1.0.0 - 2014-03-25 - Chris Wiegman Initial Release 1.0.1 - 2014-03-25 - Chris Wiegman Better conversion of ip to cidr 1.0.2 - 2014-03-27 - Chris Wiegman Don't show security menu on multisite for non network admins Fix for module path of windows servers Module path working correctly on Windows servers 404 white list should transfer to global white list White list implementation working across all lockouts Add extra dismiss box to close welcome modal (fix for smaller screens) 1.0.3 - 2014-04-01 - Chris Wiegman Fixed history.txt (for iThemes customers) Moved upgrade to separate function for more seamless update Upgrade system rewritten for better functionality Make sure 404 doesn't fail if there is not a 404.php in the theme Make sure WordPress root URLs render correctly Filewrite now only builds rules on demand. Fixed dismiss button on intro modal for small screens General cleanup and typo fixing 1.0.4 - 2014-04-02 - Chris Wiegman Added ability to manually purge log table 1.0.5 - 2014-04-03 - Chris Wiegman Added "Show intro" button next to screen options to bring the intro modal back Added ability to use HTML in error messages Minor copy and other tweaks 1.0.6 - 2014-05-03 - Chris Wiegman Execute permanent ban on the correct lockout count, not the next one Updated quick ban rules to match standard ban rules (will work with proxy) 1.0.7 - 2014-05-03 - Chris Wiegman Update plugin build 1.0.8 - 2014-04-08 - Chris Wiegman Make sure global settings save button matches others Fixed link in locout email Email address settings retain end of line Sanitize email addresses on save and not just use Make sure whitelist is actually an array before trying to process Make sure rewrite rules show on dashboard when file writing isnt allowed Added extra information to dashboard server information to help troubleshooting 1.0.9 - 2014-04-10 - Chris Wiegman Minor typo fixes Update nginx rewrite rule on comment spam when domain mapping is active Added the ability to disable file locking (old behavior) Better file lock release (try more than 1 method) before failing Don't automatically show file lock error on first attempt 1.0.10 - 2014-04-14 - Chris Wiegman When activating SSL Log out the user to prevent cookie conflicts Use LOCK_EX as a second file locking method on wp-config.php and .htaccess Minor code cleanup Make sure all wp_enqueue_script dependencies are in proper format 1.0.11 - 2013-04-17 - Chris Wiegman Make sure logs directory is present before trying to use it Log a message when witelisted host triggers a lockout Don't create log files if they're not going to be used Miscellaneous typos and orther bugfixes Add pro tab if pro modules need it Upgrade module loader to only load what is needed 1.0.12 - 2014-04-18 - Chris Wiegman Make sure uploads directory is only working in blog 1 in multisite Better checks for run method in module loader 1.1.0 - 2014-04-21 - Chris Wiegman Make sure "remove write permissions" works Better descriptions on white list Add pro table of contents if needed Make sure security admin bar item works Make sure lockout message only happens when needed Suppress errors on readlink calls Make sure class is present for permanent ban Make sure white list is an array Fix white listed IPs not working 1.1.1 - 2014-04-24 - Chris Wiegman Miscellaneous typos and other fixes Remove extra file lock on saving .htaccess, nginx.conf and wp-config.php. Only flock will be used in these operations 1.2.0 - 2014-05-07 - Chris Wiegman Better cache clearing and formatting updates Make sure rewrite rules are updated on this update Remove extra (settings) items from admin bar menu (leave logs and important information) Add WP_CONTENT_DIR to system information on dashboard Move support nag to free version only and make sure it properly redirects Fix check for presence of BackupBuddy to work with BackupBuddy >=4.2.16.0 Clean up details views on log pages Add username column to temp and lockouts tables Lockout usernames whether they exist or not Don't duplicate lockouts Fixed malformed lockout error on lockout message Don't display a host lockout when none exists Add Sync integration to release lockouts Improved reliability of brute force user lockouts 1.2.1 - 2014-05-19 - Chris Wiegman Fixed links in lockout emails Fixed IP mask calculations Add call to pro user-logging module Add ability to temporarily whitelist an IP address 1.3.0 - 2014-05-28 - Chris Wiegman Added call to two-factor module 1.4.0 - 2014-06-11 - Chris Wiegman Added call to settings import/export module (pro) Added button to restore default log location Don't automatically load front-end classes in dashboard pages Avoid errors on save if htaccess is completely empty Only register activation/deactivation/install hooks in admin Make sure temporary white-list is always available Improved check for white-listed IP during lockout Added ability to use constant to override server detection Don't remove extra line spaces in .htaccess Minor reformating and typo fixes 1.4.1 - 2014-06-12 - Chris Wiegman Fixed get_module_path to prevent 404 errors on plugin assets Fixed misplaced parenthesis forcing computer to always display it isn't whitelisted 1.4.2 - 2014-07-02 - Chris Wiegman Fixed an issue that was preventing an IP from being permanently banned due to too many lockouts Updated .htaccess rules for an IP that has been banned from too many lockouts to be more effective in more hosting environments Fixed responsive issues in iThemes notifications that prevented notifications from being easily read on small screens. 1.5.0 - 2014-07-28 - Chris Wiegman Added malware and malware scheduling modules Added better URL validation to ITSEC_LIB Added exception for 127.0.0.1 to prevent a local server from being locked out of a site during wp-cron or other calls Added button to quickly add current IP address to permanent whitelist Added appropriate message for logs page when logs are not available due to "file only" logging being selected 1.5.1 - 2014-07-29 - Chris Wiegman Make sure pro core module loads to remove upsell when pro has already been purchased. 1.5.2 - 2014-07-30 - Chris Wiegman Clean up notifications for file change detection and malware scanning 1.5.3 - 2014-08-11 - Chris Wiegman Ensure that individual module updates fire when updating the plugin Added function to retrieve current URL from the front-end 1.5.4 - 2014-08-20 - Chris Wiegman Low Severity Security Fix - Lack of access control patched - Sucuri (reported 19Aug2014) 1.6.0 - 2014-09-09 - Chris Wiegman New Feature: Add IPCheck Brute Force API integration New Feature: Add ability to receive a daily digest email instead of individual emails per event. Enhancement: Added "Go Pro" menu item to admin menus. Enhancement: Added button to release IP address from temporary whitelist. Fixed: introduction screen should now display completely on computers with low-resolution screens. Fixed: multisite bug that still showed BackupBuddy (if present) even though BackupBuddy is not multisite compatible. Fixed: Scrolling table of contents should not cover side-bar items on pro. Fixed: When changing admin user login form will no show the correct path when WordPress is not installed in the same directory as the website address. Fixed: File locking will try to create the iThemes Directory if it isn't already present rather than just saying a lock could not be attained. 1.6.1 - 2014-09-09 - Chris Wiegman Fixed: Fixed typos in digest email. Fixed: Fixed typos in default network lockout message. Fixed: Force stylesheet reload for new nags and other items by pushing plugin build number to stylesheet registrations 1.7.0 - 2014-09-15 - Chris Wiegman New Feature: Automatically generate strong passwords New Feature: Password expiration Fixed: When an invalid log directory is detected it will not fail but will instead reset it to the original. Fixed: No more duplicate digest emails Fixed: No more "Array" message appearing in digest emails from user lockouts Fixed: HTML in traditional file log emails will display correctly. Fixed: From address in notification emails will now display correctly. Fixed: MySQL errors will no longer appear for missing iThemes Security tables. Instead it will attempt to recreate them. 1.7.1 - 2014-09-16 - Chris Wiegman Fixed: Version bump to break cache. 1.7.2 - 2014-09-17 - Chris Wiegman Enhancement: Default log rotation changed from 30 days to 14 days Fixed: All logs page will properly display even with 50,000+ entries in the log 1.7.3 - 2014-10-09 - Chris Wiegman Fixed: fixed duplicate ID issue from user_id_exists calls. Fixed: Fixed an error in the lockout module that results in an error for users of multisite Fixed: Notification emails will no longer send if not turned on Fixed: Duplicate messages will not be allowed in digest emails Fixed: Duplicate digest emails will have a far lesser chance of sending Fixed: User lockout count in email notifications will now be correct 1.7.4 - 2014-10-09 - Chris Wiegman Fixed: Error on line 1312 when iThemes API is actived with version 4.4.15 1.8.0 - 2014-10-13 - Chris Wiegman New Pro Feature: Dashboard widget. Get important information and handle user blocking right from the WordPress Dashboard. 1.9.0 - 2014-10-21 - Chris Wiegman New Pro Feature: File change scanning will now compare WordPress core files to the WordPress.org repository. Fixed: Make sure php_gid is always defined to prevent error message if the function is not usable. Fixed: Link to BackupBuddy in admin bar will now work correctly. 1.10.0 - 2014-11-04 - Chris Wiegman New Pro Feature: Temporary privilege escalation 1.10.1 - 2014-11-05 - Chris Wiegman Security Fix: Fixed possible XSS vulnerability in ITSEC_Lib. - Low priority - Thanks to http://planetzuda.com 1.11.0 - 2014-12-04 - Chris Wiegman New Pro Feature: wp-cli integration New Feature: Temporarily whitelist your IP address via iThemes Sync New Feature: Override proxy IP detection New feature: Hide admin bar (if desired) Enhancement: Added filter to allow for custom log pages Enhancement: Added debug constant to help troubleshoot multiple emails Enhancement: Added constant to force digest emails via wp-cron instead of custom timing Fixed: Various missing variable fixes were added Fixed: MySQL errors on MySQL 5.6 during activation were fixed. Fixed: HTML emails now contain HTML tag Fixed: Lockout count in emails should now be more accurate 1.12.0 - 2014-12-16 - Chris Wiegman New Pro Feature: Google reCAPTCHA 1.12.1 - 2015-01-05 - Chris Wiegman New Feature: Add file/folder permissions check to Dashboard Fix/Enhancement: Minor refactoring of various core components 1.12.2 - 2015-01-12 - Chris Wiegman Fix: Fixed duplicate module listsing on log page dropdown Fix: Fixed missing lockouts on iThemes Sync dashboard 1.13.0 - 2015-01-21 - Chris Wiegman New Feature: Change WordPress Salts Enhancement: Refactored ITSEC_Lib and ITSEC_Files for better usability and new functions to make changing salts possible 1.13.1 - 2015-01-27 - Chris Jean Bug Fix: Generating wp-config.php file updates no longer produces warnings. 1.13.2 - 2015-01-27 - Chris Jean Bug Fix: Fixed .htaccess file modifications failing. 1.13.3 - 2015-02-05 - Chris Wiegman Fix: Quick banning IPs will now work correctly if existing htaccess rules are in place Fix: minor bug fixes and typo corrections. 1.13.4 - 2015-02-20 - Chris Wiegman Enhancement: Limit the number of lockouts that can be displayed at any given time in the dashboard. Fix: Make sure header error messages are suppressed when performing a lockout. Fix: Fix error message from missing login information when displaying lockouts. 1.13.5 - 2015-02-26 - Chris Jean Bug Fix: Fixed regression that prevented adding wildcard IP's in the form of 'XXX.XXX.XXX.*' to Ban Hosts. 1.13.6 - 2015-03-20 - Chris Jean Enhancement: Translation files can now be stored in WP_LANG_DIR/plugins/ithemes-security-pro for iThemes Security Pro and WP_LANG_DIR/plugins/better-wp-security for iThemes Security free version. Bug Fix: The file permissions check will no longer list a warning if the plugins directory has permissions of 755.