Hello!! A few days ago, iThemes released its new version of iThemes Security Pro, version 2.2.9, which fixed small bugs.
Download iThemes Security Pro 2.2.9 – 2016.03.29 – Changelog
You can see its latest changes below:
2.0.0 – 2015-10-15 – Chris Jean
New Feature: Added “Multiple Authentication Attempts per XML-RPC Request” setting to the WordPress Tweaks section. When this setting is set to “Block”, iThemes Security will block brute force login attacks against XML-RPC as described by Sucuri in this blog post: https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html
Enhancement: Updated text describing the XML-RPC setting in the WordPress Tweaks section to better explain what the setting is for and which setting is recommended.
Enhancement: Improved IP detection when proxy detection is active by processing the header set by CloudFlare.
Enhancement: Added a filter named itsec_filter_remote_addr_headers which can be used to change which headers are searched for the client IP. This allows for tailoring the IP detection for specific reverse proxies and load balancers.
Bug Fix: Updated the Banned Users settings to no longer add a newline to the Ban Hosts input each time the settings page is saved.
2.0.1 – 2015-10-27 – Chris Jean
Bug Fix: Enforce use of application passwords for all API uses when two factor is enabled and configured.
2.0.2 – 2015-11-10 – Chris Jean
Enhancement: Removed Yandex and Sogou from the HackRepair blacklist as they are legitimate search engine bots.
Enhancement: Added detailed information about Sucuri malware scan errors to Malware Scan log details.
Bug Fix: No longer enables display of database errors when an event is logged.
2.1.0 – 2016-01-11 – Chris Jean & Aaron D. Campbell
Security Fix: Fixed PHP code that could allow AJAX requests to list directories and files outside the directory structure of the WordPress installation. Note that these AJAX requests required a logged in user with admin-level privileges. This vulnerability was unable to be exploited by non-privileged or anonymous requests.
Bug Fix: Updated the SSL feature to use 301 redirects rather than 302 redirects.
Bug Fix: Fixed situations where security nonces would incorrectly trigger “security check” errors when enabling specific combinations of features on the settings page.
Bug Fix: Enabling scheduled database backups and setting a backup interval of 0 days no longer results in a backup being created on every page load.
Feature Removal: Removed the “Security Status” portion of the Security > Dashboard page. This is in preparation for a new tool that provides suggestions tailored to the site and server that Security is running on.
Enhancement: Updated the way the feature modules function in order to allow them to be redesigned in a more efficient and flexible way for future releases.
Enhancement: Updated the File Change Detection feature to attempt a max memory limit of 256M rather than 128M as some users experience out of memory issues which could be fixed with the higher memory limit.
Enhancement: Updated the Database Backup feature to attempt a max memory limit of 256M rather than 128M as some users experience out of memory issues which could be fixed with the higher memory limit.
Enhancement: Added localization support for some non-localized strings.
2.1.1 – 2016-01-14 – Chris Jean & Aaron D. Campbell
Bug Fix: Module-specific data is properly initialized/removed on plugin activation, deactivation, and uninstallation.
2.1.2 – 2015-01-15 – Chris Jean & Aaron D. Campbell
Bug Fix: Fixed issue that could block logins if the reCAPTCHA feature’s settings have reCAPTCHA for user logins enabled while the reCAPTCHA feature itself is disabled.
Bug Fix: Fixed reCAPTCHA settings being unable to save on multisite installations.
Enhancement: Improved detection of multiple active versions of iThemes Security.
2.1.3 – 2016-01-26 – Chris Jean & Aaron D. Campbell
Bug Fix: Removed the following warning that could appear on some sites: “Notice: Trying to get property of non-object in ithemes-security-pro/pro/privilege/class-itsec-privilege.php on line 247”
Bug Fix: Comparisons of IPv4 addresses and ranges now include the IP’s at the edge of the ranges.
Bug Fix: IPv4 tests now work as expected when deciding if a blacklisted IP or range overlaps a whitelisted IP’s and ranges.
Bug Fix: Fixed styling issue that affected the display of the horizontal tabs on settings pages in WordPress 4.5.
Bug Fix: Replaced old module sorting order in settings screens.
Bug Fix: Fixed PHP 7 compatibility issue that triggers the following error: “Uncaught Error: Call to undefined function mysql_get_client_info()”.
Bug Fix: Fixed warnings and errors that could occur when deleting the plugin.
Enhancement: When a lockout is being executed, wp_logout() will only be called if the current page request comes from a logged in user. This prevents plugins that log logout events from logging log outs from unknown users.
Enhancement: Improved the descriptions used for some of the data displayed in the “System Information” section of Security > Dashboard.
Enhancement: Added “Use MySQLi” entry to the “System Information” section of Security > Dashboard to show whether the MySQLi driver is enabled.
Enhancement: Updated the “SQL Mode” entry in the “System Information” section of Security > Dashboard to show the full details if that value is set.
2.1.4 – 2016-01-27 – Chris Jean & Aaron D. Campbell
Bug Fix: Fixed the following error that could occur on multisite “PHP Fatal error: Uncaught Error: Call to undefined function wp_get_current_user()”.
Bug Fix: Fixed warning that could occur on a failed login when Local Brute Force Detection is disabled.
2.1.5 – 2016-02-03 – Chris Jean & Aaaron D. Campbell
Bug Fix: Updated Two-Factor code to avoid how iOS mishandles some characters in site names.
Bug Fix: All data added to the options table by iThemes Security is removed on uninstall.
Bug Fix: Fixed the cause of the following warning: call_user_func_array() expects parameter 1 to be a valid callback, class ‘ITSEC_SSL_Setup’ does not have a method ‘execute_deactivate’
Bug Fix: Multiple activated installs of iThemes Security are now supported without fatal errors being generated on subsequent activations. Only one install will run at a time however.
Bug Fix: Fixed cause of the following warning: array_intersect(): Argument #2 is not an array in ithemes-security-pro/pro/two-factor/class-itsec-two-factor-helper.php on line 238
Enhancement: Improved code that ensures that tables and options table entries created by iThemes Security are removed on uninstall only when no other iThemes Security plugin is active.
2.2.0 – 2016-02-11 – Chris Jean & Aaron D. Campbell
New Feature: Added support for IPv6 addresses. This includes support for IPv6 in lockouts, ban hosts, and white lists.
Bug Fix: Updated Two-Factor code to avoid how iOS mishandles some characters in site names.
Bug Fix: Fixed issue that could cause username-based lockouts to fail for long usernames.
Enhancement: Updated descriptions of valid IP and IP range formats for the Lockout White List and the Ban Hosts settings.
2.2.1 – 2016-02-11 – Chris Jean & Aaron D. Campbell
Bug Fix: Fixed an issue which would show that an update was available even after updating to 2.2.0.
2.2.2 – 2016-02-11 – Chris Jean & Aaron D. Campbell
Bug Fix: Fixed issue that added unnecessary files to the 2.2.1 release.
2.2.3 – 2016-02-15 – Chris Jean & Aaron D. Campbell
Bug Fix: Fixed issue that prevented wildcard IP ranges from being blacklisted or whitelisted.
Bug Fix: Removed warnings generated when the Away Mode module is disabled and iThemes Sync contacts the site.
Enhancement: Updated host entries in log details to link to traceip.net rather than ip-adress.com. This is because ip-adress.com does not support IPv6 addresses.
Enhancement: Updated host entries in dashboard lockout details to link to traceip.net rather than ip-adress.com. This is because ip-adress.com does not support IPv6 addresses.
Enhancement: Updated some translatable strings relating to blacklisting and whitelisting to allow for better translations.
Enhancement: Added details about how wildcard IP ranges are converted to CIDR format (this improves performance).
2.2.4 – 2016-02-18 – Chris Jean & Aaron D. Campbell
Bug Fix: Fixed formatting issue that could cause raw HTML output in the malware scan logs.
Enhancement: Improved error handling and reporting for malware scan issues.
2.2.5 – 2016-02-29 – Chris Jean & Aaron D. Campbell
Security Fix: Hardened the created backups and logs directories. Thanks to Nicolas Chatelain (SYSDREAM IT Security Services) for notifying us of this issue.
Security Fix: More secure backup and log file names. Thanks to Nicolas Chatelain (SYSDREAM IT Security Services) for notifying us of this issue.
Bug Fix: Two-Factor details no longer show on the user profile page when there are no enabled providers.
Bug Fix: The “NGINX Conf File” setting is now properly respected, causing the generated NGINX configuration file to be stored in that location.
Enhancement: Generated database backup file names now contain a human-readable timestamp in the format of YYYYMMDD-HHMMSS.
Enhancement: Zipped database backup files no longer contain a deeply nested directory structure. Instead, they only contain the sql file.
Enhancement: When the “Force Unique Nickname” feature is enabled, the generated display name now uses an improved randomization function.
Enhancement: Improved tabbing of rules in generated nginx.conf files.
Enhancement: Removed the “See what’s new button” as it has fulfilled its purpose.
2.2.6 – 2016-03-01 – Chris Jean & Aaron D. Campbell
Bug Fix: Updated code that generates the backups and logs directories to ensure that it attempts to create the parent directory if it does not exist yet.
Bug Fix: Removed warnings that could be generated if the logs directory could not be created.
Bug Fix: Database backup files sent via email no longer have a name without an extension if zipping up the file fails.
2.2.7 – 2016-03-03 – Chris Jean & Aaron D. Campbell
Bug Fix: Fixed temporary whitelisting by preventing a temporarily whitelisted IP from being locked out.
2.2.8 – 2016-03-17 – Chris Jean & Aaron D. Campbell
Bug Fix: Fixed issue that could cause a fatal error after changing the content directory.
Bug Fix: Updated the link to sign up for security guide download to point to a https address. This is better security and prevents warnings when submitting from a http site in some browsers.
Bug Fix: If a cryptographically secure log file name can’t be generated, queue up log file writes until we can.
Bug Fix: Recaptcha no longer causes notices when used on BuddyPress
Enhancement: Two-factor profile settings now work with front end profile plugins
2.2.9 – 2016-03-29 – Chris Jean & Aaron D. Campbell
Security Fix: No longer using document.location to build ‘Show Intro’ link in admin – Thanks to David Lodge (Pen Test Partners) for notifying us of this issue.
Bug Fix: Fixed some notices when certain multisite options are used on BuddyPress
Enhancement: New itsec_white_ips filter to allow plugins that work with external services to whitelist service IPs
Find these and more awesome components after joining the club .
Go to your account page and start enhancing your WordPress websites today.
The post Download iThemes Security Pro 2.2.9 (released 2016.03.29) appeared first on HARLOND GPL CLUB.