* NEW: Added XML-RPC protection feature. This update enhances your site's security by allowing you to easily enable or disable XML-RPC access.
* Improved: Malware signatures tweaked and improved, thank you users for suggestions.
* NEW: Add secret key display and copy functionality to 2FA module in frontend and backend. Allowing users to easier add the key to their system.
* FIX: Timezone on Overview page was incorrect, thank you for spotting Ivar.
* FIX: Resolved JavaScript conflicts that prevented 2FA functionality from working with ARMember and other plugins
* FIX: 2FA QR code/key generation now works reliably across all site configurations, even if other scripts have errors. "Skip for now" link, "Generate new QR code" button, code input validation, and temporary secret usage during setup all function correctly.
* FIX: 2FA setup UI and logic are now robust—QR code generation.
* IMPROVED: Enhanced 2FA JavaScript with robust error handling and DOM ready protection
* IMPROVED: Added inline JavaScript handlers as fallback to ensure 2FA works even when external scripts fail
* IMPROVED: Better error messages and user feedback during 2FA setup process
* NEW: Setting up 2FA for users in admin pages
* Fix for coupon protection in WooCommerce modern block cart and checkout page - Thank you Priit.
* Remove translated messages for errors logging in, creating a loop trying to present translated messages using WP's translation engine.
* Fix: Fixed database prefix renaming to properly handle option names containing embedded prefixes. Thank you Chris!
* Enhanced: Improved custom login URL security with proper access control and error handling
* NEW: Added "Reset Secret Access URL" button to the Tools page. This allows administrators to quickly reset the secret access URL used for firewall whitelisting.
* FIX: Prevent firewall from blocking REST API endpoints for plugins like Webba Booking
* Improved - Better instructions for setting up 2FA.
* FIX: Visitor log issue with White Label enabled.
* NEW: Filter by event type in the Events tab overview.
* FIX: Core Scanner - Resolved false positive alerts when users delete default themes (like Twenty Twenty-Three and Twenty Twenty-Four). The scanner now properly distinguishes between missing essential core files and intentionally removed theme/plugin files. Theme and plugin modifications are still detected as security issues, but deletions are no longer flagged as problems.
* CHANGE: Core Scanner – Focus on critical core files only. Modifications under `wp-content/` (themes, plugins, language packs) are excluded from Core Scanner "modified core files" results and from the tab counter. Deletions of default themes/plugins remain treated as non-issues.
* Remove references to the plugin name in the email sent with Secret Access URL details - if White label feature enabled.
* FIX: Issues with logging in with custom login URL for some users.
* FIX: User ID 1 Change - Fixed issue where users would lose administrator privileges when changing user ID 1 to a new ID. The fix now properly transfers user capabilities and ensures administrator role is maintained.
* NEW: Events Logger – REST API diagnostics. Added hooks to log REST authentication failures, pre-dispatch errors, final REST error responses, and successful REST post creations. View details in Events.
* FIX: Some settings not saving for some users (block admin function)
* FIX: Added specific whitelist rules for WPVivid Backup Pro and Free version files containing legitimate php_uname() usage and nested function calls.
* Updated French translation file.
* FIX: Multisite activation issues - Database tables now properly created for all sites in multisite networks
* FIX: PHP 8.1+ compatibility - Added safe string functions to prevent deprecation warnings
* IMPROVED: Code refactoring - Moved utility functions to dedicated classes
* IMPROVED: Enhanced multisite compatibility for all security tests
* IMPROVED: Test execution system, in particular to multisite testing.
* IMPROVED: Vulnerability scanner - Fixed time difference calculation for "Last Updated" display
* IMPROVED: Vulnerability file download - Simplified to single "Download All Files" button
* IMPROVED: Freemius integration - Added license validation hooks to ensure premium tables are created
* NEW: Enhanced test interface with smooth animations - Tests now show spinner animations during execution and completion highlights for better visual feedback.
* NEW: 2FA - Use E-mail based codes or app - Several users wanted to be able to choose email instead of app-based authentication.
* Fix: Removed minimum of 5 days in 2FA grace period.
* Fix: Some users reported settings reset - we tracked it to a race-condition where an update could overwrite the settings if not loaded yet.
* Fix: Error with importing latest settings that included malware scanner results. Trimmed down the export settings.
* Fix: Minor adjustment to file-viewer class, function to check where file is located.
* FIX: Enhanced REST API protection to prevent blocking legitimate API calls. Thank you Alex.
* FIX: Firewall settings randomly deactivates in rare cases.
* FIX: Change login URL feature did not properly save its state.
* NEW: Added WooCommerce protection to the Wizard for new installations.
* IMPROVED: Firewall settings module loads more efficiently, moved non-essential code to sub structure to improve load time in and out of admin.
* IMPROVED: Dashboard Widget visually improved and contains more practical information.