Version |
Release Date |
Change Log |
3.6.0 |
2022-12-14 |
( 2022-12-05 ) =
- New: Global IP Allowlist/Blocklist
|
3.5.0 |
2022-11-28 |
( 2022-11-21 ) =
- Enhance: Two-Factor conflict between Defender and WordFence
- Enhance: Notification configuration settings
- Enhance: Notice for viewing two-factor user information on multisite
- Enhance: Code color for PHP Execution and Information Disclosure
- Enhance: Update SUI to the latest version
- Fix: Banned usernames for WP version older than 5.4
- Fix: Date range calendar on Audit and Firewall logs
- Fix: Remove 'Name & Description' option for the Default Security config
- Fix: NaN showing on Recommendations screen
- Fix: Audit date filter not working for predefined data ranges
- Fix: Redirect URL for the Mask Login feature throwing an error
|
3.4.1 |
2022-11-18 |
( 2022-11-17 ) =
- Enhance: Minor performance improvements
|
3.4.0 |
2022-11-07 |
( 2022-11-01 ) =
- New: Disable Google reCAPTCHA for logged-in users
- Enhance: Check HTML Entity for Audit Logs
- Enhance: Web Authentication notice on 2FA page
- Enhance: Show CVSS score in plugin vulnerability details
- Enhance: Compatibility with WordPress 6.1
- Enhance: IP detection
- Fix: Web Authentication during plugin upgrade
- Fix: Banned usernames for existing users
- Fix: Outdated manual rules for Prevent Information Disclosure
- Fix: User detail doesn't match the login/logout audit logs
- Fix: Defender 2FA conflicts with other plugins on Users page
- Fix: Displaying users when bulk updating notifications
- Fix: Masked Login not updating on My sites menu
- Fix: Conflict with OptimizePress
|
3.3.3 |
2022-11-01 |
( 2022-10-20 ) =
- Enhance: 2FA flow for secret keys
|
3.3.2 |
2022-09-29 |
( 2022-09-29 ) =
- Fix: Encrypt 2FA secret keys
|
3.3.1 |
2022-09-26 |
( 2022-09-21 ) =
- Enhance: 2FA security improvements
- Enhance: IP detection
- Enhance: Replace Google fonts with Bunny fonts for GDPR compliance
- Enhance: Membership detection
- Fix: Defender User Agent banning
|
3.3.0 |
2022-09-12 |
( 2022-09-05 ) =
- New: Google reCAPTCHA integration with BuddyPress plugin
- New: Google reCAPTCHA for WooCommerce Checkout
- Enhance: Add new Delete Lockouts button
- Enhance: Prevent brute force attack though 2fa
- Enhance: Wildcard for User Agent
- Enhance: Add new checkbox for User Agent Lockout to Firewall notification
- Enhance: Disable Delete button for active theme
- Enhance: Vulnerability when scanned using OWASP tools
- Fix: WebAuthn not working automatically on Subsites when it is enabled in Network for Multisite
- Fix: WebAuthn devices unregistered from user profile if salt keys are updated
- Fix: Audit log not capturing event on few themes during login or logout
- Fix: Google reCAPTCHA triggers on Rest API and prevents adding new user for WooCommerce
|
3.2.0 |
2022-08-10 |
( 2022-08-04 ) =
- New: WooCommerce integration with 2FA
- New: Disable 2FA for a specific user
- New: Use URL for image in 2FA > Custom Graphic
- Enhance: Unsubscribe links in email notifications
- Enhance: White label email notifications
- Enhance: White label 2FA backup codes file
- Enhance: 2FA summary section
- Enhance: Configure 2FA for Super Admin users on multisite
- Enhance: Check HTML Entity for 2FA > App Title
- Enhance: Description for 2FA > User Roles option
- Enhance: Hide Cancel-tooltip while scanning
- Enhance: Include string comments for translators
- Fix: 2FA throwing a blank page
- Fix: Password Reset Link for user fails when Google reCAPTCHA location is set for Lost Password
- Fix: Wrong Malware scan reports when there are identical plugin slugs at wp.org
- Fix: Google reCAPTCHA verification fails if the form is submitted after 2 minutes - token expiration issue
|
3.1.2 |
2022-07-25 |
( 2022-07-20 ) =
- Fix: WAF status not showing correctly
- Fix: Notification scheduler error
- Fix: Plugin support link error
|
3.1.1 |
2022-07-11 |
( 2022-07-05 ) =
- Fix: Notifications module error
|
3.1.0 |
2022-07-11 |
( 2022-07-04 ) =
- New: YubiKey Authentication
- Enhance: Distinguish Pro and Free plugins with the same slug
- Enhance: Mobile styling for 2FA form
- Enhance: Replace the Support link with a variable
- Enhance: Update the default allowlist of IP addresses
- Enhance: Upgrade vendor packages
- Fix: Wrong confirmation message on Firewall logs screen
- Fix: Defender notification recipients aren't associated with users
- Fix: Configs not applied from the Hub
- Fix: Scan HUB synchronization
- Fix: Notification bulk action is not working
- Fix: Pwned Password updated with simple password on Profile page
- Fix: Storing the MaxMind DB file path relatively instead of a full path
|
3.0.0 |
2022-07-11 |
( 2022-06-06 ) =
- New: Biometric Authentication
- New: Giveaway Opt-in for Free version
- Enhance: PHP version upgrade
- Enhance: Compatibility with WordPress 6.0
- Enhance: WP-CLI command to show Scan details
- Enhance: Update SUI to the latest version
- Fix: Audit events logged not showing after applying some date range
|
3.0.1 |
2022-07-11 |
( 2022-06-14 ) =
- Fix: Beehive Pro plugin flagged issues
|
2.8.3 |
2022-07-11 |
( 2022-05-11) =
- Enhance: PHP upgrade notice
- Fix: Defender column country_iso_code missing from Lockout table
- Fix: Defender sets all country iso codes as NULL
|
2.8.2 |
2022-04-25 |
( 2022-04-25 ) =
- Fix: All site visitors are blocked
|
2.8.1 |
2022-04-25 |
( 2022-04-25 ) =
- Enhance: Hide write permissions error notices for Tweaks while applying config
- Enhance: Update the default Auth method on the Users page
- Enhance: Singular or plural translation in email templates
- Enhance: Login Protection and 404 Detection Section Update
- Enhance: Show country flags for country-based lockouts
- Fix: Update Firewall's 404 Detection blocklist and allowlist information notice
- Fix: Firewall not working when Country is added to whitelist
- Fix: Updating plugins with known vulnerabilities
- Fix: No passcode when Fallback Email is not the default method
- Fix: 404 Exclusions Inconsistent Logging
- Fix: 2FA token issue
- Fix: Undefined array key "HTTP_HOST"
- Fix: Duplicate key name 'country_iso_code'
- Fix: Welcome modal when white-label enabled
- Fix: Jquery issue on Def's 2FA TOTP page
|
2.8.0 |
2022-03-14 |
( 2022-03-07 ) =
- New: Backup codes
- Enhance: Text version of 2FA code
- Enhance: Add Update Old Security Keys settings to config
- Enhance: Automatically check for MaxMind database updates
- Enhance: WP-CLI command to delete Defender logs
- Enhance: Delete security tweak settings during uninstallation
- Fix: IP Lockout issue
- Fix: Malware Scanning PHP 8.1 error
- Fix: Native domain mapping doesn't work with login masking
- Fix: Firewall log export doesn't include all entries
- Fix: Duplicate configs
- Fix: Geo DB downloaded to WP-Admin directory
- Fix: Branda conflict Update User listed twice in logs
- Fix: Notifications user search missing some users
- Fix: When Defender login masking is active, SmartCrawl report URL are broken
- Fix: User filter dropdown count not updating dynamically
- Fix: SSO not working with login masking on multisite
|
2.7.1 |
2022-02-08 |
( 2022-02-02 ) =
- New: Create new endpoints to toggle reCAPTCHA, 2FA modules from Hub
- Enhance: Update SUI to latest version
- Enhance: Refactor Firewall logs
- Enhance: Update admin menu icon
- Enhance: Remove deprecated hooks
- Enhance: Unsubscribe link doesn't work for not logged in users
- Fix: Fatal error on plugin activation with PHP 8.1
- Fix: Display error on Dashboard and Tools pages for huge post data
- Fix: Configure reCAPTCHA without WooCommerce options
- Fix: Invite By Email doesn't check if recipient already added
- Fix: Email text overflows on Notification page
- Fix: Defender downgrade fails
|
2.7.0 |
2022-01-24 |
( 2022-01-18 ) =
- New: Redesigned emails
- New: Highlight new features in Welcome modal
- Enhance: Malware Scheduling redesign
- Enhance: Optimize MySQL queries for Firewall module
- Enhance: WP-CLI command for User Agent Banning
- Enhance: Improve Audit Logging with user login status
- Enhance: Log rotation proof of concept
- Enhance: Tab styles on Notifications > Recipients
- Enhance: Geoblocking notifications
- Enhance: False positive in Advanced Ads plugin code
- Enhance: Defender Tutorials
- Enhance: WordPress 5.9 compatibility
- Enhance: Include plugin/theme name and version in Audit log
- Enhance: Improve Audit Logging for Hub requested plugin/theme updates
- Enhance: Prevent user enumeration requests
- Enhance: Get WP version when core update is dismissed
- Fix: Cloudflare IPs locked out
- Fix: Multisite Defender logs not cleared after 30 days
- Fix: Pwned Passwords bypassed with incorrect 2FA code
- Fix: Night theme not applied to Suspicious File preview
- Fix: PHP warnings after update
- Fix: Invisible reCAPTCHA UI Issue
|
2.6.5 |
2021-12-07 |
( 2021-11-29 ) =
- Enhance: Add User Agent Banning to Configs
- Enhance: Add User Agent ban status to Log filters
- Enhance: Prevent PHP Execution exceptions
- Enhance: Modify API logic to work with The Hub
- Enhance: Proper validation message for Firewall IP list
- Enhance: Remove outdated scheduled actions
- Enhance: New WP-CLI commands for scheduled actions
- Enhance: PHP 8.1 compatibility
- Enhance: Hide vulnerability warnings after plugin update
- Enhance: Log improvements
- Enhance: False positive improvements
- Fix: Blank dialogue modal shown after login
- Fix: Staff user role blocked when accessing via WPMU DEV Dashboard
- Fix: Malware Scanning progress 'undefined' when session expires
- Fix: Login without completing reCAPTCHA conditions
- Fix: Unable to upload CSV file on MU site
- Fix: Error during malware scanning
- Fix: Typo in Security Recommendations
|
2.6.4 |
2021-11-22 |
( 2021-11-15 ) =
- Fix: Allow admin-post.php on Mask Login Area
|
2.6.3 |
2021-11-22 |
( 2021-11-03 ) =
- Enhance: White labeling support
|
2.6.2 |
2021-11-01 |
( 2021-11-01 ) =
- New: Plugin vulnerability warnings
- New: Import & export User Agent list
- New: Highlight new features in Welcome modal
- Enhance: Update SUI to latest version
- Enhance: Update Upsell buttons
- Enhance: Dashboard widget changes
- Enhance: Update IP Banning Import-Export icon and note
- Enhance: Replace Login Protection 'Deactivate' icon
- Fix: Some malicious files not flagged
- Fix: Malicious plugin not detected
- Fix: Defender continually creating scheduled actions
- Fix: Audit Logging creating duplicate post entries
- Fix: Audit Logging creating user record on multisite
- Fix: Mask URL not working correctly on WordPress installed in subdirectory
- Fix: reCAPTCHA error thrown on theme login modal
|
2.6.1 |
2021-10-25 |
( 2021-10-18 ) =
- New: Google reCAPTCHA integration with WooCommerce plugin
- New: "What's New" modal hidden on fresh installs
- Enhance: Upgrade required minimum PHP version
- Enhance: Unlock active lockouts using WP CLI
- Enhance: Show more detailed log with Audit Logging
- Enhance: Audit Logging on subsites
- Enhance: Rename Feature Policy header to Permission Policy header
- Enhance: "Send notifications when Defender couldn't scan the files" not working
- Enhance: Set a time limit to cancel malware scanning
- Enhance: Mobile view improvements
- Enhance: Add log entry when signing in with 2FA
- Enhance: Change "Basic config" to "Basic Config"
- Enhance: Save a post as Draft and see 3 entries created in Audit log on multisite
- Enhance: Add "Activate" button instead of "Continue" when activating the Notification
- Enhance: Hide malware scan filter when there is no issue
- Enhance: Remove Academy link
- Fix: Audit log duplicates when updating menu items
- Fix: Max countdown showing 24 hours instead of 72 hours
- Fix: Conflict with WooCommerce Payments
- Fix: Typo in User Agent Banning Allowlist UI
- Fix: Issue with 2FA flow
- Fix: Getting PHP Notice / warming on malware scanning
- Fix: Google reCAPTCHA for comments doesn't work with HB Lazy Load
- Fix: Redirect to optimal URL on 2FA OTP success in custom login page
- Fix: Incorrect Google reCAPTCHA error Code for multisite user registration
- Fix: PHP version shows null inside the recommendation
- Fix: Aren't able to explore Recommendations on our hosting
|
2.6.0 |
2021-09-27 |
( 2021-09-20 ) =
- New: User Agent banning
- New: "What's New" modal hidden on fresh installs
- Enhance: Update Firewall filters and widgets to include User Agent lockouts
- Enhance: Add Countdown timer on the lockout screen
- Enhance Update IP Banning Blocklist/Allowlist UI
- Enhance: Update misaligned pagination on Firewall Logs page
- Fix: GEOIP.PHP issue in Defender Pro
- Fix: Update Malware Scanning loopback request params to same as WP core
- Fix: Can't login using WooCommerce's login/registration forms when Defender reCAPTCHA is enabled
- Fix: PHP version recommendation
- Fix: Integrate Defender password features with activated 2FA feature
- Fix: Issue with activated Mask Login Area and 2FA features
- Fix: Malware Scanning reports not sent on MU sites
|
2.5.7 |
2021-08-30 |
( 2021-08-25 ) =
- Fix: Firewall Locations ban issue
|
2.5.6 |
2021-08-30 |
( 2021-08-23 ) =
- New: reCAPTCHA for comments
- Enhance: 404 lockout CSS, JS and MAP files excluded
- Enhance: Hide "Powered by Defender" line when Whitelabel is enabled
- Enhance: Hide "What's New Modal" when Whitelabel is enabled
- Enhance: Integrated Force Password Reset feature with Forminator
- Enhance: Option to automatically regenerate security keys
- Enhance: Recipient user list can be sorted and filtered by user role
- Fix: Login Protection and 404 Detection deactivated by itself
- Fix: Google reCAPTCHA v3 Locations issue
- Fix: Problem while navigating malware issues in Defender Pro
- Fix: Defender Pro sends the same reports twice
- Fix: Security Header Referrer description
- Fix: Updating from 2.3.2 to 2.4.4 resets security key recommendation to 60 days
- Fix: Updating from 2.3.2 to 2.4.4 removes previous malware scanning data
- Fix: Notification recipients 'load more' interaction not visible when adding users
|
2.5.5 |
2021-08-02 |
( 2021-07-26 ) =
- New: Pwned Passwords settings added to Configs
- New: "What's New" modal hidden on fresh installs
- Enhance: "Clear Temporary IP Block List" option added to Configs
- Enhance: Asset Optimization to increase loading speed in the backend
- Enhance: Malware scanning rules improvements
- Enhance: File scan not detecting code inside wp-config.php
- Enhance: Updated white label method from the WPMU DEV Dashboard
- Enhance: Updated footer text on Preset Configs page
- Fix: Forced Password Reset not applied if user of one subsite tries to login to another subsite
- Fix: Displayed number of actioned recommendations in incorrect
- Fix: Free Defender version sending Pro version notifications
- Fix: Callbacks to avoid slow log
- Fix: Browser console error when changing default admin username
- Fix: Fix list of auxiliary WP-CLI commands
- Fix: Language translation not updating on multisite
- Fix: 2FA can be forced for user roles when inactive for that role
- Fix: Password reset doesn't work for Flywheel sites if Defender Pro is active
- Fix: Pwned Passwords security flaw
- Fix: Plugin updates via WPMU DEV Dashboard missing from Event Logs
- Fix: File scan reporting empty non-WP directories
- Fix: File scan missing files that start with a dot
- Fix: Defender sending mail reports to noreply@www.domain.com instead of noreply@domain.com
- Fix: 2FA > Active Users > View users link should open in new tab
- Fix: Issues viewing Dashboard and Notifications pages on Mobile
- Fix: Console error on Mask Login page
- Fix: Change reCaptcha to reCAPTCHA
|
2.5.4 |
2021-07-05 |
( 2021-06-28 ) =
- New: Google reCAPTCHA for WordPress login/register/password reset pages
- New: Highlight new features in welcome modal
- Enhance: Compatibility with WordPress 5.8
- Enhance: Update WP-CLI scan options
- Enhance: Tools dashboard widget
- Fix: Locations feature not working on Flywheel hosting
- Fix: Warnings with PHP version 7.4
- Fix: Password reset page showing if users from any subsite try to save pwned password
- Fix: Guest User under Malware Scanning Notification
- Fix: Various issues with notifications in Defender
- Fix: Can't update email when mask login enabled
- Fix: Minor typo in Dashboard modal
- Fix: Issue Details section not showing code
- Fix: Hide notice on Configs page
|
2.5.3 |
2021-06-08 |
( 2021-06-07 ) =
- Fix: Check password's hash before forwarding to Pwned Password API
|
2.5.2 |
2021-06-08 |
( 2021-06-01 ) =
- New: Force password reset for all registered users
- New: Highlight new features in welcome modal
- New: WP CLI support for Force Bulk Password reset
- Enhance: Integration with Smush - exclude Smush-optimized images from Malware Scanning reports
- Enhance: Add Pwned Passwords and Password Reset widgets to Defender Dashboard page
- Enhance: Change Doc link from advanced-tools to tools
- Enhance: Fix success notification inconsistencies
- Enhance: Add License at the footer of Pwned Passwords
- Enhance: Change 'Please try again!' error message for known vulnerabilities
- Fix: Clean Lockouts option
- Fix: Blank vulnerability report with some plugins
- Fix: Masked login are bypassed with double slash
- Fix: Search details are not showing on IP Banning modal page
- Fix: Defender translations
- Fix: Unable to schedule Posts
- Fix: Issues with Mask Login Area and user creation
- Fix: Typo in Prevent Information Disclosure and Prevent PHP Execution
- Fix: 2FA active state notification should change only after saving settings
|
2.5.1 |
2021-05-19 |
( 2021-05-19 ) =
- Fix: Fatal error after an update from older versions
|
2.5.0 |
2021-05-19 |
( 2021-05-06 ) =
- New: Check passwords against Pwned database
- New: Highlight new features in welcome modal
- Enhance: Automatically remove old logs after 30 days
- Enhance: Malware scanning security enhancements
- Enhance: Detect suspicious code with 'WPTemplatesOptions'
- Enhance: Detect suspicious code in themes
- Enhance: Some suspicious code threats missed by Defender
- Enhance: Better descriptions for Malware scanning reports
- Enhance: Set 'Scan plugin files' option unchecked by default
- Enhance: Remove 'Scan theme files' option from File change detection
- Enhance: Remove "Allow From" option from X-Frame-Options header
- Enhance: Platform compatibility with Defender
- Enhance: Rename Advanced Tools to Tools
- Enhance: Documentation links tracking
- Fix: Malware scanning stuck on analyzing theme
- Fix: Translation files not applied
- Fix: Reset not removing all data
- Fix: Send data in persistent date format to Hub
- Fix: Resetting or Uninstalling does not completely remove Defender settings
- Fix: Check all files from scan Issues and Ignored tabs for bulk actions
- Fix: Scrolling Up issue in Active lockouts
- Fix: Update SUI to the latest version
- Fix: Revert button in Prevent User Enumeration recommendation
|
2.4.6 |
2021-04-12 |
( 2021-01-27 ) =
- Security: Malware scan doesn't detect Backdoor:PHP/WP-VCD
- Security: Malware scanning issues with Avada theme
- Enhance: PHP 8 compatibility
- Enhance: Mobile UI improvement for IP lockout logs
- Enhance: Remove menu icon with issue indicator when there are no Scan and Tweak issues
- Enhance: Suspicious Code scan type is deactivated by default
- Fix: Defender security headers not applied when Hummingbird caching is active
- Fix: Revert button not working for certain recommendations
- Fix: Remember Light mode/Dark mode selection for Malware Scanning code preview
- Fix: Resend Invite option is not showing for added users (Add users/Invite by Email)
- Fix: Read More link showing in blue color when High Contrast Mode is ON
- Fix: Fix footer link URL
- Fix: 127.0.0.1 showing multiples times on the firewall logs page
- Fix: Unsubscribe icon is not showing correctly on the notifications page
- Fix: Console errors on various pages when WooCommerce is activated
- Fix: Display error for enabled Mask Login and Site Health request
- Fix: Mask Login Area restricted slugs
- Fix: Showing all files in WP core as modified
- Fix: Defender locking out users and detecting wrong user IP
- Fix: 2FA can't be forced with WooCommerce
- Fix: Disable File Editor tweak reset
- Fix: Issues on Flywheel hosting stability improvements
- Fix: Admin email duplicates in Bulk notification modal
- Fix: Multiple notifications still being sent after update to 2.4.4
- Fix: Error when requesting API on the Audit logs page
- Fix: Audit log does not log all plugins when activated/deactivated in batches
|
2.4.10 |
2021-04-12 |
( 2021-04-05 ) =
- New: Add WP CLI commands to reset mask login settings
- Enhance: Update links to wpmudev.com
- Enhance: Prevent PHP Execution/Prevent Information Disclosure (show manual instructions on Apache tab)
- Enhance: Bulk Unblock/Undo actions on Active Lockouts
- Enhance: Adjust Malware scanning logic to reduce false-positive reports
- Enhance: Malware Scanning - Disable delete button for a report, when a third-party plugin is active
- Enhance: Change count-logic for total value of issues shown on a main widget and Defender's menu
- Enhance: Improve the behavior of the Active tag on configs feature
- Enhance: Custom notification email for 'When Failed to scan' is not imported to Config
- Enhance: Compatibility with WordPress 5.7
- Enhance: Update minimum supported WordPress version
- Enhance: New Manage Notifications button on notification widget
- Enhance: In Notifications and Dashboard pages, replace "-" with text under Schedule
- Fix: No error when restore core file fails
- Fix: Cron issues for Audit and Firewall modules
- Fix: Defender sending 404 Detection notifications when that type is turned off
- Fix: Remove old deprecated code of recommendations in DB
- Fix: Duplicate IP addresses on Active Lockouts
- Fix: Display different frequency for different timezones
- Fix: 404 Detection timeframe is not imported to Config
- Fix: Showing banner without content on profile page
- Fix: Active Lockouts pagination seems broken
- Fix: Link Defender Settings redirects to Defender Dashboard page on WP plugin page
|
2.4.9 |
2021-03-22 |
( 2021-03-17 ) =
|
2.4.8 |
2021-03-12 |
( 2021-03-12 ) =
- Fix: Unescaped DB parameters
|
2.4.7 |
2021-03-11 |
( 2021-03-01 ) =
- New: Sync Config from Defender with The Hub
- Enhance: Making "Enable Tag" clickable in the notification widget
- Enhance: Allow capital letters in Masked Login
- Enhance: New WP CLI commands for file scanning, reset settings, and clear firewall data
- Enhance: Reducing false-positive reports in malware scanning
- Enhance: Check plugins and themes against the WP.org repository
- Enhance: Adding pagination in Malware Scanning grid
- Enhance: Update text for Suspicious Code scan type options
- Enhance: Bulk configure - Add to reports/Remove from reports options
- Enhance: Improve table performance
- Enhance: Remove hero image when Branding is set to custom for activated Whitelabel
- Fix: Storage logs not deleted
- Fix: Update code preview in Malware Scanning
- Fix: MaxMind DB Reader API version update
- Fix: Keep empty IP for internal or private IPs
- Fix: Failed login attempt with an empty banned username
- Fix: Audit Log Export
- Fix: Loopback request could not be completed
- Fix: Subsites login area is blocked for network users
- Fix: Mask login can be bypassed with wp-signup.php for single sites
- Fix: Ability to use dash symbol at the start/end of New Login URL slug
|
2.4.6.1 |
2021-02-23 |
( 2021-02-12 ) =
- Fix: Security vulnerability for Two Factor Authentication
|
2.4.5 |
2021-01-28 |
( 2020-12-17 ) =
- New: Add pagination option for IP lockout logs
- Enhance: Display Blocklist Monitor in the config structure
- Fix: Malware Scanning marks own files as suspicious
- Fix: The IP 127.0.0.1 shows as blocked
- Fix: Display Notifications in the Hub
- Fix: File Scan display issue in MS Edge
- Fix: Hero Image overlaps in Preset Configs
- Fix: Redirect Url UI needs improvement on Choose redirect page
- Fix: Display MaxMind link
|
2.3.2 |
2020-12-28 |
- New: Add a separate Tutorials sub-menu and X-icon to remove it from the Dashboard
- Improvement: Change mention of blacklist and whitelist to blocklist and allowlist on Defender pages
- Improvement: Change Documentation links for Firewall and Malware Scanning
- Improvement: Config Improvements
- Fix: Display custom login forms if the Defender Masking URL is enabled
- Fix: Receive email from Defender security tweaks daily
- Fix: Activate 'Mask Login Area' through the Defender dashboard
- Fix: Correct display of the Audit log for a new registered user - except for a Subscriber role - in MU
- Fix: Masked login alters ajaxurl in MU in sites table page
- Fix: Remove 'ambient-light-sensor', 'picture-in-picture', 'speaker' and 'vr' directives from Feature-Policy header
- Fix: Compatibility with HUB
- Other minor enhancements and fixes
|
2.3.1 |
2020-09-01 |
- New: Feature to save presets configurations of the Defender's settings, and make them available to download and apply to your other sites.
- New: Add tutorials section in the Defender dashboard.
- Improvement: Allow to bulk delete suspicious files
- Improvement: Improve the logic of how "Include sub-domains" option should be shown on the Strict Transport Security header
- Fix: Prevent wp-signup.php to access when Mask Login is enabled.
- Fix: 2FA login does not redirect correctly after login via the my-account page of Woocommerce
- Remove: Change default database prefix, as this can be bypass.
- Other minor enhancements and fixes
|
2.3 |
2020-07-28 |
- Improvement: Change the description for X-Content-Type-Options security header
- Fix: The WAF widget and WAF page will be hidden when white label activated
- Fix: Include Subdomain option for Strict Transport security header
- Fix: Cron for Audit logs
- Other minor enhancements and fixes
|
2.2.7 |
2020-04-02 |
- Fix: Audit Logging sometime triggers a fatal error on some setups.
|
2.2.6 |
2020-02-26 |
- Improvement: Frequency of Security Tweak notifications reduced to 7 days
- Fix: GeoIP now compatible with new MaxMind policy
- Fix: Mask login URL now allow URL with an extension
- Fix: Lockout notification email now displays correct time unit
- Fix: Get started screen appears only where required
- Fix: Manage your email preferences & unsubscribe email link now works
- Fix: Strict Transport Security Header now shows subdomain option on the root domain
- Fix: On login lockout, Defender doesn't block IP permanently
- Fix: Mask login won't block admin links from email
- Other minor enhancements and fixes
|
2.2.5 |
2020-02-03 |
|
2.2.4 |
2020-01-21 |
|
2.1.5 |
2019-10-16 |
- Fix: Add the correct css wrapper class to body
|
2.1.4 |
2019-07-10 |
- Fix: Mask Login cause issue when visiting /wp-admin/network/sites.php
|
2.1.2 |
2019-04-22 |
- Feature: Defender Pro now supports the WPMU DEV Dashboards white label feature.
- Feature: You can now perform a factory reset of Defenders settings via the Settings screen, as well as control what happens to data when the plugin is uninstalled.
- Improvement: Defender File Scanning no longer identifies robots.txt as a potentially harmful file.
- Improvement: Weve turned off autocomplete on the two-factor authentication field so that previous codes dont show up.
- Fix: Fixed a conflict with Defender where the 404 lockout feature would lock out users who tried to access old Hummingbird cache files.
- Fix: You can now view date ranges greater than 7 days for IP Lockout logs
- Fix: Minor grammar and UX improvements.
|
2.1.1.1 |
2019-04-10 |
- Fix: Two-Factor Authentication QR code not being displayed on new device registration.
|
2.0.1 |
2019-02-15 |
- Fix: permanent ban on 404 lockouts now sends correct email.
- Fix: IP lockout logs not showing correct results/order on different pages.
- Fix: IP lockout logs showing wrong badge for 404 lockouts.
- Fix: 2FA not working properly when using Sensei plugin.
- Other minor enhancements and fixes.
|
2.0 |
2018-09-27 |
- New: added tweak Disable XML-RPC
- Improvement: Two factor authentication can now be force enabled by role.
- Improvement: Masking URL description.
- Fix: Compatibility with Appointments+ login when Mask Login is enabled.
- Fix: /login/ will be blocked instead of redirecting to right login URL
- Fix: new site registration email login URL will now show right Login URL instead of the original one when Mask URL is enabled.
- Fix: Accessibility issue when activating 2FA.
- Changes: Show Admin Pointer on initial Defender activation, and removing the redirect behavior.
- Other minor enhancements and fixes
|
1.9.1 |
2018-08-07 |
- Fix: Mask Login Area description text is misleading
- Fix: wp-admin link of sub-sites in networks link to wrong admin URL
- Fix: Prevent Information Disclosure & Prevent PHP Execution show false error message when first applied
- Fix: Dashboard reporting section mis-alignment
- Other minor enhancements and fixes
|
1.9 |
2018-07-09 |
- New: Ability to edit default two-factor authentication email notifications
- New: Added Privacy Policy in privacy guideline page
- Improvements for lockout logs interface
- Improvement: Smarter report default time.
- Fix: Defender auto redirect issue when bulk activating plugins
- Fix: saving 404 redirect URL issue
- Fix: Some layouts are shifted on mobile devices
- Other minor enhancements and fixes
|
1.8 |
2018-04-23 |
- New: Hide the default WordPress login URLs with the new Mask Login Area feature, giving you enhanced protection from hackers and bots.
- New: Ability to force two-factor authentication for all users.
- Fix: Fixed a bug where file scanning would detect wp-config.php as suspicious.
- Fix: Fixed an issue where the lockout pages could be cached by external cache engines.
|
1.7.6 |
2018-03-21 |
- Fix: Defender now can recognize and verify Bing Bot for whitelisting
- Fix: Lockout page now will use site title instead of the text 'WP Defender'
- Other minor enhancements and fixes
|
1.7.4 |
2018-02-20 |
- Fix: Conflict with Jetpack where Defender 2FA module would not detect if Jetpack 2FA was disabled.
- Fix: Visitor would get a 404 lockout if landing on a page with many dead links.
- Improvement: When an user is deleted, audit logging now display the user's login instead of only UID.
- Other minor enhancements/fixes
|
1.7.3 |
2017-11-17 |
- Fix: Two-factor authentication can be bypassed by user with no role.
- Improvement: Enhanced two-factor authentication protection across multisites.
|
1.7.2 |
2017-10-11 |
- Improvement: Improvement: IPv6 support for both whitelisting and blacklisting, requires IPv6 support on the server.
- Improvement: Better UI/UX for Two-factor authentication.
- Fix: Security tweak "Prevent PHP Execution" and "Protect Information" now support Apache 2.4 htaccess rules.
- Other minor enhancements/fixes
|
1.7.1 |
2017-10-09 |
|
1.7.0.1 |
2017-10-04 |
- Fix: notification message.
|
1.7 |
2017-08-17 |
- New: Now you can enable 2 factors authentication with Defender and Google Authenticator app, support for iOS and Android
- New: We can define how long the "Remember me" can take affect, via a new Security Tweak, called "Manage Login Duration"
- Improvement: IP Lockout logs now have separate tables, better for performance.
- Fix: Ignore a file in Scanning section sometimes coming back after couple of scans.
- Other minor enhancements/fixes
|
1.6.2 |
2017-07-11 |
- New: CSV export for Audit Logging.
- Improvement: Email reports now have unsubscribe link, and link to Reports where email reports can be turned off.
- Fix: Typo in Audit email.
- Other minor enhancements/fixes
|
1.6.1 |
2017-07-03 |
- Improvement: Improved IP Lockout performance.
- Fix: "Update old security keys" doesn't move to resolved list after processed
- Fix: When emptying IP Lockout logs cause timeout error.
- Fix: Typos in some places
- Other minor enhancements/fixes
|
1.6.0.1 |
2017-06-08 |
- This is a quick hotfix release to tame a few notifications that showed up when they weren't supposed to. Joy.
|