده است. بدون نیاز به وارد کردن رمز عبور
در نسخه 6.1.0 جدیدترین روش برای امنیت سایت وردپرس: ورود بدون رمز عبور (Passwordless login) نیز اضافه شده است.
در نسخه 5.7.0 قابلیت استفاده از " reCAPTCHA v3 " نیز اضافه شده است.
در نسخه 5.5.0 به بعد، قابلیت حفاظت از سرقت نشست های کاربری "Session Hijacking" نیز اضافه شده است.
8.5.0 - 2024-06-18 - Timothy Jacobs, Lisa Canini, Jared Hill
New: Users can register for an account using passkeys on WP Login.
Enhancement: Improve highlighting settings search results.
Bug Fix: Checkbox styling issue on WordPress 6.6.
Bug Fix: If Login Methods is set to "Email Only" use the user's email address for the passkey's name.
Bug Fix: Fire an action when a vulnerability is unresolved due to plugin activation.
8.4.2 - 2024-04-22 - Timothy Jacobs, Lisa Canini, Jared Hill
Bug Fix: The Security Dashboard widget would not appear on new Solid Security installs.
Bug Fix: Activating a Patchstack license on sites with a www. subdomain would not show the license as active.
8.4.1 - 2024-03-21 - Timothy Jacobs, Lisa Canini, Jared Hill
Security: Fix a Google reCAPTCHA v3 bypass.
Important: "Automatic (Insecure)" IP detection has been removed. Read more: https://go.solidwp.com/firewall-features-not-available
Tweak: Block repeated session hijacking attacks from the same device even if the user has not specifically blocked the attacker's device. Previously, subsequent attacks after the first block would have their capabilities reduced.
Tweak: Remove the "Accept-Language" and "DNT" header from the list of sources for Trusted Devices.
Tweak: The Updater library has been updated to 1.8.4. The list of Patchstack licensed domains have been removed from the SolidWP licensing page.
Bug Fix: Fix the Trusted Devices "Approve" link in Outlook mail clients.
Bug Fix: The "Privilege Escalation" tab would not appear in a user's profile unless Passwordless Login was enabled.
8.4.0 - 2024-02-27 - Timothy Jacobs, Lisa Canini, Jared Hill
New: The "Trusted Devices" user experience has been reworked to make it clearer and simpler, especially for end users. Learn more: https://academy.solidwp.com/?p=10906
Enhancement: Allow generating a new Two-Factor TOTP secret from the WP-Login UI.
Bug Fix: The SolidWP logo appeared too large in some email clients.
Bug Fix: An error would occur if we could not determine the length of database columns while saving log items.
8.3.2 - 2024-02-06 - Timothy Jacobs, Lisa Canini, Jared Hill
Tweak: Add a notice when a user's role is demoted from the Site Scans page.
Tweak: Update Privacy Policy generator text.
Bug Fix: Could not proceed through onboarding when BuddyPress or BuddyBoss was active.
Bug Fix: Some firewall rules could not be deactivated.
Bug Fix: Allow opting in to Telemetry via the Settings Page.
Bug Fix: PHP 8.2 deprecation warnings.
8.3.1 - 2024-01-25 - Timothy Jacobs, Lisa Canini, Jared Hill
Bug Fix: A PHP Fatal Error on PHP 8+ when logging a WP_Error to the Security Logs.
8.3.0 - 2024-01-24 - Timothy Jacobs, Lisa Canini, Jared Hill
New: The Firewall page has a new IP Management tab to provide easy access to blocking or authorizing IP addresses.
New: Usage Data Sharing (opt-in only) allows users to share non-personal and non-sensitive information with StellarWP to inform decisions about how to improve Solid Security in the future.
Enhancement: The "Trusted Devices" manager has been redesigned and relocated to the Security Profile tabbed UI.
Enhancement: Add a snackbar notice when making changes on the Firewall Configure page.
Enhancement: Make the GDPR Optin text in the CAPTCHA module more visible.
Tweak: Remove some straggling references and links to iThemes.
Tweak: Consistently refer to 2FA as Two-Factor Authentication on the Profile page.
Tweak: Allow performing more Site Scan actions when the issue is muted.
Bug Fix: Truncate log item columns that are too long before inserting into the database.
Bug Fix: Consistently order the Security Profile tabs.
Bug Fix: Add missing text domain to new Solid Security Admin Menu items.
Bug Fix: Reset filters on the Vulnerabilities page when starting a Site Scan.
Bug Fix: PHP warning on the logs page when the File Change module logs unexpected data.
8.2.0 - 2023-12-06 - Timothy Jacobs, Lisa Canini, Jared Hill
New: Refreshed UI for manging per-user security settings like Passwordless Login, Passkeys, Two-Factor and Privilege Escalation. The previous Two-Factor UI can be enabled using the SOLID_SECURITY_LEGACY_2FA_UI constant.
New: A new block "Solid Security User Security Settings" let's you display this UI on the front-end of your website. The [solid_security_user_profile_settings] shortcode can be used if you're not yet using the Block Editor.
Important: Solid Security now requires WordPress 6.3 or later.
Enhancement: Display a snackbar notice when sending a 2FA reminder from the Site Scan page.
Enhancement: Include a link directly to the Patchstack database in the Site Scanner alert email.
Tweak: Remove iThemes Security is now Solid Security banners from the admin.
Bug Fix: An error occurred when trying to create a new Firewall rule as a draft.
Bug Fix: Trying to enable Network Brute Force from the Security messages center linked to the wrong place.
Bug Fix: During onboarding, a double scrollbar was displayed on some screen sizes.
8.1.0 - 2023-11-14 - Timothy Jacobs, Lisa Canini, Jared Hill
New: Add support for creating custom firewall rules.
Enhancement: Add support for configuring firewall settings from the Firewall page.
Bug Fix: The firewall page would appear empty when geolocation could not retrieve a country code.
8.0.4 - 2023-11-07 - Timothy Jacobs, Lisa Canini
Security: Harden SolidWP Updater against XSS attacks. Thanks to Robin Wood (digi.ninja) for disclosing this issue.
8.0.3 - 2023-10-30 - Timothy Jacobs, Lisa Canini, Jared Hill
Security: Don't disclose the login URL when using Hide Backend on a site with comments enabled and comment registration required. Thanks to Naveen Muthusamy for disclosing this issue.
Hardening: Check for the promote_user capability when using Privilege Escalation in addition to edit_user.
Tweak: Remove the iThemes Security is now Solid Security banner from admin-facing email notifications.
Bug Fix: Prevent the User Security page from crashing when "Show Avatars" is disabled in the WordPress discussion settings.
Bug Fix: Fix some filters on the User Security page not working as expected.
Bug Fix: Fix spacing on the Two-Factor form when backup methods are enabled.
Update: The lib/updater library has been updated to 1.8.1
Enhancement: Add a `wp ithemes-licensing set-licensed-url` WP-CLI command.
Bug Fix: Fix fatal error when there is an error retrieving Patchstack license information.
Bug Fix: Styling issues on WordPress 6.4.
8.0.2 - 2023-10-16 - Timothy Jacobs, Lisa Canini, Jared Hill
Enhancement: Add pagination to the Firewall logs table.
Tweak: Various UI improvements.
Bug Fix: On sites with no logo, a broken image appeared in some emails.
Bug Fix: In some email clients, the Solid Security logo would stretch too wide.
8.0.1 - 2023-10-10 - Timothy Jacobs
Bug Fix: Ensure new database tables are created.
8.0.0 - 2023-10-10 - Timothy Jacobs, Lisa Canini, Jared Hill, John Hooks
New: iThemes Security is now Solid Security! Learn More: https://go.solidwp.com/changelog-what-is-patchstack
Important: Solid Security now requires WordPress 6.2 or later.
New: Virtual Patching powered by Patchstack protects your site from vulnerable software even when you can't update to a fixed version.
New: The Firewall screen brings together the Firewall functionality Solid Security provides into one easy to use screen. More Firewall features are coming soon!
New: The Vulnerabilities screen identifies what vulnerable software you have on your site and guides you through next steps.
New: Identify risks in your site's security with the the expanded Site Scan functionality.
New: The User Security screen keeps you appraised of the security practices your site's users are following. Easily apply actions to multiple users in one-click like resetting passwords or logging out active sessions.
Enhancement: The dashboard and settings screens have been redesigned to make it easier to find what you're looking for.
Enhancement: The Security Summary dashboard card gives you a snapshot of the most important security issues affecting your site.
Enhancement: Add support for loading Solid Security via an MU-Plugin for improved performance when blocking attackers.
Tweak: Remove the IP Tracker Online link from the logs page.
Bug Fix: PHP 8.2 compatibility.
Bug Fix: Resolved PHP warnings when unexpected data is encountered during software updates.
7.3.6 - 2023-08-30 - Timothy Jacobs, Lisa Canini, Jared Hill
News: iThemes Security is becoming Solid Security soon. Learn More: https://go.solidwp.com/security-wpadmin-ithemes-becoming-solidwp
Bug Fix: Username First login compatibility with WordPress 6.3.
7.3.5 - 2023-07-26 - Timothy Jacobs, Lisa Canini, Jared Hill
Bug Fix: Passwordless Login compatibility with WordPress 6.3.
7.3.4 - 2023-05-03 - Timothy Jacobs, Lisa Canini, Jared Hill
Tweak: Add support for mandating User Verification when using passkeys.
Bug Fix: Don't require "Write to Files" to be enabled to use the "Rotate Encryption Key" tool.
7.3.3 - 2023-04-20 - Timothy Jacobs, Lisa Canini, Jared Hill
Tweak: Kick off staged rollout of encryption.
7.3.2 - 2023-04-18 - Timothy Jacobs, Lisa Canini, Jared Hill
Tweak: Start enabling encryption for existing iThemes Security sites. Read more: https://ithemes.com/?p=84653
Bug Fix: Fallback to the homepage when Enforce SSL encounters a non-safelisted redirect destination.
Bug Fix: IP Detection on sites behind Load Balancers that appended their IP address to X-Forwarded-For and did not provide a Real IP header.
7.3.1 - 2023-03-23 - Timothy Jacobs, Lisa Canini, Jared Hill
Security Hardening: Prevent open redirects attacks against the Enforce SSL module. This attack requires spoofing the Host header which requires additional conditions to exploit. Thanks to nlpro for reporting the issue.
7.3.0 - 2023-01-24 - Timothy Jacobs, Lisa Canini, Jared Hill
New Feature: Add support for CloudFlare Turnstile and hCaptcha. Learn More: https://ithemes.com/?p=82867
Enhancement: Add support for logging in with Discoverable Passkeys.
Bug Fix: Update Password Strength library to the latest version. This fixes discrepancies between the realtime password strength estimation and the enforced password strength.
Bug Fix: Upgrade the iThemes Updater to 1.7.2 to fix PHP 8 issues.
Note: Remove Grade Report.
7.2.4 - 2022-11-30 - Timothy Jacobs, Lisa Canini, Jared Hill
Tweak: Add "All" tab to the Features page.
Tweak: Don't show Passkeys onboarding flow during front-end Passwordless Login attempts.
Bug Fix: Properly render the Passwordless Login block when not using a Full Site Editing theme.
Bug Fix: Prevent a redirect loop when logging in on sites that take more than 5 seconds to load the Dashboard.
7.2.3 - 2022-11-15 - Timothy Jacobs, Lisa Canini, Jared Hill
New: Passwordless Login can now be setup from the frontend of your website. Use the new iThemes Security block in the Block Editor or the [itsec_passwordless_login_settings] shortcode.
Tweak: Don't show "Ban" buttons in Security Dashboard if the user won't be able to create a ban.
Bug Fix: Prevent Headers Already Sent warning when a lockout occurs during a WP Cron request on some server setups.
Bug Fix: Manually load Sodium Polyfill for servers that have an older version of libsodium installed.
Bug Fix: Error when saving the File Change settings when the "notify_admin" setting was set.
7.2.2 - 2022-10-11 - Timothy Jacobs, Lisa Canini, Jared Hill
Security: Add support for encrypting Two-Factor Mobile App secrets. Enable via Tools -> Set Encryption Key.
Security: Deprecate Automatic Proxy Detection. Instead, manually configure Proxy Detection or use Security Check. Fix IP spoofing attacks.
Enhancement: Add "Ban Lockout" button to the Active Lockouts card.
Tweak: Delete passkeys that have been in the "trash" for seven days.
Bug Fix: File Logs not rotating.
Bug Fix: MaxMind DB Lite not being automatically refreshed.
Bug Fix: PHP warning when loading Icon Fonts in certain configurations.
7.2.1 - 2022-09-16 - Timothy Jacobs, Lisa Canini, Jared Hill
Bug Fix: Fatal error when running on a site with an unprefixed version of Pimple or Psr/Container that was loaded before iThemes Security.
7.2.0 - 2022-09-15 - Timothy Jacobs, Lisa Canini, Jared Hill
Important: iThemes Security now requires PHP 7.3 and WordPress 5.9 or later.
New: Introducing passkeys for Passwordless Login! Users can log into their site using biometrics like Face ID, Touch ID, or Windows Hello. Enable the new "Passkeys" module to add it as a Passwordless Login method.
Bug Fix: Preliminary PHP 8.1 compatibility.
7.1.3 - 2022-06-23 - Timothy Jacobs, Lisa Canini
Tweak: Add Security Alert when running a PHP version older than 7.3.0. Future versions of iThemes Security will require PHP 7.3.0.
Bug Fix: Don't attempt to Hide Backend when a Cron request is being processed.
Bug Fix: Prevent entering invalid date values when selecting a custom date range in the Security Dashboard.
7.1.2 - 2022-04-25 - Timothy Jacobs, Lisa Canini
Tweak: Require a Title when creating a new Dashboard.
Bug Fix: Don't attempt to send a Site Scan notification for Clean scans preventing a fatal error after scheduled site scans.
Bug Fix: Initialize Theme in Dashboard Widget rectifying the "An error occurred while rendering this card" message.
Bug Fix: Use Site Registration Authentication when performing a Site Scan on Multisite Subsites rectifying the "Request is missing verification credentials" message.
7.1.1 - 2022-04-13 - Timothy Jacobs, Lisa Canini
Tweak: Schedule the Automatic Updater to run 5 minutes after a Site Scan finds Vulnerable Software.
Bug Fix: Help styling on WordPress 5.9.
Bug Fix: Compatibility with plugins that expected a logged-in user during lockouts.
Bug Fix: Error when visiting the Notifications page after activating a module with notifications for the first time.
Bug Fix: Update deprecated withState usages to useState.
Bug Fix: Set a default value for the Notification User Roles control.
7.1.0 - 2022-01-31 - Timothy Jacobs
Important: iThemes Security now requires WordPress 5.8 or later.
New Feature: Introduce a new Import Export feature that allows for greater customization and flexibility.
Bug Fix: Scroll to top of window when navigating.
Bug Fix: Allow searching for Password Requirements.
Bug Fix: Login page would be blank when Passwordless Login was configured to use the "Username First" flow.
Bug Fix: Don't load WordPress and System Tweaks modules when the `ITSEC_DISABLE_MODULES` constant is enabled.
Bug Fix: Prevent incidentally loading the Two-Factor module when it is unregistered.
Bug Fix: Conditionally display the NGINX File Path setting.
Bug Fix: Allow saving Notifications when "default recipients must contain at least 1 item" error is present.
7.0.3 - 2021-08-10 - Timothy Jacobs
Enhancement: Reintroduce Feature Flags management UI.
Tweak: Reposition "Advanced" and "Tools" menu items to be more readable on lengthy screns.
Bug Fix: Sites that did not support HTTPS, but had the SSL module active, but not configured, on upgrade would get redirected to the HTTPS version of the site.
Bug Fix: When the Change Admin User tool is run, update any User Groups referencing the old user id.
Bug Fix: Unregister the iThemes Security Two-Factor module when the Two-Factor Feature Plugin is enabled.
Bug Fix: Add missing and correct erroneous textdomains.
Bug Fix: WordPress footer would appear in the middle of the logs page.
7.0.2 - 2021-07-17 - Timothy Jacobs
Tweak: Move "Have I Been Pwned" integration to the Core plugin.
Tweak: Reduce filename length and complexity for built CSS and JS files.
Bug Fix: Disable XML-RPC rules in server config files. Previously, XML-RPC was being disabled using the XML-RPC enabled filter.
Bug Fix: Fatal error on logs page when User Logging and Two-Factor are enabled and a user logs in using Two-Factor.
Bug Fix: Add missing constants to the debug page.
Bug Fix: Fatal error when sending the "Inactive Users" notification.
Bug Fix: Remove deleted recipients when saving notifications.
Bug Fix: Allow using reserved words as prefixes for the Hide Backend Login Slug.
Bug Fix: Enforce SSL would not redirect users from HTTP to HTTPS on the front-end of the website.
Bug Fix: Correct Site Scan statuses for scans with no issues.
7.0.1 - 2021-06-24 - Timothy Jacobs
Bug Fix: Prevent Password Requirements being re-enabled if they were disabled before upgrading to iThemes Security 7.0, but had a group selected for them.
Bug Fix: Arguments to the implode function were reversed, causing a Fatal Error on PHP 8.
Bug Fix: Allow installing on WordPress 5.7.0, not just 5.7.1+.
Bug Fix: Ensure values passed to the TextareaListControl is an array.
Bug Fix: Don't run the dashboard migration if unneeded.
Bug Fix: Labels for Disable PHP Execution in Plugins and Themes were reversed.
Bug Fix: Activate the Geolocation module if Trusted Devices provided Geolocation API keys.
7.0.0 - 2021-06-23 - Timothy Jacobs
Important: iThemes Security now requires WordPress 5.7 and PHP 7.0 or later.
New: iThemes Security gets a redesigned interface focused on making it easier to configure and find what you're looking for. Read More: https://ithemes.com/?p=64448.
New: Instantly search over everything in iThemes Security with a new instant search feature.
New: Security Tools have been grouped into their own page. "Identify Server IPs" and "Security Check Pro" can be run manually without using Debug Mode.
New: Relevant content from the Help Center, iThemes Blog, and iThemes YouTube channel is surfaced in a new Help area based on the current page. Click the "Help" button in the toolbar or the "Info" icon next to the page title to access it.
New: The settings UI is now fully responsive and works great across mobile, tablet, and desktop devices.
Enhancement: Improved keyboard and screen reader support.
Enhancement: The User Security Profile Card now supports searching for specific users and filtering by User Role.
Enhancement: The User Security Profile Card can now be used to Force password changes, force a user to lockout, and send a Two-Factor setup reminder.
Enhancement: The Banned Users Card can add multiple bans at once.
Tweak: Add a new Global setting to control "Automatically Temporarily Authorize Hosts".
Tweak: When the Global setting "Hide Security Menu in Admin Bar" is enabled, notices will no longer be printed on non-iThemes Security pages. Instead, you can access the Message Center from the Settings or Dashbaord toolbars.
Tweak: The Security Dashboard has moved back to the Security menu and is now the default page.
Tweak: Your first security dashboard will be created automatically when you visit the dashboard for the first time. Create your own by clicking the dashboard's title, then select "Create New Dashboard".
Tweak: The Database Backups module is no longer available if you have BackupBuddy installed. If this behavior isn't desired, enable the "ITSEC_ENABLE_BACKUPS" constant.
Tweak: Activating the Magic Links module now enables the feature. The extraneous "Enable Lockout Bypass" setting has been removed.
Tweak: The Geolocation API configuration used by Trusted Devices has been moved into it's own dedicated "Geolocation" module.
Removed: The following modules have been removed: 404 Detection, Away Mode, Change Content Directory, and Multisite Tweaks.
Removed: The following WordPress and System Tweaks have been removed: Remove Windows Live Writer Header, EditURI Header, Comment Spam, Mitigate Attachment File Traversal Attack, Protect Against Tabnapping, Filter Long URL Strings, Filter Non-English Characters, Filter Request Methods, Remove File Writing Permissions.
Removed: The "Backup Full Database" setting has been removed from the Backups module.
Removed: The "Require SSL", "Front End SSL Mode", and "SSL for Dashboard" settings have been removed from the SSL module.
Removed: The "Strengthen when Outdated" setting has been removed from the Version Management module.
Bug Fix: Fix fatal errors when using PHP 8.
Bug Fix: Fix infinite loop when restricting who can use App Passwords on multisite installs.
Bug Fix: Ensure the ITSEC_Setup class does not exist before trying to load it. Display schema errors on multisite in the Network Admin.
Dev Note: Modules are now based on a module.json configuration file. If you are registering custom iThemes Security module, you should update it to include a module.json file that adheres to the core/module-schema.json JSON Schema.
Dev Note: Add a WP CLI command for running tools. See "wp help itsec tool" for more information.
Dev Note: Split the Two-Factor and Dashboard module into a Core module and a Pro module. Settings for these modules are still stored in the base module.
Dev Note: The Network Brute Force module had it's folder updated to "network-brute-force" from "ipcheck".
Dev Note: New Object Oriented API for creating Password Requirements.
Dev Note: New Settings and Modules REST API endpoints.
Dev Note: New RPC REST API namespace. There is no backward compatibility promise for these API endpoints.