iThemes Security Pro was updated to version 4.1.1, from version 4.0.0. Changelogs:
- Bug Fix: Fixed password-protected posts not properly handling the password when Hide Backend is enabled.
- Important: The way that Hide Backend functions changes in this release.
- Previously, if your Hide Backend Login Slug was wplogin, going to example.com/wplogin would result in the URL remaining example.com/wplogin. The new implementation of this feature results in a redirect to a URL that looks as follows: example.com/wp-login.php?itsec-hb-token=wplogin. While this may not be desireable for some users, this change was necessary to fix longstanding compatibility issues with other plugins.
- Once you access the login page using the Login Slug page, a cookie is set with an expiration time of one hour. As long as the cookie remains, you can access example.com/wp-login.php without having to access the Hide Backend Login Slug first. If you wish to confirm that Hide Backend is working properly on your site, opening up a private browsing window is a quick way to test without having to log out and clear cookies.
- Bug Fix: Update malware scan scheduling email settings when the admin user id is updated.
- Bug Fix: Fixed compatibility of Two Factor with Jetpack’s Single Sign On feature.
- Bug Fix: Fixed issue that could prevent “Register” and “Lost your password?” links from working properly on the login page when Hide Backend is enabled.
- Bug Fix: Fix fatal error when updating a profile.
- Bug Fix: Fix strong passwords not being recognized as strong on the profile page.
- Bug Fix: Fix fatal error when registering a new user without specifying a role (iThemes Exchange).
- Bug Fix: Compatability with JetPack SSO and Password Requirements.
- Bug Fix: Ensure viewport meta is defined when loading the password requirements update password form.
- Bug Fix: Hide Backend is now compatible with Jetpack Single Sign On.
- Bug Fix: Hide Backend now hides registration pages on multisite sites.
- Enhancement: Add recaptcha support for WooCommerce.
- Enhancement: Allow multiple recaptchas on a single page.
- Enhancement: The Hide Backend hidden login URL is no longer leaked by password-protected content.
- Enhancement: Allow for searching through modules and settings.
- Enhancement: Link to other module settings pages without forcing the page to refresh.
- Enhancement: Fire an action, “itsec_change_admin_user_id”, when the admin user id changes.
- Enhancement: Changed default Hide Backend Register Slug from wp-register.php to wp-signup.php since WordPress switched from using wp-register.php to wp-signup.php for registrations. This will not affect existing sites.
- Enhancement: Hide Backend functions purely in PHP code now rather than relying half on PHP code and half on .htaccess and nginx.conf modifications.
- This allows Hide Backend to function on web servers and server configurations that it was previously not compatible with.
- New Feature: Added support for the ITSEC_DISABLE_MODULES define