iThemes Security was updated to version 4.0.23, from version 4.0.18. Changelog:
4.0.23
- Fix sorting by count in 404 Logs
- Minor code cleanup
- Make sure all wp_enqueue_script dependencies are in proper format
- Reduce priority of hide backend init for better compatibility with other plugins
- SSL now logs users out when activating to prevent cookie conflicts
- When activating SSL Log out the user to prevent cookie conflicts
- Use LOCK_EX as a second file locking method on wp-config.php and .htaccess
- Minor code cleanup
- Make sure all wp_enqueue_script dependencies are in proper format
4.0.21
- Added ability to “soft” block XMLRPC to prevent pingback vulnerability while still allowing other access
- Updated “Suspicious queary strings” to not block plugin updates
- Update NGINX comment spam rewrite rules to better work with multi-site domain mapping
- Move 404 hook in hide backend from wp to wp_loaded
- Make sure super-admin role is maintained on multi-site when changing user id 1 and admin username at the same time
- Make sure all redirects for hide backend and ssl are 302, not 301
- Better resetting of SSL and disallow file editor on deactivation to account for more states
- Make sure hide backend works with registration
- Minor copy and other fixes
- Update nginx rewrite rule on comment spam when domain mapping is active
- Added the ability to disable file locking (old behavior)
- Better file lock release (try more than 1 method) before failing
- Don’t automatically show file lock error on first attempt
- Added Spanish translation by Andrew Kurtis
4.0.19
- Clean up away mode to prevent lockouts on update or other points