iThemes Security 5.2.0

iThemes Security was updated to version 5.2.0, from version 5.1.1. Changelog:

  • Security Fix: Fixed PHP code that could allow AJAX requests to list directories and files outside the directory structure of the WordPress installation. Note that these AJAX requests required a logged in user with admin-level privileges. This vulnerability was unable to be exploited by non-privileged or anonymous requests.
  • Bug Fix: Updated the SSL feature to use 301 redirects rather than 302 redirects.
  • Bug Fix: Fixed situations where security nonces would incorrectly trigger “security check” errors when enabling specific combinations of features on the settings page.
  • Bug Fix: Enabling scheduled database backups and setting a backup interval of 0 days no longer results in a backup being created on every page load.
  • Bug Fix: Module-specific data is properly initialized/removed on plugin activation, deactivation, and uninstallation.
  • Feature Removal: Removed the “Security Status” portion of the Security > Dashboard page. This is in preparation for a new tool that provides suggestions tailored to the site and server that Security is running on.
  • Enhancement: Updated the way the feature modules function in order to allow them to be redesigned in a more efficient and flexible way for future releases.
  • Enhancement: Updated the File Change Detection feature to attempt a max memory limit of 256M rather than 128M as some users experience out of memory issues which could be fixed with the higher memory limit.
  • Enhancement: Updated the Database Backup feature to attempt a max memory limit of 256M rather than 128M as some users experience out of memory issues which could be fixed with the higher memory limit.
  • Enhancement: Added localization support for some non-localized strings.
  • Enhancement: Improved detection of multiple active versions of iThemes Security.