iThemes Security 4.0.23

iThemes Security was updated to version 4.0.23, from version 4.0.18. Changelog:

4.0.23

  • Fix sorting by count in 404 Logs
  • Minor code cleanup
  • Make sure all wp_enqueue_script dependencies are in proper format
  • Reduce priority of hide backend init for better compatibility with other plugins
  • SSL now logs users out when activating to prevent cookie conflicts
  • When activating SSL Log out the user to prevent cookie conflicts
  • Use LOCK_EX as a second file locking method on wp-config.php and .htaccess
  • Minor code cleanup
  • Make sure all wp_enqueue_script dependencies are in proper format

4.0.21

  • Added ability to “soft” block XMLRPC to prevent pingback vulnerability while still allowing other access
  • Updated “Suspicious queary strings” to not block plugin updates
  • Update NGINX comment spam rewrite rules to better work with multi-site domain mapping
  • Move 404 hook in hide backend from wp to wp_loaded
  • Make sure super-admin role is maintained on multi-site when changing user id 1 and admin username at the same time
  • Make sure all redirects for hide backend and ssl are 302, not 301
  • Better resetting of SSL and disallow file editor on deactivation to account for more states
  • Make sure hide backend works with registration
  • Minor copy and other fixes
  • Update nginx rewrite rule on comment spam when domain mapping is active
  • Added the ability to disable file locking (old behavior)
  • Better file lock release (try more than 1 method) before failing
  • Don’t automatically show file lock error on first attempt
  • Added Spanish translation by Andrew Kurtis

4.0.19

  • Clean up away mode to prevent lockouts on update or other points