Defender Security – Malware Scanner, Login Security & Firewall

( 2022-12-05 ) =

• New: Global IP Allowlist/Blocklist

( 2022-11-21 ) =

• Enhance: Two-Factor conflict between Defender and WordFence
• Enhance: Notification configuration settings
• Enhance: Notice for viewing two-factor user information on multisite
• Enhance: Code color for PHP Execution and Information Disclosure
• Enhance: Update SUI to the latest version
• Fix: Banned usernames for WP version older than 5.4
• Fix: Date range calendar on Audit and Firewall logs
• Fix: Remove 'Name & Description' option for the Default Security config
• Fix: NaN showing on Recommendations screen
• Fix: Audit date filter not working for predefined data ranges
• Fix: Redirect URL for the Mask Login feature throwing an error

( 2022-11-17 ) =

• Enhance: Minor performance improvements

( 2022-11-01 ) =

• New: Disable Google reCAPTCHA for logged-in users
• Enhance: Check HTML Entity for Audit Logs
• Enhance: Web Authentication notice on 2FA page
• Enhance: Show CVSS score in plugin vulnerability details
• Enhance: Compatibility with WordPress 6.1
• Enhance: IP detection
• Fix: Web Authentication during plugin upgrade
• Fix: Banned usernames for existing users
• Fix: Outdated manual rules for Prevent Information Disclosure
• Fix: User detail doesn't match the login/logout audit logs
• Fix: Defender 2FA conflicts with other plugins on Users page
• Fix: Displaying users when bulk updating notifications
• Fix: Masked Login not updating on My sites menu
• Fix: Conflict with OptimizePress

( 2022-10-20 ) =

• Enhance: 2FA flow for secret keys

( 2022-09-29 ) =

• Fix: Encrypt 2FA secret keys

( 2022-09-21 ) =

• Enhance: 2FA security improvements
• Enhance: IP detection
• Enhance: Replace Google fonts with Bunny fonts for GDPR compliance
• Enhance: Membership detection
• Fix: Defender User Agent banning

( 2022-09-05 ) =

• New: Google reCAPTCHA integration with BuddyPress plugin
• New: Google reCAPTCHA for WooCommerce Checkout
• Enhance: Add new Delete Lockouts button
• Enhance: Prevent brute force attack though 2fa
• Enhance: Wildcard for User Agent
• Enhance: Add new checkbox for User Agent Lockout to Firewall notification
• Enhance: Disable Delete button for active theme
• Enhance: Vulnerability when scanned using OWASP tools
• Fix: WebAuthn not working automatically on Subsites when it is enabled in Network for Multisite
• Fix: WebAuthn devices unregistered from user profile if salt keys are updated
• Fix: Audit log not capturing event on few themes during login or logout
• Fix: Google reCAPTCHA triggers on Rest API and prevents adding new user for WooCommerce

( 2022-08-04 ) =

• New: WooCommerce integration with 2FA
• New: Disable 2FA for a specific user
• New: Use URL for image in 2FA > Custom Graphic
• Enhance: Unsubscribe links in email notifications
• Enhance: White label email notifications
• Enhance: White label 2FA backup codes file
• Enhance: 2FA summary section
• Enhance: Configure 2FA for Super Admin users on multisite
• Enhance: Check HTML Entity for 2FA > App Title
• Enhance: Description for 2FA > User Roles option
• Enhance: Hide Cancel-tooltip while scanning
• Enhance: Include string comments for translators
• Fix: 2FA throwing a blank page
• Fix: Password Reset Link for user fails when Google reCAPTCHA location is set for Lost Password
• Fix: Wrong Malware scan reports when there are identical plugin slugs at wp.org
• Fix: Google reCAPTCHA verification fails if the form is submitted after 2 minutes - token expiration issue

( 2022-07-20 ) =

• Fix: WAF status not showing correctly
• Fix: Notification scheduler error
• Fix: Plugin support link error

( 2022-07-05 ) =

• Fix: Notifications module error

( 2022-07-04 ) =

• New: YubiKey Authentication
• Enhance: Distinguish Pro and Free plugins with the same slug
• Enhance: Mobile styling for 2FA form
• Enhance: Replace the Support link with a variable
• Enhance: Update the default allowlist of IP addresses
• Enhance: Upgrade vendor packages
• Fix: Wrong confirmation message on Firewall logs screen
• Fix: Defender notification recipients aren't associated with users
• Fix: Configs not applied from the Hub
• Fix: Scan HUB synchronization
• Fix: Notification bulk action is not working
• Fix: Pwned Password updated with simple password on Profile page
• Fix: Storing the MaxMind DB file path relatively instead of a full path

( 2022-06-06 ) =

• New: Biometric Authentication
• New: Giveaway Opt-in for Free version
• Enhance: PHP version upgrade
• Enhance: Compatibility with WordPress 6.0
• Enhance: WP-CLI command to show Scan details
• Enhance: Update SUI to the latest version
• Fix: Audit events logged not showing after applying some date range

( 2022-06-14 ) =

• Fix: Beehive Pro plugin flagged issues

( 2022-05-11) =

• Enhance: PHP upgrade notice
• Fix: Defender column country_iso_code missing from Lockout table
• Fix: Defender sets all country iso codes as NULL

( 2022-04-25 ) =

• Fix: All site visitors are blocked

( 2022-04-25 ) =

• Enhance: Hide write permissions error notices for Tweaks while applying config
• Enhance: Update the default Auth method on the Users page
• Enhance: Singular or plural translation in email templates
• Enhance: Login Protection and 404 Detection Section Update
• Enhance: Show country flags for country-based lockouts
• Fix: Update Firewall's 404 Detection blocklist and allowlist information notice
• Fix: Firewall not working when Country is added to whitelist
• Fix: Updating plugins with known vulnerabilities
• Fix: No passcode when Fallback Email is not the default method
• Fix: 404 Exclusions Inconsistent Logging
• Fix: 2FA token issue
• Fix: Undefined array key "HTTP_HOST"
• Fix: Duplicate key name 'country_iso_code'
• Fix: Welcome modal when white-label enabled
• Fix: Jquery issue on Def's 2FA TOTP page

( 2022-03-07 ) =

• New: Backup codes
• Enhance: Text version of 2FA code
• Enhance: Add Update Old Security Keys settings to config
• Enhance: Automatically check for MaxMind database updates
• Enhance: WP-CLI command to delete Defender logs
• Enhance: Delete security tweak settings during uninstallation
• Fix: IP Lockout issue
• Fix: Malware Scanning PHP 8.1 error
• Fix: Native domain mapping doesn't work with login masking
• Fix: Firewall log export doesn't include all entries
• Fix: Duplicate configs
• Fix: Geo DB downloaded to WP-Admin directory
• Fix: Branda conflict Update User listed twice in logs
• Fix: Notifications user search missing some users
• Fix: When Defender login masking is active, SmartCrawl report URL are broken
• Fix: User filter dropdown count not updating dynamically
• Fix: SSO not working with login masking on multisite

( 2022-02-02 ) =

• New: Create new endpoints to toggle reCAPTCHA, 2FA modules from Hub
• Enhance: Update SUI to latest version
• Enhance: Refactor Firewall logs
• Enhance: Update admin menu icon
• Enhance: Remove deprecated hooks
• Enhance: Unsubscribe link doesn't work for not logged in users
• Fix: Fatal error on plugin activation with PHP 8.1
• Fix: Display error on Dashboard and Tools pages for huge post data
• Fix: Configure reCAPTCHA without WooCommerce options
• Fix: Invite By Email doesn't check if recipient already added
• Fix: Email text overflows on Notification page
• Fix: Defender downgrade fails

( 2022-01-18 ) =

• New: Redesigned emails
• New: Highlight new features in Welcome modal
• Enhance: Malware Scheduling redesign
• Enhance: Optimize MySQL queries for Firewall module
• Enhance: WP-CLI command for User Agent Banning
• Enhance: Improve Audit Logging with user login status
• Enhance: Log rotation proof of concept
• Enhance: Tab styles on Notifications > Recipients
• Enhance: Geoblocking notifications
• Enhance: False positive in Advanced Ads plugin code
• Enhance: Defender Tutorials
• Enhance: WordPress 5.9 compatibility
• Enhance: Include plugin/theme name and version in Audit log
• Enhance: Improve Audit Logging for Hub requested plugin/theme updates
• Enhance: Prevent user enumeration requests
• Enhance: Get WP version when core update is dismissed
• Fix: Cloudflare IPs locked out
• Fix: Multisite Defender logs not cleared after 30 days
• Fix: Pwned Passwords bypassed with incorrect 2FA code
• Fix: Night theme not applied to Suspicious File preview
• Fix: PHP warnings after update
• Fix: Invisible reCAPTCHA UI Issue

( 2021-11-29 ) =

• Enhance: Add User Agent Banning to Configs
• Enhance: Add User Agent ban status to Log filters
• Enhance: Prevent PHP Execution exceptions
• Enhance: Modify API logic to work with The Hub
• Enhance: Proper validation message for Firewall IP list
• Enhance: Remove outdated scheduled actions
• Enhance: New WP-CLI commands for scheduled actions
• Enhance: PHP 8.1 compatibility
• Enhance: Hide vulnerability warnings after plugin update
• Enhance: Log improvements
• Enhance: False positive improvements
• Fix: Blank dialogue modal shown after login
• Fix: Staff user role blocked when accessing via WPMU DEV Dashboard
• Fix: Malware Scanning progress 'undefined' when session expires
• Fix: Login without completing reCAPTCHA conditions
• Fix: Unable to upload CSV file on MU site
• Fix: Error during malware scanning
• Fix: Typo in Security Recommendations

( 2021-11-15 ) =

• Fix: Allow admin-post.php on Mask Login Area

( 2021-11-03 ) =

• Enhance: White labeling support

( 2021-11-01 ) =

• New: Plugin vulnerability warnings
• New: Import & export User Agent list
• New: Highlight new features in Welcome modal
• Enhance: Update SUI to latest version
• Enhance: Update Upsell buttons
• Enhance: Dashboard widget changes
• Enhance: Update IP Banning Import-Export icon and note
• Enhance: Replace Login Protection 'Deactivate' icon
• Fix: Some malicious files not flagged
• Fix: Malicious plugin not detected
• Fix: Defender continually creating scheduled actions
• Fix: Audit Logging creating duplicate post entries
• Fix: Audit Logging creating user record on multisite
• Fix: Mask URL not working correctly on WordPress installed in subdirectory
• Fix: reCAPTCHA error thrown on theme login modal

( 2021-10-18 ) =

• New: Google reCAPTCHA integration with WooCommerce plugin
• New: "What's New" modal hidden on fresh installs
• Enhance: Upgrade required minimum PHP version
• Enhance: Unlock active lockouts using WP CLI
• Enhance: Show more detailed log with Audit Logging
• Enhance: Audit Logging on subsites
• Enhance: Rename Feature Policy header to Permission Policy header
• Enhance: "Send notifications when Defender couldn't scan the files" not working
• Enhance: Set a time limit to cancel malware scanning
• Enhance: Mobile view improvements
• Enhance: Add log entry when signing in with 2FA
• Enhance: Change "Basic config" to "Basic Config"
• Enhance: Save a post as Draft and see 3 entries created in Audit log on multisite
• Enhance: Add "Activate" button instead of "Continue" when activating the Notification
• Enhance: Hide malware scan filter when there is no issue
• Enhance: Remove Academy link
• Fix: Audit log duplicates when updating menu items
• Fix: Max countdown showing 24 hours instead of 72 hours
• Fix: Conflict with WooCommerce Payments
• Fix: Typo in User Agent Banning Allowlist UI
• Fix: Issue with 2FA flow
• Fix: Getting PHP Notice / warming on malware scanning
• Fix: Google reCAPTCHA for comments doesn't work with HB Lazy Load
• Fix: Redirect to optimal URL on 2FA OTP success in custom login page
• Fix: Incorrect Google reCAPTCHA error Code for multisite user registration
• Fix: PHP version shows null inside the recommendation
• Fix: Aren't able to explore Recommendations on our hosting

( 2021-09-20 ) =

• New: User Agent banning
• New: "What's New" modal hidden on fresh installs
• Enhance: Update Firewall filters and widgets to include User Agent lockouts
• Enhance: Add Countdown timer on the lockout screen
• Enhance Update IP Banning Blocklist/Allowlist UI
• Enhance: Update misaligned pagination on Firewall Logs page
• Fix: GEOIP.PHP issue in Defender Pro
• Fix: Update Malware Scanning loopback request params to same as WP core
• Fix: Can't login using WooCommerce's login/registration forms when Defender reCAPTCHA is enabled
• Fix: PHP version recommendation
• Fix: Integrate Defender password features with activated 2FA feature
• Fix: Issue with activated Mask Login Area and 2FA features
• Fix: Malware Scanning reports not sent on MU sites

( 2021-08-25 ) =

• Fix: Firewall Locations ban issue

( 2021-08-23 ) =

• New: reCAPTCHA for comments
• Enhance: 404 lockout CSS, JS and MAP files excluded
• Enhance: Hide "Powered by Defender" line when Whitelabel is enabled
• Enhance: Hide "What's New Modal" when Whitelabel is enabled
• Enhance: Integrated Force Password Reset feature with Forminator
• Enhance: Option to automatically regenerate security keys
• Enhance: Recipient user list can be sorted and filtered by user role
• Fix: Login Protection and 404 Detection deactivated by itself
• Fix: Google reCAPTCHA v3 Locations issue
• Fix: Problem while navigating malware issues in Defender Pro
• Fix: Defender Pro sends the same reports twice
• Fix: Security Header Referrer description
• Fix: Updating from 2.3.2 to 2.4.4 resets security key recommendation to 60 days
• Fix: Updating from 2.3.2 to 2.4.4 removes previous malware scanning data
• Fix: Notification recipients 'load more' interaction not visible when adding users

( 2021-07-26 ) =

• New: Pwned Passwords settings added to Configs
• New: "What's New" modal hidden on fresh installs
• Enhance: "Clear Temporary IP Block List" option added to Configs
• Enhance: Asset Optimization to increase loading speed in the backend
• Enhance: Malware scanning rules improvements
• Enhance: File scan not detecting code inside wp-config.php
• Enhance: Updated white label method from the WPMU DEV Dashboard
• Enhance: Updated footer text on Preset Configs page
• Fix: Forced Password Reset not applied if user of one subsite tries to login to another subsite
• Fix: Displayed number of actioned recommendations in incorrect
• Fix: Free Defender version sending Pro version notifications
• Fix: Callbacks to avoid slow log
• Fix: Browser console error when changing default admin username
• Fix: Fix list of auxiliary WP-CLI commands
• Fix: Language translation not updating on multisite
• Fix: 2FA can be forced for user roles when inactive for that role
• Fix: Password reset doesn't work for Flywheel sites if Defender Pro is active
• Fix: Pwned Passwords security flaw
• Fix: Plugin updates via WPMU DEV Dashboard missing from Event Logs
• Fix: File scan reporting empty non-WP directories
• Fix: File scan missing files that start with a dot
• Fix: Defender sending mail reports to noreply@www.domain.com instead of noreply@domain.com
• Fix: 2FA > Active Users > View users link should open in new tab
• Fix: Issues viewing Dashboard and Notifications pages on Mobile
• Fix: Console error on Mask Login page
• Fix: Change reCaptcha to reCAPTCHA

( 2021-06-28 ) =

• New: Google reCAPTCHA for WordPress login/register/password reset pages
• New: Highlight new features in welcome modal
• Enhance: Compatibility with WordPress 5.8
• Enhance: Update WP-CLI scan options
• Enhance: Tools dashboard widget
• Fix: Locations feature not working on Flywheel hosting
• Fix: Warnings with PHP version 7.4
• Fix: Password reset page showing if users from any subsite try to save pwned password
• Fix: Guest User under Malware Scanning Notification
• Fix: Various issues with notifications in Defender
• Fix: Can't update email when mask login enabled
• Fix: Minor typo in Dashboard modal
• Fix: Issue Details section not showing code
• Fix: Hide notice on Configs page

( 2021-06-07 ) =

• Fix: Check password's hash before forwarding to Pwned Password API

( 2021-06-01 ) =

• New: Force password reset for all registered users
• New: Highlight new features in welcome modal
• New: WP CLI support for Force Bulk Password reset
• Enhance: Integration with Smush - exclude Smush-optimized images from Malware Scanning reports
• Enhance: Add Pwned Passwords and Password Reset widgets to Defender Dashboard page
• Enhance: Change Doc link from advanced-tools to tools
• Enhance: Fix success notification inconsistencies
• Enhance: Add License at the footer of Pwned Passwords
• Enhance: Change 'Please try again!' error message for known vulnerabilities
• Fix: Clean Lockouts option
• Fix: Blank vulnerability report with some plugins
• Fix: Masked login are bypassed with double slash
• Fix: Search details are not showing on IP Banning modal page
• Fix: Defender translations
• Fix: Unable to schedule Posts
• Fix: Issues with Mask Login Area and user creation
• Fix: Typo in Prevent Information Disclosure and Prevent PHP Execution
• Fix: 2FA active state notification should change only after saving settings

( 2021-05-19 ) =

• Fix: Fatal error after an update from older versions

( 2021-05-06 ) =

• New: Check passwords against Pwned database
• New: Highlight new features in welcome modal
• Enhance: Automatically remove old logs after 30 days
• Enhance: Malware scanning security enhancements
• Enhance: Detect suspicious code with 'WPTemplatesOptions'
• Enhance: Detect suspicious code in themes
• Enhance: Some suspicious code threats missed by Defender
• Enhance: Better descriptions for Malware scanning reports
• Enhance: Set 'Scan plugin files' option unchecked by default
• Enhance: Remove 'Scan theme files' option from File change detection
• Enhance: Remove "Allow From" option from X-Frame-Options header
• Enhance: Platform compatibility with Defender
• Enhance: Rename Advanced Tools to Tools
• Enhance: Documentation links tracking
• Fix: Malware scanning stuck on analyzing theme
• Fix: Translation files not applied
• Fix: Reset not removing all data
• Fix: Send data in persistent date format to Hub
• Fix: Resetting or Uninstalling does not completely remove Defender settings
• Fix: Check all files from scan Issues and Ignored tabs for bulk actions
• Fix: Scrolling Up issue in Active lockouts
• Fix: Update SUI to the latest version
• Fix: Revert button in Prevent User Enumeration recommendation

( 2021-01-27 ) =

• Security: Malware scan doesn't detect Backdoor:PHP/WP-VCD
• Security: Malware scanning issues with Avada theme
• Enhance: PHP 8 compatibility
• Enhance: Mobile UI improvement for IP lockout logs
• Enhance: Remove menu icon with issue indicator when there are no Scan and Tweak issues
• Enhance: Suspicious Code scan type is deactivated by default
• Fix: Defender security headers not applied when Hummingbird caching is active
• Fix: Revert button not working for certain recommendations
• Fix: Remember Light mode/Dark mode selection for Malware Scanning code preview
• Fix: Resend Invite option is not showing for added users (Add users/Invite by Email)
• Fix: Read More link showing in blue color when High Contrast Mode is ON
• Fix: Fix footer link URL
• Fix: 127.0.0.1 showing multiples times on the firewall logs page
• Fix: Unsubscribe icon is not showing correctly on the notifications page
• Fix: Console errors on various pages when WooCommerce is activated
• Fix: Display error for enabled Mask Login and Site Health request
• Fix: Mask Login Area restricted slugs
• Fix: Showing all files in WP core as modified
• Fix: Defender locking out users and detecting wrong user IP
• Fix: 2FA can't be forced with WooCommerce
• Fix: Disable File Editor tweak reset
• Fix: Issues on Flywheel hosting stability improvements
• Fix: Admin email duplicates in Bulk notification modal
• Fix: Multiple notifications still being sent after update to 2.4.4
• Fix: Error when requesting API on the Audit logs page
• Fix: Audit log does not log all plugins when activated/deactivated in batches

( 2021-04-05 ) =

• New: Add WP CLI commands to reset mask login settings
• Enhance: Update links to wpmudev.com
• Enhance: Prevent PHP Execution/Prevent Information Disclosure (show manual instructions on Apache tab)
• Enhance: Bulk Unblock/Undo actions on Active Lockouts
• Enhance: Adjust Malware scanning logic to reduce false-positive reports
• Enhance: Malware Scanning - Disable delete button for a report, when a third-party plugin is active
• Enhance: Change count-logic for total value of issues shown on a main widget and Defender's menu
• Enhance: Improve the behavior of the Active tag on configs feature
• Enhance: Custom notification email for 'When Failed to scan' is not imported to Config
• Enhance: Compatibility with WordPress 5.7
• Enhance: Update minimum supported WordPress version
• Enhance: New Manage Notifications button on notification widget
• Enhance: In Notifications and Dashboard pages, replace "-" with text under Schedule
• Fix: No error when restore core file fails
• Fix: Cron issues for Audit and Firewall modules
• Fix: Defender sending 404 Detection notifications when that type is turned off
• Fix: Remove old deprecated code of recommendations in DB
• Fix: Duplicate IP addresses on Active Lockouts
• Fix: Display different frequency for different timezones
• Fix: 404 Detection timeframe is not imported to Config
• Fix: Showing banner without content on profile page
• Fix: Active Lockouts pagination seems broken
• Fix: Link Defender Settings redirects to Defender Dashboard page on WP plugin page

( 2021-03-17 ) =

• Fix: Stability fixes

( 2021-03-12 ) =

• Fix: Unescaped DB parameters

( 2021-03-01 ) =

• New: Sync Config from Defender with The Hub
• Enhance: Making "Enable Tag" clickable in the notification widget
• Enhance: Allow capital letters in Masked Login
• Enhance: New WP CLI commands for file scanning, reset settings, and clear firewall data
• Enhance: Reducing false-positive reports in malware scanning
• Enhance: Check plugins and themes against the WP.org repository
• Enhance: Adding pagination in Malware Scanning grid
• Enhance: Update text for Suspicious Code scan type options
• Enhance: Bulk configure - Add to reports/Remove from reports options
• Enhance: Improve table performance
• Enhance: Remove hero image when Branding is set to custom for activated Whitelabel
• Fix: Storage logs not deleted
• Fix: Update code preview in Malware Scanning
• Fix: MaxMind DB Reader API version update
• Fix: Keep empty IP for internal or private IPs
• Fix: Failed login attempt with an empty banned username
• Fix: Audit Log Export
• Fix: Loopback request could not be completed
• Fix: Subsites login area is blocked for network users
• Fix: Mask login can be bypassed with wp-signup.php for single sites
• Fix: Ability to use dash symbol at the start/end of New Login URL slug

( 2021-02-12 ) =

• Fix: Security vulnerability for Two Factor Authentication

( 2020-12-17 ) =

• New: Add pagination option for IP lockout logs
• Enhance: Display Blocklist Monitor in the config structure
• Fix: Malware Scanning marks own files as suspicious
• Fix: The IP 127.0.0.1 shows as blocked
• Fix: Display Notifications in the Hub
• Fix: File Scan display issue in MS Edge
• Fix: Hero Image overlaps in Preset Configs
• Fix: Redirect Url UI needs improvement on Choose redirect page
• Fix: Display MaxMind link

• New: Add a separate Tutorials sub-menu and X-icon to remove it from the Dashboard
• Improvement: Change mention of blacklist and whitelist to blocklist and allowlist on Defender pages
• Improvement: Change Documentation links for Firewall and Malware Scanning
• Improvement: Config Improvements
• Fix: Display custom login forms if the Defender Masking URL is enabled
• Fix: Receive email from Defender security tweaks daily
• Fix: Activate 'Mask Login Area' through the Defender dashboard
• Fix: Correct display of the Audit log for a new registered user - except for a Subscriber role - in MU
• Fix: Masked login alters ajaxurl in MU in sites table page
• Fix: Remove 'ambient-light-sensor', 'picture-in-picture', 'speaker' and 'vr' directives from Feature-Policy header
• Fix: Compatibility with HUB
• Other minor enhancements and fixes

• New: Feature to save presets configurations of the Defender's settings, and make them available to download and apply to your other sites.
• New: Add tutorials section in the Defender dashboard.
• Improvement: Allow to bulk delete suspicious files
• Improvement: Improve the logic of how "Include sub-domains" option should be shown on the Strict Transport Security header
• Fix: Prevent wp-signup.php to access when Mask Login is enabled.
• Fix: 2FA login does not redirect correctly after login via the my-account page of Woocommerce
• Remove: Change default database prefix, as this can be bypass.
• Other minor enhancements and fixes

• Improvement: Change the description for X-Content-Type-Options security header
• Fix: The WAF widget and WAF page will be hidden when white label activated
• Fix: Include Subdomain option for Strict Transport security header
• Fix: Cron for Audit logs
• Other minor enhancements and fixes

• Fix: Audit Logging sometime triggers a fatal error on some setups.

• Improvement: Frequency of Security Tweak notifications reduced to 7 days
• Fix: GeoIP now compatible with new MaxMind policy
• Fix: Mask login URL now allow URL with an extension
• Fix: Lockout notification email now displays correct time unit
• Fix: Get started screen appears only where required
• Fix: Manage your email preferences & unsubscribe email link now works
• Fix: Strict Transport Security Header now shows subdomain option on the root domain
• Fix: On login lockout, Defender doesn't block IP permanently
• Fix: Mask login won't block admin links from email
• Other minor enhancements and fixes

• Fix: Add the correct css wrapper class to body

• Fix: Mask Login cause issue when visiting /wp-admin/network/sites.php

• Feature: Defender Pro now supports the WPMU DEV Dashboards white label feature.
• Feature: You can now perform a factory reset of Defenders settings via the Settings screen, as well as control what happens to data when the plugin is uninstalled.
• Improvement: Defender File Scanning no longer identifies robots.txt as a potentially harmful file.
• Improvement: Weve turned off autocomplete on the two-factor authentication field so that previous codes dont show up.
• Fix: Fixed a conflict with Defender where the 404 lockout feature would lock out users who tried to access old Hummingbird cache files.
• Fix: You can now view date ranges greater than 7 days for IP Lockout logs
• Fix: Minor grammar and UX improvements.

• Fix: Two-Factor Authentication QR code not being displayed on new device registration.

• Fix: permanent ban on 404 lockouts now sends correct email.
• Fix: IP lockout logs not showing correct results/order on different pages.
• Fix: IP lockout logs showing wrong badge for 404 lockouts.
• Fix: 2FA not working properly when using Sensei plugin.
• Other minor enhancements and fixes.

• New: added tweak Disable XML-RPC
• Improvement: Two factor authentication can now be force enabled by role.
• Improvement: Masking URL description.
• Fix: Compatibility with Appointments+ login when Mask Login is enabled.
• Fix: /login/ will be blocked instead of redirecting to right login URL
• Fix: new site registration email login URL will now show right Login URL instead of the original one when Mask URL is enabled.
• Fix: Accessibility issue when activating 2FA.
• Changes: Show Admin Pointer on initial Defender activation, and removing the redirect behavior.
• Other minor enhancements and fixes

• Fix: Mask Login Area description text is misleading
• Fix: wp-admin link of sub-sites in networks link to wrong admin URL
• Fix: Prevent Information Disclosure & Prevent PHP Execution show false error message when first applied
• Fix: Dashboard reporting section mis-alignment
• Other minor enhancements and fixes

• New: Ability to edit default two-factor authentication email notifications
• New: Added Privacy Policy in privacy guideline page
• Improvements for lockout logs interface
• Improvement: Smarter report default time.
• Fix: Defender auto redirect issue when bulk activating plugins
• Fix: saving 404 redirect URL issue
• Fix: Some layouts are shifted on mobile devices
• Other minor enhancements and fixes

• New: Hide the default WordPress login URLs with the new Mask Login Area feature, giving you enhanced protection from hackers and bots.
• New: Ability to force two-factor authentication for all users.
• Fix: Fixed a bug where file scanning would detect wp-config.php as suspicious.
• Fix: Fixed an issue where the lockout pages could be cached by external cache engines.

• Fix: Defender now can recognize and verify Bing Bot for whitelisting
• Fix: Lockout page now will use site title instead of the text 'WP Defender'
• Other minor enhancements and fixes

• Fix: Conflict with Jetpack where Defender 2FA module would not detect if Jetpack 2FA was disabled.
• Fix: Visitor would get a 404 lockout if landing on a page with many dead links.
• Improvement: When an user is deleted, audit logging now display the user's login instead of only UID.
• Other minor enhancements/fixes

• Fix: Two-factor authentication can be bypassed by user with no role.
• Improvement: Enhanced two-factor authentication protection across multisites.

• Improvement: Improvement: IPv6 support for both whitelisting and blacklisting, requires IPv6 support on the server.
• Improvement: Better UI/UX for Two-factor authentication.
• Fix: Security tweak "Prevent PHP Execution" and "Protect Information" now support Apache 2.4 htaccess rules.
• Other minor enhancements/fixes

• Fix: notification message.

• New: Now you can enable 2 factors authentication with Defender and Google Authenticator app, support for iOS and Android
• New: We can define how long the "Remember me" can take affect, via a new Security Tweak, called "Manage Login Duration"
• Improvement: IP Lockout logs now have separate tables, better for performance.
• Fix: Ignore a file in Scanning section sometimes coming back after couple of scans.
• Other minor enhancements/fixes

• New: CSV export for Audit Logging.
• Improvement: Email reports now have unsubscribe link, and link to Reports where email reports can be turned off.
• Fix: Typo in Audit email.
• Other minor enhancements/fixes

• Improvement: Improved IP Lockout performance.
• Fix: "Update old security keys" doesn't move to resolved list after processed
• Fix: When emptying IP Lockout logs cause timeout error.
• Fix: Typos in some places
• Other minor enhancements/fixes

• This is a quick hotfix release to tame a few notifications that showed up when they weren't supposed to. Joy.