Version Description
- Bug Fix: Fixed SQL query bug that resulted in the "Minutes to Remember Bad Login (check period)" setting being ignored.
- Bug Fix: Fixed bug that prevents wp-admin/install.php blocking from working properly on nginx servers.
- Bug Fix: Don't attempt to do an SSL redirect when WP CLI is running.
Download this release
Release Info
| Developer | chrisjean |
| Plugin |  iThemes Security (formerly Better WP Security) |
| Version | 6.6.1 |
| Comparing to | |
| See all releases | |
Code changes from version 6.6.0 to 6.6.1
- better-wp-security.php +1 -1
- core/core.php +1 -1
- core/history.txt +4 -0
- core/lockout.php +1 -1
- core/modules/ssl/class-itsec-ssl.php +6 -1
- core/modules/system-tweaks/config-generators.php +1 -1
- history.txt +4 -0
- readme.txt +9 -4
better-wp-security.php
CHANGED
|
@@ -6,7 +6,7 @@
|
|
| 6 |
* Description: Take the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.
|
| 7 |
* Author: iThemes
|
| 8 |
* Author URI: https://ithemes.com
|
| 9 |
-
* Version: 6.6.
|
| 10 |
* Text Domain: better-wp-security
|
| 11 |
* Network: True
|
| 12 |
* License: GPLv2
|
| 6 |
* Description: Take the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.
|
| 7 |
* Author: iThemes
|
| 8 |
* Author URI: https://ithemes.com
|
| 9 |
+
* Version: 6.6.1
|
| 10 |
* Text Domain: better-wp-security
|
| 11 |
* Network: True
|
| 12 |
* License: GPLv2
|
core/core.php
CHANGED
|
@@ -25,7 +25,7 @@ if ( ! class_exists( 'ITSEC_Core' ) ) {
|
|
| 25 |
*
|
| 26 |
* @access private
|
| 27 |
*/
|
| 28 |
-
private $plugin_build =
|
| 29 |
|
| 30 |
/**
|
| 31 |
* Used to distinguish between a user modifying settings and the API modifying settings (such as from Sync
|
| 25 |
*
|
| 26 |
* @access private
|
| 27 |
*/
|
| 28 |
+
private $plugin_build = 4075;
|
| 29 |
|
| 30 |
/**
|
| 31 |
* Used to distinguish between a user modifying settings and the API modifying settings (such as from Sync
|
core/history.txt
CHANGED
|
@@ -575,3 +575,7 @@
|
|
| 575 |
Bug Fix: Prevent duplicate daily digest emails on sites with high load.
|
| 576 |
Misc: Added Magic Links, a new Pro-only feature, to be activated by Security Check.
|
| 577 |
Misc: Rearranged modules to be listed alphabetically.
|
|
|
|
|
|
|
|
|
|
|
|
| 575 |
Bug Fix: Prevent duplicate daily digest emails on sites with high load.
|
| 576 |
Misc: Added Magic Links, a new Pro-only feature, to be activated by Security Check.
|
| 577 |
Misc: Rearranged modules to be listed alphabetically.
|
| 578 |
+
3.8.1 - 2017-09-19 - Chris Jean & Timothy Jacobs
|
| 579 |
+
Bug Fix: Fixed SQL query bug that resulted in the "Minutes to Remember Bad Login (check period)" setting being ignored.
|
| 580 |
+
Bug Fix: Fixed bug that prevents wp-admin/install.php blocking from working properly on nginx servers.
|
| 581 |
+
Bug Fix: Don't attempt to do an SSL redirect when WP CLI is running.
|
core/lockout.php
CHANGED
|
@@ -339,7 +339,7 @@ final class ITSEC_Lockout {
|
|
| 339 |
|
| 340 |
$user_count = $wpdb->get_var(
|
| 341 |
$wpdb->prepare(
|
| 342 |
-
"SELECT COUNT(*) FROM `" . $wpdb->base_prefix . "itsec_temp` WHERE `temp_date_gmt` > '%s' AND `temp_username`='%s' OR `temp_user`=%s;",
|
| 343 |
date( 'Y-m-d H:i:s', $itsec_globals['current_time_gmt'] - ( $options['period'] * 60 ) ),
|
| 344 |
sanitize_text_field( $username ),
|
| 345 |
intval( $user_id )
|
| 339 |
|
| 340 |
$user_count = $wpdb->get_var(
|
| 341 |
$wpdb->prepare(
|
| 342 |
+
"SELECT COUNT(*) FROM `" . $wpdb->base_prefix . "itsec_temp` WHERE `temp_date_gmt` > '%s' AND (`temp_username`='%s' OR `temp_user`=%s);",
|
| 343 |
date( 'Y-m-d H:i:s', $itsec_globals['current_time_gmt'] - ( $options['period'] * 60 ) ),
|
| 344 |
sanitize_text_field( $username ),
|
| 345 |
intval( $user_id )
|
core/modules/ssl/class-itsec-ssl.php
CHANGED
|
@@ -69,7 +69,7 @@ class ITSEC_SSL {
|
|
| 69 |
add_filter( 'script_loader_src', array( $this, 'script_loader_src' ) );
|
| 70 |
add_filter( 'style_loader_src', array( $this, 'style_loader_src' ) );
|
| 71 |
add_filter( 'upload_dir', array( $this, 'upload_dir' ) );
|
| 72 |
-
} else if ( 'enabled' === $settings['require_ssl'] && 'GET' === $_SERVER['REQUEST_METHOD'] ) {
|
| 73 |
$this->redirect_to_https();
|
| 74 |
}
|
| 75 |
}
|
|
@@ -86,6 +86,11 @@ class ITSEC_SSL {
|
|
| 86 |
* @return void
|
| 87 |
*/
|
| 88 |
public function do_conditional_ssl_redirect() {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 89 |
$settings = ITSEC_Modules::get_settings( 'ssl' );
|
| 90 |
$protocol = 'http';
|
| 91 |
|
| 69 |
add_filter( 'script_loader_src', array( $this, 'script_loader_src' ) );
|
| 70 |
add_filter( 'style_loader_src', array( $this, 'style_loader_src' ) );
|
| 71 |
add_filter( 'upload_dir', array( $this, 'upload_dir' ) );
|
| 72 |
+
} else if ( 'enabled' === $settings['require_ssl'] && 'GET' === $_SERVER['REQUEST_METHOD'] && ( ! defined( 'WP_CLI' ) || ! WP_CLI ) ) {
|
| 73 |
$this->redirect_to_https();
|
| 74 |
}
|
| 75 |
}
|
| 86 |
* @return void
|
| 87 |
*/
|
| 88 |
public function do_conditional_ssl_redirect() {
|
| 89 |
+
|
| 90 |
+
if ( defined( 'WP_CLI' ) && WP_CLI ) {
|
| 91 |
+
return;
|
| 92 |
+
}
|
| 93 |
+
|
| 94 |
$settings = ITSEC_Modules::get_settings( 'ssl' );
|
| 95 |
$protocol = 'http';
|
| 96 |
|
core/modules/system-tweaks/config-generators.php
CHANGED
|
@@ -173,7 +173,7 @@ final class ITSEC_System_Tweaks_Config_Generators {
|
|
| 173 |
|
| 174 |
$modification .= "\n";
|
| 175 |
$modification .= "\t# " . __( 'Protect System Files - Security > Settings > System Tweaks > System Files', 'better-wp-security' ) . "\n";
|
| 176 |
-
$modification .= "\tlocation = /wp-admin/install
|
| 177 |
$modification .= "\tlocation = $config_file { deny all; }\n";
|
| 178 |
$modification .= "\tlocation ~ /\.htaccess$ { deny all; }\n";
|
| 179 |
$modification .= "\tlocation ~ /readme\.html$ { deny all; }\n";
|
| 173 |
|
| 174 |
$modification .= "\n";
|
| 175 |
$modification .= "\t# " . __( 'Protect System Files - Security > Settings > System Tweaks > System Files', 'better-wp-security' ) . "\n";
|
| 176 |
+
$modification .= "\tlocation = /wp-admin/install.php { deny all; }\n";
|
| 177 |
$modification .= "\tlocation = $config_file { deny all; }\n";
|
| 178 |
$modification .= "\tlocation ~ /\.htaccess$ { deny all; }\n";
|
| 179 |
$modification .= "\tlocation ~ /readme\.html$ { deny all; }\n";
|
history.txt
CHANGED
|
@@ -688,3 +688,7 @@
|
|
| 688 |
Bug Fix: Prevent duplicate daily digest emails on sites with high load.
|
| 689 |
Misc: Added Magic Links, a new Pro-only feature, to be activated by Security Check.
|
| 690 |
Misc: Rearranged modules to be listed alphabetically.
|
|
|
|
|
|
|
|
|
|
|
|
| 688 |
Bug Fix: Prevent duplicate daily digest emails on sites with high load.
|
| 689 |
Misc: Added Magic Links, a new Pro-only feature, to be activated by Security Check.
|
| 690 |
Misc: Rearranged modules to be listed alphabetically.
|
| 691 |
+
6.6.1 - 2017-09-21 - Chris Jean & Timothy Jacobs
|
| 692 |
+
Bug Fix: Fixed SQL query bug that resulted in the "Minutes to Remember Bad Login (check period)" setting being ignored.
|
| 693 |
+
Bug Fix: Fixed bug that prevents wp-admin/install.php blocking from working properly on nginx servers.
|
| 694 |
+
Bug Fix: Don't attempt to do an SSL redirect when WP CLI is running.
|
readme.txt
CHANGED
|
@@ -2,8 +2,8 @@
|
|
| 2 |
Contributors: ithemes, chrisjean, gerroald, mattdanner, timothyblynjacobs
|
| 3 |
Tags: security, security plugin, malware, hack, secure, block, SSL, admin, htaccess, lockdown, login, protect, protection, anti virus, attack, injection, login security, maintenance, permissions, prevention, authentication, administration, password, brute force, ban, permissions, bots, user agents, xml rpc, security log
|
| 4 |
Requires at least: 4.6
|
| 5 |
-
Tested up to: 4.8.
|
| 6 |
-
Stable tag: 6.6.
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
|
@@ -188,6 +188,11 @@ Free support may be available with the help of the community in the <a href="htt
|
|
| 188 |
|
| 189 |
== Changelog ==
|
| 190 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 191 |
= 6.6.0 =
|
| 192 |
* New Feature: Added a new setting in WordPress Tweaks: "Login with Email Address or Username".
|
| 193 |
* Enhancement: Host email images from the plugin instead of relying on iThemes servers to help email clients marking messages as spam or blocking images.
|
|
@@ -367,5 +372,5 @@ Free support may be available with the help of the community in the <a href="htt
|
|
| 367 |
|
| 368 |
== Upgrade Notice ==
|
| 369 |
|
| 370 |
-
= 6.6.
|
| 371 |
-
Version 6.6.
|
| 2 |
Contributors: ithemes, chrisjean, gerroald, mattdanner, timothyblynjacobs
|
| 3 |
Tags: security, security plugin, malware, hack, secure, block, SSL, admin, htaccess, lockdown, login, protect, protection, anti virus, attack, injection, login security, maintenance, permissions, prevention, authentication, administration, password, brute force, ban, permissions, bots, user agents, xml rpc, security log
|
| 4 |
Requires at least: 4.6
|
| 5 |
+
Tested up to: 4.8.2
|
| 6 |
+
Stable tag: 6.6.1
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
| 188 |
|
| 189 |
== Changelog ==
|
| 190 |
|
| 191 |
+
= 6.6.1 =
|
| 192 |
+
* Bug Fix: Fixed SQL query bug that resulted in the "Minutes to Remember Bad Login (check period)" setting being ignored.
|
| 193 |
+
* Bug Fix: Fixed bug that prevents wp-admin/install.php blocking from working properly on nginx servers.
|
| 194 |
+
* Bug Fix: Don't attempt to do an SSL redirect when WP CLI is running.
|
| 195 |
+
|
| 196 |
= 6.6.0 =
|
| 197 |
* New Feature: Added a new setting in WordPress Tweaks: "Login with Email Address or Username".
|
| 198 |
* Enhancement: Host email images from the plugin instead of relying on iThemes servers to help email clients marking messages as spam or blocking images.
|
| 372 |
|
| 373 |
== Upgrade Notice ==
|
| 374 |
|
| 375 |
+
= 6.6.1 =
|
| 376 |
+
Version 6.6.1 contains important bug fixes. It is recommended for all users.
|
