iThemes Security was updated to version 4.1.3, from version 4.0.23. Changelog:
4.1.3
- Make sure “remove write permissions” works
- Better descriptions on white list
- Add pro table of contents if needed
- Make sure security admin bar item works
- Make sure lockout message only happens when needed
- Suppress errors on readlink calls
- Make sure class is present for permanent ban
- Make sure white list is an array
- Fix white listed IPs not working
- Log when Away-mode is triggered
- Make sure away mode file isn’t accidently deleted
- Make sure away mode doesn’t even allow access to the login form (as it didn’t in 3.x)
- Enhance warnings on “Change content directory” settings
- Better descriptions on white lists
- Fixed XMLRPC label
- Better XMLRPC Dashboard status
- Don’t allow logout action on wp-login.php with hide backend
- Better check for variable in SSL admin
4.0.27
- XMLRPC soft block should now work with WordPress mobile app
- Make sure uploads directory is only working in blog 1 in multisite
- Better checks for run method in module loader
4.0.25
- Make sure backup directory is present before trying to use it
- Make sure backup file method is respected on all backup operations
- Added ability to limit number of backups saved to disk
- Minor typo and other fixes
- Only load front-end classes as needed
- Add link to free support at .org forums
- Remove select(?ed) from suspicious query strings for 3.9 compatibility
- Fixed domain mapping issue (requires http://wordpress.org/plugins/wordpress-mu-domain-mapping/ domain mapping plugin)
- Remove array type errors on 404 pages
- Remove remaining create function calls
- Make sure logs directory is present before trying to use it
- Log a message when witelisted host triggers a lockout
- Don’t create log files if they’re not going to be used
- Add pro tab if pro modules need it
- Upgrade module loader to only load what is needed