iThemes Security Pro 4.1.1

iThemes Security Pro was updated to version 4.1.1,  from version 4.0.0. Changelogs:


  • Bug Fix: Fixed password-protected posts not properly handling the password when Hide Backend is enabled.


  • Important: The way that Hide Backend functions changes in this release.
  • Previously, if your Hide Backend Login Slug was wplogin, going to would result in the URL remaining The new implementation of this feature results in a redirect to a URL that looks as follows: While this may not be desireable for some users, this change was necessary to fix longstanding compatibility issues with other plugins.
  • Once you access the login page using the Login Slug page, a cookie is set with an expiration time of one hour. As long as the cookie remains, you can access without having to access the Hide Backend Login Slug first. If you wish to confirm that Hide Backend is working properly on your site, opening up a private browsing window is a quick way to test without having to log out and clear cookies.
  • Bug Fix: Update malware scan scheduling email settings when the admin user id is updated.
  • Bug Fix: Fixed compatibility of Two Factor with Jetpack’s Single Sign On feature.
  • Bug Fix: Fixed issue that could prevent “Register” and “Lost your password?” links from working properly on the login page when Hide Backend is enabled.
  • Bug Fix: Fix fatal error when updating a profile.
  • Bug Fix: Fix strong passwords not being recognized as strong on the profile page.
  • Bug Fix: Fix fatal error when registering a new user without specifying a role (iThemes Exchange).
  • Bug Fix: Compatability with JetPack SSO and Password Requirements.
  • Bug Fix: Ensure viewport meta is defined when loading the password requirements update password form.
  • Bug Fix: Hide Backend is now compatible with Jetpack Single Sign On.
  • Bug Fix: Hide Backend now hides registration pages on multisite sites.
  • Enhancement: Add recaptcha support for WooCommerce.
  • Enhancement: Allow multiple recaptchas on a single page.
  • Enhancement: The Hide Backend hidden login URL is no longer leaked by password-protected content.
  • Enhancement: Allow for searching through modules and settings.
  • Enhancement: Link to other module settings pages without forcing the page to refresh.
  • Enhancement: Fire an action, “itsec_change_admin_user_id”, when the admin user id changes.
  • Enhancement: Changed default Hide Backend Register Slug from wp-register.php to wp-signup.php since WordPress switched from using wp-register.php to wp-signup.php for registrations. This will not affect existing sites.
  • Enhancement: Hide Backend functions purely in PHP code now rather than relying half on PHP code and half on .htaccess and nginx.conf modifications.
  • This allows Hide Backend to function on web servers and server configurations that it was previously not compatible with.
  • New Feature: Added support for the ITSEC_DISABLE_MODULES define