WP Security Safe

Registro de cambios

Versions Key (Major.Minor.Patch)

• Major – 1.x.x increase involves major changes to the visual or functional aspects of the plugin, or removing functionality that has been previously deprecated. (higher risk of breaking changes)
• Minor – x.1.x increase introduces new features, improvements to existing features, or introduces deprecations. (low risk of breaking changes)
• Patch – x.x.1 increase is a bug fix, security fix, or minor improvement and does not introduce new features. (non-breaking changes)

= Version 2.6.1 (Medium Priority)
*Release Date – 3 Nov 2023

• Bug Fix: In a local development environment using symlinks for the plugin’s directory, SDK was unable to reach local assets (css, js) thus causing display and functionality issue issues within the admin area.
• Minor Improvement: Minor code improvements and typo fixes
• Minor Improvement: Updated SDK dependency to version 2.6.0
• Minor Improvement: Updated minimum PHP recommendation to be based on current date
• Minor Improvement: Updated PHP version checks
• Tested up to 6.3.2

= Version 2.6.0 (Medium Priority)
*Release Date – 4 Oct 2023

• Bug Fix: PHP fatal error encountered when adding a new site to a multisite environment.
• Bug Fix: Plugin namespace was causing scope issues when referring to core WP classes
• Security: Using updated sanitization methods on $_POST variables
• Improvement: Removed deprecated FILTER_SANITIZE_STRING and replaced with latest security sanitization
• Improvement: Forced blocked username list to be compatible with space delimiter and convert to new line
• Minor Improvement: Updated SDK dependency to version 2.5.12
• Minor Improvement: Enable plugin method needed to be statically defined and called
• Minor Improvement: Updated PHP version checks
• Tested with PHP versions 8.0, 8.1, 8.2
• Tested up to 6.3.1

= Version 2.5.2 (High Priority)
*Release Date – 18 Jul 2023

• Security Fix: Updated SDK dependency to version 2.5.10

= Version 2.5.1 (High Priority)
Release Date – 4 May 2023

• Bug Fix: The blacklist check and username blocking were firing in the wrong orders

= Version 2.5.0 (Medium Priority)
Release Date – 3 May 2023

• New Feature: Automatically block common generic usernames and custom defined usernames
• New Feature: Prevent the registration of a username that is on the block list
• Bug Fix: Database tables were not automatically created on all active sites when the plugin was network activated or a new site was added to the network in a multisite environment
• Bug Fix: Custom db tables were not the correct charset and collate
• Bug Fix: Network admin plugins page displayed a link to the main site’s settings.
• Bug Fix: Site admin plugins page displayed a link to a dashboard page that did not exist.
• Bug Fix: If plugin settings were manually deleted via the database, the plugin would not recreate them automatically
• Improvement: Better load performance with PHP 7.4 type hinting
• Improvement: Updated username threat detection to use the default block list values
• Improvement: There were inconsistencies with how settings were referenced throughout the code.
• Improvement: Prevent plugin from loading if the minimum versions of WordPress and PHP are not installed
• Improvement: Updated SDK dependency to version 2.5.7
• Improvement: Updated PHP version checks
• Minor Improvement: Increased Minimum PHP Version to 7.4
• Minor Improvement: Increased Minimum WordPress Version to 5.3
• Minor Improvement: Added Versions Key to changelog
• Minor Improvement: formatting improvements to the readme.txt
• NOTICE: Version 3.0 Will coming with some new features regarding user management, improved load performance, and more multisite tools.
• Tested up to 6.2.0

= Version 2.4.4 (High Priority)
Release Date – 05 Apr 2022

• Security: Updated SDK to version 2.4.3 due to security vulnerability
• Security: Implemented escaping to prevent XSS
• Warning: Upcoming Version 2.5 will require a minimum PHP 7.4 and WordPress 5.3
• Improvement: Implemented centralized sanitization library for retrieval of all request variables for better reliability and consistency of sanitization
• Minor Improvement: Updated PHP version checks
• Tested up to 5.9.2

Version 2.4.2 (Medium Priority)

Release Date – 06 Feb 2022

• NOTICE: Upcoming Version 2.5 will require a minimum PHP 7.4 and WordPress 5.3
• Security: Improved XSS escaping throughout the admin pages.
• Bug Fix: The filter hooks into ‘authenticate’ were using add_action instead of add_filter
• Bug Fix: Some styling on the permissions table was not getting applied correctly due to missing class
• Improvement: Fix some PHP notices
• Minor Improvement: Updated PHP version checks
• Tested up to: 5.9

Version 2.4.1 (Low Priority)

Release Date – 04 March 2021

• Bug Fix: Pantheon Hosting: files in the uploads directory now accept 770 permissions as secure
• Improvement: Removed the batch permissions dropdown and the update permissions button when no files/dirs are available to modify.

Version 2.4.0 (Medium Priority)

Release Date – 28 February 2021
Release Notes: https://wpsecuritysafe.com/changelog/version-2-4/

• Added Feature: Automatically blocks IP addresses temporarily after numerous failed logins
• Added Feature: Import and Export settings are now included with the free version.
• Added Pro Feature: Advanced Automatic IP Blocking after numerous threats are detected.
• Improvement: Fixed some PHP warnings displayed when XML-RPC requests use poorly formatted XML. Thank you Charles Suggs for reporting this.
• Improvement: Adjusted cleanup script to leave allow/deny table for 3 days past expiration for more advanced threat detection.
• Improvement: Allowed IPs now get exempt from nonce checks.
• Improvement: Adjusted upgrade script to be more efficient with load.
• Improvement: Updated file permission statuses to be error, warning, and notice versus bad, ok, good
• Improvement: Adjusted Login Error handling so that the user is sent back to the login screen when the login attempt is blocked and the error is displayed.
• Improvement: Fixed various PHP Warnings: Thanks John Dorner for reporting them.
• Improvement: Automatically group and sort bad file permissions to the top of the file permissions table.
• Improvement: Changed the 404, login, and block charts from 7 days to 30 days of data to display.
• Improvement: Minor code improvements.
• Minor Improvement: Updated SDK to version 2.4.2
• Minor Improvement: Updated PHPDoc notes
• Minor Improvement: Updated PHP version checks
• Bug Fix: Pantheon Hosting: directories in the uploads directory now accept 770 permissions as secure
• Pro Bug Fix: Plugins files were not getting file permissions fixed after a plugin update.
• Tested up to: 5.6.2

Version 2.3.2 (Medium Priority)

Release Date – 11 September 2020

• Minor Improvement: Removed feature Local Login as it was triggering false positives due to browser caching issues.
• Minor Improvement: Updated PHP version checks
• Tested up to: 5.5.1

Version 2.3.1 (High Priority)

Release Date – 05 January 2020

• Bug Fix: version privacy for JS files conflicted with Google Recaptcha. Thank you Lynn Appleget for reporting this bug.
• Bug Fix: Plugin updates were not getting logged properly after an update.
• Bug Fix: Plugin would not initialize in a multi-site network.
• Bug Fix: Prevent caching of nonce for front-end login form
• Bug Fix: Some 404s were getting detected before a WP redirect was happening.
• Minor Improvement: Fixed PHP Notices
• Minor Improvement: Updated PHP version checks
• Minor Improvement: PHP version comparison logic improved
• Minor Improvement: Increase performance by reducing unnecessary method calls
• Minor Improvement: Updated SDK
• Tested up to: 5.4

Version 2.3.0 (Low Priority)

Release Date – 13 November 2019

• Bug Fix: Administrator role was prevented from right-clicking and highlighting when these content protection features were enabled. This role should be excluded from these policies.
• Bug Fix: Fixed typo which had no affect on functionality due to fallback check.
• Improvement: Changed default settings to include “Make Website Anonymous” during updates and “Prevent WordPress version files from public access”.
• Improvement: Minor performance enhancements
• Increase PHP version requirement to match WordPress core.
• Tested up to: 5.3

Version 2.2.3 (High Priority)

Release Date – 21 October 2019

• Bug Fix: Local Login feature would not allow logins via front-end login forms created with wp_login_form(). Thank you @alfonsoborghi for the bug report.
• Bug Fix: An admin notice was not properly counting directories with OK permissions on the Files admin page.
• Bug Fix: Stats were attempting to record during system activities and thus throwing “WordPress database error Duplicate entry”
• Bug Fix: Search and bulk delete on the Firewall Allow/Deny admin page would trigger false flag admin errors regarding IP validation.
• Bug Fix: Sort filters on the Firewall admin page would trigger false flag admin notices.
• Bug Fix: Body class was being added to every page in the admin.
• Bug Fix: Duplicate policy disabled admin notices were appearing on admin pages using wp_list_table()
• Security: Added nonce to reset and save settings
• Security: Added nonce to add / remove Firewall rules
• Minor Improvement: Renamed nonces to prevent conflicts with other plugins
• Minor Improvement: Performance tuning to reduce function calls
• Minor Improvement: Changed default settings to include disabling XML-RPC and force Local Logins.
• Minor Improvement: Fixed a PHP Warning.
• Minor Improvement: Updated PHP version checks
• Tested up to: 5.2.4

Version 2.2.2 (Medium Priority)

Release Date – 09 September 2019

• Bug Fix: Cron cleanup scripts were failing.
• Improvement: Fixed two PHP errors.

Version 2.2.1 (Medium Priority)

Release Date – 05 September 2019

• Updated Feature: The local login feature was improved to be more reliable.
• Bug Fix: The local login feature was causing server errors on Pantheon servers. Thanks FullSteam Labs for the bug report.
• Bug Fix: The blacklist check was not functioning properly.
• Bug Fix: The sidebar was appearing on tabs that were full width of the screen.
• Bug Fix: The charts would not load in a local development environment without an active internet connection.
• Bug Fix: Fixed minor styling anomalies when viewing admin in Spanish
• Pro Bug Fix: File corrupt error displayed if imported settings already matched the current settings.
• Improvement: Added more i18n language support.
• Improvement: The form that adds an IP to the firewall is more user-friendly
• Improvement: Added ability to make notes when manually adding IPs to the firewall
• Improvement: Fixed some minor PHP notices.
• Improvement: Added ‘Status’ column and filter to Firewall page.
• Improvement: Added additional information to the ‘Details’ column.
• Improvement: Converted the Firewall page to include all detected threats
• Improvement: Added Spanish Translations
• Minor Improvement: Updated logo and minor styling
• Minor Improvement: Updated PHP version checks
• Security: Added additional sanitization for logging
• Tested with ManageWP Version 4.9.1
• Tested up to: 5.2.3

Version 2.1.1 (Medium Priority)

Release Date – 15 July 2019

• Bug Fix: Session handling conflicted with some admin features in oddball scenarios
• Improvement: Fixed a PHP Warning

Version 2.1.0 (Medium Priority)

Release Date – 15 July 2019

• Bug Fix: WP Cron activities were not recording to activity log (Only visible in debug mode)
• Bug Fix: Charts do not display properly until an entry has been initially added to stats.
• Bug Fix: Styling issue with wp_table_list pagination
• Bug Fix: Search field not working on log tables
• Bug Fix: Admin notices would not display for policies that were disabled or if wp cron was disabled using DISABLE_WP_CRON.
• Bug Fix: The admin notices were not displaying bold properly
• Improvement: Fixed some PHP notices, thanks to Charles Suggs
• Improvement: Excluded user roles super admin, administrator, editor, and author from text highlighting and right-click content protection while logged in
• Minor Improvement: Updated SDK
• Improvement: Implemented better session handling for increased load performance
• Improvement: Added more i18n language support.

Version 2.0.2 (High Priority)

Release Date – 10 June 2019

• Improvement: In some outlying circumstances, the DB tables do not get created. A failsafe was added to create the tables if the insertion of a record failed.
• Bug Fix: The new DB tables get created if the plugin is disabled and then enabled, but not after an update process.

Version 2.0.0 (Low Priority)

Release Date – 10 June 2019

• Bug Fix: Security Safe would unintentionally recommend a lower version of PHP if the user had a newer version higher than the known versions.
• Added Feature: Log 404 Errors
• Added Feature: Log Successful and Failed Logins
• Added Feature: Manage Denied / Allowed IP Addresses
• Added Feature: Log Blocked Access Attempts
• Added Feature: Log Security Vulnerability Probing
• Added Feature: Statistics and Charts
• Improvement: Force Local Logins setting now records blocked attempts.
• Improvement: Cleaned up some PHP Notices in error log.
• Improvement: Updated namespacing to support future plugins
• Improvement: Updated directory structure for better scalability
• Improvement: Minor code standardization updates
• Improvement: Performance testing and optimization
• Improvement: Minor styling updates
• Minor Improvement: Updated PHP version checks
• Security: Added additional security to prevent XSS
• Tested up to: 5.2.1

Version 1.2.3 (High Priority)

Release Date – 01 March 2019

• Security: Updated SDK
• Minor Improvement: Updated PHP version checks
• Tested up to: 5.1

NOTE: View full WP Security Safe changelog.