WP Security Safe

Changelog

2.4.4 (High Priority)

Release Date – 05 Apr 2022
* Security: Updated SDK to version 2.4.3 due to security vulnerability
* Security: Implemented escaping to prevent XSS
* Warning: Upcoming version 2.5 will require a minimum version of PHP 7.4 and WordPress version 5.1
* Improvement: Implemented centralized sanitization library for retrieval of all request variables for better reliability and consistency of sanitization
* Improvement: Updated PHP version checks
* Tested up to 5.9.2

2.4.2 (Medium Priority)

Release Date – 06 Feb 2022
* NOTICE: Upcoming Version 3.0 will require a minimum PHP 7.4 and WordPress 5.4
* Security: Improved XSS escaping throughout the admin pages.
* Bug Fix: The filter hooks into ‘authenticate’ were using add_action instead of add_filter
* Bug Fix: Some styling on the permissions table was not getting applied correctly due to missing class
* Improvement: Fix some PHP notices
* Improvement: Updated PHP version checks
* Tested up to: 5.9

2.4.1 (Low Priority)

Release Date – 04 March 2021
* Bug Fix: Pantheon Hosting: files in the uploads directory now accept 770 permissions as secure
* Improvement: Removed the batch permissions dropdown and the update permissions button when no files/dirs are available to modify.

2.4.0 (Medium Priority)

Release Date – 28 February 2021
Release Notes: https://wpsecuritysafe.com/changelog/version-2-4/

• Added Feature: Automatically blocks IP addresses temporarily after numerous failed logins
• Added Feature: Import and Export settings are now included with the free version.
• Added Pro Feature: Advanced Automatic IP Blocking after numerous threats are detected.
• Improvement: Fixed some PHP warnings displayed when XML-RPC requests use poorly formatted XML. Thank you Charles Suggs for reporting this.
• Improvement: Adjusted cleanup script to leave allow/deny table for 3 days past expiration for more advanced threat detection.
• Improvement: Allowed IPs now get exempt from nonce checks.
• Improvement: Adjusted upgrade script to be more efficient with load.
• Improvement: Updated file permission statuses to be error, warning, and notice versus bad, ok, good
• Improvement: Adjusted Login Error handling so that the user is sent back to the login screen when the login attempt is blocked and the error is displayed.
• Improvement: Fixed various PHP Warnings: Thanks John Dorner for reporting them.
• Improvement: Automatically group and sort bad file permissions to the top of the file permissions table.
• Improvement: Changed the 404, login, and block charts from 7 days to 30 days of data to display.
• Improvement: Minor code improvements.
• Improvement: Updated SDK to version 2.4.2
• Improvement: Updated PHPDoc notes
• Improvement: Updated PHP version checks
• Bug Fix: Pantheon Hosting: directories in the uploads directory now accept 770 permissions as secure
• Pro Bug Fix: Plugins files were not getting file permissions fixed after a plugin update.
• Tested up to: 5.6.2

2.3.2 (Medium Priority)

Release Date – 11 September 2020

• Improvement: Removed feature Local Login as it was triggering false positives due to browser caching issues.
• Improvement: Updated PHP version checks
• Tested up to: 5.5.1

2.3.1 (High Priority)

Release Date – 05 January 2020

• Bug Fix: version privacy for JS files conflicted with Google Recaptcha. Thank you Lynn Appleget for reporting this bug.
• Bug Fix: Plugin updates were not getting logged properly after an update.
• Bug Fix: Plugin would not initialize in a multi-site network.
• Bug Fix: Prevent caching of nonce for front-end login form
• Bug Fix: Some 404s were getting detected before a WP redirect was happening.
• Improvement: Fixed PHP Notices
• Improvement: Updated PHP version checks
• Improvement: PHP version comparison logic improved
• Improvement: Increase performance by reducing unnecessary method calls
• Improvement: Updated SDK
• Tested up to: 5.4

2.3.0 (Low Priority)

Release Date – 13 November 2019

• Bug Fix: Administrator role was prevented from right-clicking and highlighting when these content protection features were enabled. This role should be excluded from these policies.
• Bug Fix: Fixed typo which had no affect on functionality due to fallback check.
• Improvement: Changed default settings to include “Make Website Anonymous” during updates and “Prevent WordPress version files from public access”.
• Improvement: Minor performance enhancements
• Increase PHP version requirement to match WordPress core.
• Tested up to: 5.3

2.2.3 (High Priority)

Release Date – 21 October 2019

• Bug Fix: Local Login feature would not allow logins via front-end login forms created with wp_login_form(). Thank you @alfonsoborghi for the bug report.
• Bug Fix: An admin notice was not properly counting directories with OK permissions on the Files admin page.
• Bug Fix: Stats were attempting to record during system activities and thus throwing “WordPress database error Duplicate entry”
• Bug Fix: Search and bulk delete on the Firewall Allow/Deny admin page would trigger false flag admin errors regarding IP validation.
• Bug Fix: Sort filters on the Firewall admin page would trigger false flag admin notices.
• Bug Fix: Body class was being added to every page in the admin.
• Bug Fix: Duplicate policy disabled admin notices were appearing on admin pages using wp_list_table()
• Security: Added nonce to reset and save settings
• Security: Added nonce to add / remove Firewall rules
• Improvement: Renamed nonces to prevent conflicts with other plugins
• Improvement: Performance tuning to reduce function calls
• Improvement: Changed default settings to include disabling XML-RPC and force Local Logins.
• Improvement: Fixed a PHP Warning.
• Improvement: Updated PHP version checks
• Tested up to: 5.2.4

2.2.2 (Medium Priority)

Release Date – 09 September 2019

• Bug Fix: Cron cleanup scripts were failing.
• Improvement: Fixed two PHP errors.

2.2.1 (Medium Priority)

Release Date – 05 September 2019

• Updated Feature: The local login feature was improved to be more reliable.
• Bug Fix: The local login feature was causing server errors on Pantheon servers. Thanks FullSteam Labs for the bug report.
• Bug Fix: The blacklist check was not functioning properly.
• Bug Fix: The sidebar was appearing on tabs that were full width of the screen.
• Bug Fix: The charts would not load in a local development environment without an active internet connection.
• Bug Fix: Fixed minor styling anomalies when viewing admin in Spanish
• Pro Bug Fix: File corrupt error displayed if imported settings already matched the current settings.
• Improvement: Added more i18n language support.
• Improvement: The form that adds an IP to the firewall is more user-friendly
• Improvement: Added ability to make notes when manually adding IPs to the firewall
• Improvement: Fixed some minor PHP notices.
• Improvement: Added ‘Status’ column and filter to Firewall page.
• Improvement: Added additional information to the ‘Details’ column.
• Improvement: Converted the Firewall page to include all detected threats
• Improvement: Added Spanish Translations
• Improvement: Updated logo and minor styling
• Improvement: Updated PHP version checks
• Security: Added additional sanitization for logging
• Tested with ManageWP Version 4.9.1
• Tested up to: 5.2.3

2.1.1 (Medium Priority)

Release Date – 15 July 2019

• Bug Fix: Session handling conflicted with some admin features in oddball scenarios
• Improvement: Fixed a PHP Warning

2.1.0 (Medium Priority)

Release Date – 15 July 2019

• Bug Fix: WP Cron activities were not recording to activity log (Only visible in debug mode)
• Bug Fix: Charts do not display properly until an entry has been initially added to stats.
• Bug Fix: Styling issue with wp_table_list pagination
• Bug Fix: Search field not working on log tables
• Bug Fix: Admin notices would not display for policies that were disabled or if wp cron was disabled using DISABLE_WP_CRON.
• Bug Fix: The admin notices were not displaying bold properly
• Improvement: Fixed some PHP notices, thanks to Charles Suggs
• Improvement: Excluded user roles super admin, administrator, editor, and author from text highlighting and right-click content protection while logged in
• Improvement: Updated SDK
• Improvement: Implemented better session handling for increased load performance
• Improvement: Added more i18n language support.

2.0.2 (High Priority)

Release Date – 10 June 2019

• Improvement: In some outlying circumstances, the DB tables do not get created. A failsafe was added to create the tables if the insertion of a record failed.
• Bug Fix: The new DB tables get created if the plugin is disabled and then enabled, but not after an update process.

2.0.0 (Low Priority)

Release Date – 10 June 2019

• Bug Fix: Security Safe would unintentionally recommend a lower version of PHP if the user had a newer version higher than the known versions.
• Added Feature: Log 404 Errors
• Added Feature: Log Successful and Failed Logins
• Added Feature: Manage Denied / Allowed IP Addresses
• Added Feature: Log Blocked Access Attempts
• Added Feature: Log Security Vulnerability Probing
• Added Feature: Statistics and Charts
• Improvement: Force Local Logins setting now records blocked attempts.
• Improvement: Cleaned up some PHP Notices in error log.
• Improvement: Updated namespacing to support future plugins
• Improvement: Updated directory structure for better scalability
• Improvement: Minor code standardization updates
• Improvement: Performance testing and optimization
• Improvement: Minor styling updates
• Improvement: Updated PHP version checks
• Security: Added additional security to prevent XSS
• Tested up to: 5.2.1

1.2.3 (High Priority)

Release Date – 01 March 2019

• Security: Updated SDK
• Improvement: Updated PHP version checks
• Tested up to: 5.1

NOTE: View full WP Security Safe changelog.