iThemes Security 4.8.0

iThemes Security was updated to version 4.8.0, from version 4.6.13. Changelogs:


  • Feature Removal: Removed the malware scanning features as VirusTotal no longer supports scanning from WordPress sites. A replacement is in the works.
  • Bug Fix: The close button on the “Thank you for activating iThemes Security” message now appears in the correct location.
  • Bug Fix: Removed the site’s URL being displayed in the “Replace jQuery With a Safe Version” setting details.
  • Bug Fix: Updated .htaccess rules to be compatible with Apache 2.4 without the auth compat module.
  • Bug Fix: Enabling and disabling the “Remove File Writing Permissions” setting now updates the file permissions properly.
  • Bug Fix: Web servers that cannot be recognized now default to Apache.
  • Enhancement: Updated the hackrepair lists.


  • Enhancement: Updated to use new file modification API.
  • Enhancement: Added blacklist for Nginx.
  • Enhancement: Improved Nginx support for System Tweak features.
  • Enhancement: Updates to wp-config.php, .htaccess, and nginx.conf files now support more systems.
  • Enhancement: Combined the “Force SSL for Dashboard” and “Force SSL for Login” settings to a unified “Force SSL for Dashboard” setting. This is due to how the FORCE_SSL_LOGIN define was deprecated in WP 4.0.0.
  • Enhancement: Added comments to wp-config.php, .htaccess, and nginx.conf updates that indicate which settings affect the specific entries.
  • Enhancement: Added translation support for previously static strings, including strings used for comments in wp-config.php, .htaccess, and nginx.conf files.
  • Enhancement: Improved generation of valid referers for use by the Reduce
  • Comment Spam feature.
  • Enhancement: Broadened the server support in the import settings code.
  • Enhancement: Added new library classes for managing files, directories, and config files.
  • Enhancement: Improved error messages for when file writes fail.
  • Enhancement: Improved error messages for when export file creation fails.
  • Enhancement: Improved error messages for situations when the .htaccess, nginx.conf, or wp-config.php files may need to be manually updated.
  • Bug Fix: Added support for Apache 2.4 without the access_compat module.
  • Bug Fix: Fixed condition where forcing SSL on front-end pages could cause infinite redirection loops with specific setups of nginx to Apache reverse proxy servers.
  • Bug Fix: Fixed scenarios where the site would be forced to load via https but scripts, stylesheets, and images would load via http.
  • Bug Fix: Fixed invalid nginx.conf rule generation for the Reduce Comment Spam feature.
  • Bug Fix: Corrected invalid parsing of some IP formats in Ban Hosts list.
  • Bug Fix: Improved error handling when reading or updating config files.
  • Bug Fix: Fixed various warnings that would display when changing settings.
  • Bug Fix: Fixed a situation where creation of a zipped export file would fail, but an email would still be sent as if the zip was created successfully.