iThemes Security was updated to version 4.0.18, from version 4.0.12. Changelogs:
4.0.18
- Make sure unset admin user field remains if the other setting has been fixed
- Removed admin user from settings table of contents
- Make sure array input is trimmed in file change module
- Correct input type on file change settings sanitization
- Use full URL on file change warning redirect to prevent invalid target
- Reduce erroneous hide backend change warnings
- When accessing htaccess or wpconfig make sure opening settings changes are 664 instead of 644 to reduce issues
- Update hackrepair.com’s Agents blacklist
- Make sure global settings save button matches others
- Fixed link in locout email
- Email address settings retain end of line
- Sanitize email addresses on save and not just use
- Make sure whitelist is actually an array before trying to process
- Make sure rewrite rules show on dashboard when file writing isnt allowed
- Added extra information to dashboard server information to help troubleshooting
4.0.16
- Fixed bug preventing file change scanning from advancing when chunked
- Don’t autoload file list on non-multisite installations
- Make sure away mode settings transfer from 3.x or disable away mode
- Better descriptions on save buttons
- Admin use “Fix it” Correctly goes to advanced page
4.0.14
- Execute permanent ban on the correct lockout count, not the next one
- Updated quick ban rules to match standard ban rules (will work with proxy)
- Fixed an NGINX rule that didn’t actually block XMLRPC.php
- Updated rule order on ban users
- Fixed a bug that could prevent away from from turning off in certain time configurations (this resulted in the return to homepage on login)
- Updated some function doc