iThemes Security was updated to version 4.3.11, from version 4.3.9. Changelog:
4.3.11
- Low Severity Security Fix – Lack of access control patched.
- Fixed an error in XMLRPC blocking when $username variable cannot be found.
4.3.9
- Remove error message if WP_Error is returned with wp_remote_post in malware scan
- Fixed bug where away-mode was still enabled after one-time period has passed which could result in away mode activating when it should not.
- Ensure that individual module updates fire when updating the plugin.
- Added function to retrieve current URL from the front-end.
- Fixed error in brute force protection that counts valid logins with XML-RPC as bad logins towards a brute force lockout.