Plugin / Defender WordPress Security, Malware Detection, and Firewall

Changelog

2.1.5

• Fix: Add the correct css wrapper class to body

2.1.4

• Fix: Mask Login cause issue when visiting /wp-admin/network/sites.php

2.1.3

• Feature: Security tweaks will send reminder when no tweaks were actioned after activation
• Improvement: Scanning will be more catchy, especially with code using eval function, however that can lead to more false positive, please consider to check with our support before delete the file.
• Fix: Bring back the tooltips system
• Fix: Audit filter links doesn’t reflect the right results if open in new tab
• Fix: Filtering issue type in scanning now show correct results.
• Fix: Scanning notification keep sending when the setting turn to “off”
• Fix: User IP in IP Lockout->Blacklist now show the correct IP.
• Fix: Bring back the subject customization field in Scanning email config.
• Fix: Manage Login Duration wont make user to login twice anymore.
• Fix: Audit filtering by user now working properly
• Fix: We change the Audit logging items’ color from red to more neutral.
• Fix: Ad Widget won’t be show in vulnerability list by accident anymore
• Fix: Bottom bulk selector in Scanning page now work properly
• Fix: Deprecate warning from the function strpos() in php 7.3
• Fix: Sync issues with HUB will be more consistent.
• Fix: Mask login doesn’t work properly if WordPress get installed in a sub-folder
• Fix: Conflict with Avada theme which making scanning stuck
• Fix: Gracefully handle error when php dom extension does not install
• Fix: Prevent factory reset revert database prefix into wp_ even though it was not set by Defender.
• Fix: Prevent slashes added in email template
• Fix: Minor grammar and UX improvements.

2.1.2

• Feature: Defender Pro now supports the WPMU DEV Dashboard’s white label feature.
• Feature: You can now perform a factory reset of Defender’s settings via the Settings screen, as well as control what happens to data when the plugin is uninstalled.
• Improvement: Defender File Scanning no longer identifies robots.txt as a potentially harmful file.
• Improvement: We’ve turned off autocomplete on the two-factor authentication field so that previous codes don’t show up.
• Fix: Fixed a conflict with Defender where the 404 lockout feature would lock out users who tried to access old Hummingbird cache files.
• Fix: You can now view date ranges greater than 7 days for IP Lockout logs
• Fix: Minor grammar and UX improvements.

2.1.1.1

• Fix: Two-Factor Authentication QR code not being displayed on new device registration.

2.1.1

• Fix: Prevent Information Disclosure corrupts htaccess code

2.1

• New: Geo-based IP blocking. Completely block incoming traffic from specific countries to gain full control over who can and can’t access your site.
• New: Upgraded design components and improved user experience across the board.
• Fix: Corrupt .htaccess rules generated by Defender weren’t able to be re-applied when adding them a second time.
• Fix: Users can no longer get past login masking when using double slashes.
• Fix: Javascript errors prevented adding recipients to notifications and editing templates.
• Fix: Blacklist monitoring could not be enabled on some sites.
• Fix: Parse error on installations running PHP 5.3.
• Improvement: Removed activation redirection and tooltips on first activation.
• Other minor enhancements and fixes

2.0.1

• Fix: permanent ban on 404 lockouts now sends correct email.
• Fix: IP lockout logs not showing correct results/order on different pages.
• Fix: IP lockout logs showing wrong badge for 404 lockouts.
• Fix: 2FA not working properly when using Sensei plugin.
• Other minor enhancements and fixes.

2.0

• New: added tweak “Disable XML-RPC”
• Improvement: Two factor authentication can now be force enabled by role.
• Improvement: Masking URL description.
• Fix: Compatibility with Appointments+ login when Mask Login is enabled.
• Fix: /login/ will be blocked instead of redirecting to right login URL
• Fix: new site registration email login URL will now show right Login URL instead of the original one when Mask URL is enabled.
• Fix: Accessibility issue when activating 2FA.
• Changes: Show Admin Pointer on initial Defender activation, and removing the redirect behavior.
• Other minor enhancements and fixes

1.9.1

• Fix: Mask Login Area description text is misleading
• Fix: wp-admin link of sub-sites in networks link to wrong admin URL
• Fix: Prevent Information Disclosure & Prevent PHP Execution show false error message when first applied
• Fix: Dashboard reporting section mis-alignment
• Other minor enhancements and fixes

1.9

• New: Ability to edit default two-factor authentication email notifications
• New: Added Privacy Policy in privacy guideline page
• Improvements for lockout logs interface
• Improvement: Smarter report default time.
• Fix: Defender auto redirect issue when bulk activating plugins
• Fix: saving 404 redirect URL issue
• Fix: Some layouts are shifted on mobile devices
• Other minor enhancements and fixes

1.8

• New: Hide the default WordPress login URLs with the new Mask Login Area feature, giving you enhanced protection from hackers and bots.
• New: Ability to force two-factor authentication for all users.
• Fix: Fixed a bug where file scanning would detect wp-config.php as suspicious.
• Fix: Fixed an issue where the lockout pages could be cached by external cache engines.

1.7.6

• Fix: Defender now can recognize and verify Bing Bot for whitelisting
• Fix: Lockout page now will use site title instead of the text ‘WP Defender’
• Other minor enhancements and fixes

1.7.4

• Fix: Conflict with Jetpack where Defender 2FA module would not detect if Jetpack 2FA was disabled.
• Fix: Visitor would get a 404 lockout if landing on a page with many dead links.
• Improvement: When an user is deleted, audit logging now display the user’s login instead of only UID.
• Other minor enhancements/fixes

1.7.3

• Fix: Two-factor authentication can be bypassed by user with no role.
• Improvement: Enhanced two-factor authentication protection across multisites.

1.7.2

• Improvement: Improvement: IPv6 support for both whitelisting and blacklisting, requires IPv6 support on the server.
• Improvement: Better UI/UX for Two-factor authentication.
• Fix: Security tweak “Prevent PHP Execution” and “Protect Information” now support Apache 2.4 htaccess rules.
• Other minor enhancements/fixes

1.7.1

• Added: widget for 2 factors authentication
• Fix: Defender does not detect the right IP when CloudFlare is being used
• Fix: Conflict with TM Photo Gallery Plugin
• Other minor enhancements/fixes

1.7.0.1

• Fix: notification message.

1.7

• New: Now you can enable 2 factors authentication with Defender and Google Authenticator app, support for iOS and Android
• New: We can define how long the “Remember me” can take affect, via a new Security Tweak, called “Manage Login Duration”
• Improvement: IP Lockout logs now have separate tables, better for performance.
• Fix: Ignore a file in Scanning section sometimes coming back after couple of scans.
• Other minor enhancements/fixes

1.6.2

• New: CSV export for Audit Logging.
• Improvement: Email reports now have unsubscribe link, and link to Reports where email reports can be turned off.
• Fix: Typo in Audit email.
• Other minor enhancements/fixes

1.6.1

• Improvement: Improved IP Lockout performance.
• Fix: “Update old security keys” doesn’t move to resolved list after processed
• Fix: When emptying IP Lockout logs cause timeout error.
• Fix: Typos in some places
• Other minor enhancements/fixes

1.6.0.1

• This is a quick hotfix release to tame a few notifications that showed up when they weren’t supposed to. Joy.

1.6

• New: First edition for WordPress directory

1.5

• New: You can now add exceptions for specific PHP files in the PHP Execution Security Tweak.
• Improvement: Filtering all log types now uses URLs instead of ajax only, meaning you can link to a filtered log easily.
• Improvement: Various user experience updates across the plugin interface to make using Defender even easier.
• Fix: Lockout Logs now display from newest to oldest.
• Fix: Lockout Logs pagination now works correctly.
• Fix: Inconsistencies in the IP Lockouts stats across the plugin.
• Fix: Sending Audit Logging reports to multiple recipients would address all recipients as the first user’s name.
• Fix: Grammar and typos in some modals and error messages.
• Fix: If Defender finds a vulnerability in WordPress’s core, the text would indicate running an update would fix the issue though no update was actually available yet.

1.4.2

• Improvement: The plugin interface will now stretch to utilize extra screen space on larger screens.
• Fix: Audit Logging was getting its days mixed up in the summary area. You’ll now see the correct day of the week.
• Fix: We squashed a bug that was causing files scans to sometimes report false positive files after WordPress core upgrades.
• Fix: A conflict with Jetpack was causing scans to stall, which we have now fixed up.
• Fix: In some cases File Scanning reports wouldn’t actually stop sending if you disabled them. It now obeys commands.
• Fix: Google’s bot was being blocked by IP Lockouts but now it’s free to crawl and index as it pleases.
• Fix: We removed redundant “cancel” buttons on settings pages. You probably won’t even notice!
• Fix: We’ve added live stats so now there’s no need to wait around in anticipation while running files scan actions.
• Fix: Stats weren’t displaying the right numbers after actioning security tweaks, but it’s all good now.
• Fix: Pagination on the Audit Logging logs page now works like you would expect it to.
• Fix: Files detected in File Scanning now have metrics with their file sizes.
• Fix: We’ve fixed styling issues with toggles.
• Fix: We removed the” Resolve bulk update” option from File Scanning. It wasn’t really a valid action.
• Fix: Incomplete icons in the Dashboard reports area have been updated.
• Fix: We’ve removed redirection from the dashboard to the File Scanning page are after preforming a file scan so now you shouldn’t feel lost.
• Fix: Lots of other small stuff, like minor cosmetic and grammar fixes.

1.4.1

• Fixed: Compatibility issue with Getting Started Wizard
• Fixed: Scanning was sometimes slow or getting stuck

1.4

• New: Meet the brand new Defender! This release focuses on making security for WordPress a better place. We’ve given the UI a refresh and updated the UX, so configuring your security settings is a walk in the park.
• Fixed: A ton of bug fixes & improvements. Yep, vague description! But why bore you with the small stuff when you could be spending time bolstering your site’s security?

1.3

• Added: Endpoint API so HUB can work with Defender natively through WPMU DEV Dashboard plugin
• Other minor enhancements/fixes

1.2

• Added: New Hardening Rule (PHP version)
• Improvement: Audit Logging now allows date range selection.
• Improvement: IP Lockouts now allow IP ranges in whitelist/blacklist.
• Improvement: IP Lockouts now can import/export whitelist/backlist.
• Fixed: IP Lockouts email notification text on permanent IP ban.

1.1.4.1

• Fixed: Fatal error when PHP extension sockets is not enabled

1.1.4

• Improvement: Audit logging now detects file changes in WordPress core.
• Fixed: Updating via WordPress core now syncs better with the Hub.
• Fixed: Some compatibility fixes for PHP 5.2.

1.1.3

• Improvement: Audit Logging now ajax based.
• Fixed: minor bug fixes & some UI/UX improvements

1.1.2

• Improvement: Switched the User dropdown in Audit Logging to load results via AJAX to increase initial load performance.
• Improvement: Scan results now pre-load information so that you can action fixes faster.
• Fixed: Removed cronjob events from being tracked in Audit Logging.
• Fixed: The Audit Logging filter box now stays visible if no results are returned.
• Fixed: Other small bug fixes and improvements.

1.1.1

• Added: A warning indicator in WP Admin sidebar to let you know how many security issues are outstanding.
• Added: The ability to choose to only receive email reports when there are issues with your website.
• Fixed: Minor bug fixes & improvements

1.1

• New feature: Audit logging
• New plugin icon
• Vulnerability plugins/theme scan result can be ignored
• Some other minor enhancements/fixes

1.0.8

• Improve Core Integrity Scan.
• Improve caching method

1.0.7

• Improved: Scan schedule.
• Fix: issue with W3 Total Cache Object Cache

1.0.6

• Fix: Defender data doesn’t sync with HUB correctly
• Fix: Email report doesn’t send properly
• Some other minor enhancements/fixes

1.0.5

• Added: Option to choose reminder period for Hardener rule “Update old security keys”
• Improved: Compatibility with Windows server
• Improved: Optimized resource usage when scanning
• Fix: issue with memcached
• Other minor enhancements/fixes

1.0.4

• Improve scan engine, reduce false positives
• Improve uninstallation method
• Add the ability to ignore hardener rules.
• Improve the performance impact on the site.
• Fix scans sticking at 100% in some cases
• Fix compatibility issues with IIS
• Some other minor enhancements/fixes

1.0.3

• Optimize scanning
• Preventing performance issue with some hosts
• Fix false blacklist detection in local environment
• Some other minor enhancements/fixes

1.0.2

• Applied ajax inline updates for plugins/themes
• One click Prevent PHP execution
• One click Prevent Information Disclosure
• Add detail page for core integrity issue, and automate resolution
• Fix scan stability with limited memory
• Some other minor enhancements/fixes

1.0.1

• Scanning can auto detect if user is active on scanning page to work based on ajax, or leave to enable background scan
• Improve condition checking for Prevent Information Disclosure module
• Improve condition checking for Prevent PHP execution module

1.0

• First release