iThemes Security Pro 5.1.3

iThemes Security Pro was updated to version 5.1.3, from version 5.0.2. Changelogs:


  • Bug Fix: iThemes Licensing: Fixed fatal error that could occur when clicking the “View details” link for an available plugin update.


  • Tweak: Two-Factor Flow: Allow the user to proceed after downloading or copying the backup codes without dismissing the notice.
  • Tweak: File Change: Only scan a maximum of 10 plugins in a single chunk.
  • Tweak: File Change: Move “latest_changes” entry to a separate storage bucket to improve performance on large sites.
  • Bug Fix: Fix error on Multisite settings page when Two-Factor is not enabled.
  • Bug Fix: Properly enforce strong passwords when on the WP Login Reset Password page.
  • Bug Fix: Fix clearing or previous file scans results.
  • Bug Fix: iThemes Licensing: Fixed the “View details” link failing to work properly after updating.
  • Bug Fix: iThemes Licensing: Fixed an issue that could cause data changes to not save properly on specific background page requests.
  • Bug Fix: iThemes Licensing: Added a compatibility fix to avoid conflicts with plugins that change the plugin_action_links filter value from an array to a string.
  • Compatibility Fix: iThemes Licensing: Updated handing of wp_remote_get() response due to changes documented in
  • Enhancement: iThemes Licensing: Added ability to manage licensing from WP-CLI.


  • Enhancement: Allow for customizing access to the Application Passwords feature.
  • Misc: Added comment to prevent Tide from marking the plugin as not compatible with PHP 5.3.
  • Tweak: Differentiate between “Enforced Two-Factor” and “Configured Two-Factor” in User Security Check.
  • Bug Fix: Improve clearing of previous File Change file hashes.
  • Bug Fix: Internal links to a filtered logs page.
  • Bug Fix: Prevent duplicate “user-logged-in” log items when logging-in with Two Factor.
  • Bug Fix: Prevent multiple session tokens from being created when logging-in with Two Factor.
  • Bug Fix: Prevent missing provider information when logging a successful Two Factor authentication.
  • Bug Fix: Fixed incorrect detail text for Local Brute Force Protection on the Grade Report.


New Feature: Add Two-Factor On-Board flow.
Enhancement: Support disabling enforced Two-Factor the first time a user logs-in.
Enhancement: Introduced Login Interstitial framework to consolidate code between Password Requirements & Two Factor.
Bug Fix: Resolve warnings when upgrading file change settings.
Bug Fix: Allow read-only Application Passwords to make HEAD requests.