iThemes Security 4.4.13

iThemes Security was updated to version 4.4.13, from version 4.4.6. Changelogs:


  • Enhancement: Default log rotation changed from 30 days to 14 days
  • Fixed: All logs page will properly display even with 50,000+ entries in the log


  • Enhancement: Updated copy on Virustotal API key to indicate that a private key is not needed.
  • Fixed: More complete check for user id when resettings password will prevent undefined index login on line 62 error.
  • Fixed: Fixed a bug that prevented the api key from saving after resetting the key.
  • Fixed: Removed errors that could occur due to the use of custom capabilities and roles.


  • New Pro Feature: Automatically generate strong passwords
  • New Pro Feature: Password expiration
  • Enhancement: Added a link to the actual timezone settings in the general settings page (instead of the top of the page)
  • Fixed: When an invalid log directory is detected it will not fail but will instead reset it to the original.
  • Fixed: No more duplicate digest emails
  • Fixed: No more “Array” message appearing in digest emails from user lockouts
  • Fixed: HTML in traditional file log emails will display correctly.
  • Fixed: From address in notification emails will now display correctly.
  • Fixed: MySQL errors will no longer appear for missing iThemes Security tables. Instead it will attempt to recreate them.
  • Fixed: Fixed missing “no changes” text in file change emails.
  • Fixed: Formatting of individual file change emails will now work.
  • Fixed: Fixed a bug in ban users user agents that would cause a crash on Apache if the user agent contained a space
  • Fixed: When an invalid backup directory is detected it will not fail but will instead reset it to the original.