Skip to content

Releases: JulioPotier/secupress

v2.3.1

04 Mar 12:27
@JulioPotier JulioPotier
v2.3.1
6b96319
Compare
Choose a tag to compare
v2.3.1 Latest
Latest

= 2.3.1 =

  • 04 March 2025
  • Fix: Add a forgotten class_exists() on WP_Async_Request updated class.
  • Fix: Deprecated on PHP8+ on filter_var()
  • Improvement: i18n
Assets 2
Loading

v2.3

27 Feb 13:09
@JulioPotier JulioPotier
v2.3
b0dd532
Compare
Choose a tag to compare
v2.3

= 2.3 =

  • 28 Fev 2025
  • Update: Many many strings have been revamp to be more clear. Also, belgian-french, canadian-french will load the french i18n ; every german i18n will load the german one.
  • Update: List of allowzed IPs from different services
  • Security Fix: Remove the 'action' param on 'secupress_check_ban_ips_form' shortcode to prevent XSS (useless param I admit)
  • Security Fix: Captcha let attackers to brute force the login page
  • Security Fix: Fix a CSRF in "ban-me-please" function from Blackhole feature where you could send a link to someone to be banned on this site
  • New: Block AI Bots feature
  • New: "SSL & HTTPS" Module page with 3 new features "Force HTTPS", "Redirect every HTTP request to SSL/HTTPS", "Fix Mixed Content Warning"
  • New: Bad Themes Scanner do the same as plugins
  • New: Reinstall all your plugins from a clean wp.org repo in 1 click
  • New: Force Reset Password for all your users in 1 click
  • New: Prevent Password Reset feature
  • New: Force Logout for all your users in 1 click
  • New: Forbid Same Email Domain
  • New: Forbid Bad Email MX Domain
  • New: Block PHP Function Names in HTTP Requests
  • New: Captcha is now at V2, this is a challenge, you can select 2 types of challenges.
  • New: Password Spraying Protection
  • New: Change the author base page (Thanks Greg!). Also force users to change their display names to now match their login (Thanks Daniel!).
  • New: Show All Plugins on the plugins page, to prevent hidden/false plugins
  • New: Plugins actions superseds all the plugins restrictions in place before, also, it can even now prevent the installation or activation directly from FTP or DB. Same for themes.
  • New: Anti-Phishing protection
  • New: Dashboard Widget that shows log attacks counter (finally)
  • New: Display the last login timestamp on users page
  • New: Displays an admin notice when your site was down due to a DB error
  • New: Do not display sensitive infos when your site is down due to DB error, instead, sends you an email (not each time, there is a time frame)
  • New: Add a malware detection column on each attempted install plugin on the plugins page. This is the same result as the Malware Files Scanner but in this context.
  • New: CONCATENATE_SCRIPTS has to be set on FALSE to prevent more easy DDoS on your site using the concatened scripts by WP
  • New: You can now check your licence status into the main settings page in your dashboard
  • New: CORE_UPGRADE_SKIP_NEW_BUNDLED can be set to FALSE to repevent the update of new twentythemes
  • New: SSO between your different sub-websites in a multisite env
  • New: Scan for Bad themes (same as bad plugins)
  • Improved: Bad Plugins Scanner now check in live which of your plugins are outdated even if no update is available, or have been closed on wp.org repository
  • Improved: The Malware Scanner will now also scan more items in the DB, and will check for Spam Content in your contents
  • Improved: Forbid Bad Usernames can now forbid ANY username containing the word "admin" in it. (you can filter that to allow yours)
  • Improved: Prevent User Creation has been improved and will now prevent users directly inserted in DB, or duplicating existing users, or not inserted using WP functions, also if a user should be granted as Admin, it has to be validated by another one.
  • Improved: Better detection of a hacked wp-config.php file
  • Improved: Bad URL Access, we reversed the way it worked, instead of disallowing, we nox only allow, be prepared.
  • Improved: The Moved Login page will now prevent cache from DB and Cache Object too
  • Improved: All our data will now be updated weekly
  • Improved: Force Strong Password will now require a strong password even for previous users, at login.
  • Improved: Your notices will only be displayed for particular capability, not only admins, if needed
  • Improved: If a robots.txt physical file exists, we will use it
  • Improved: Blacklist logins can now take joker chars
  • Improved: Better malware detection in wp-config.php
  • Fix: Missing notices from our cron tasks
  • Fix: Forbid User Enumeration still showing users on some sites
  • Removed: Bad Request Methods feature, not useful anymore
  • Delayed: Real 2FA OTP Auth, superseding PasswordLess (if you're using it, it won't be replaced, but is not available anymore for new sites)
Loading

v2.2.5.3

03 Apr 21:36
@JulioPotier JulioPotier
v2.2.5.3
c0d5a69
Compare
Choose a tag to compare
v2.2.5.3
  • 03 April 2024
  • Fix v2.2.5.2 Blackhole nonce bloking some front requests
  • Update Malware Database
Loading

v2.2.5.2

01 Apr 09:22
@JulioPotier JulioPotier
v2.2.5.2
9a57bee
Compare
Choose a tag to compare
v2.2.5.2
  • 01 April 2024
  • Security Fix: CSRF in "Blackhole" module, criticity: very low (Thanks to Wordfence Security Team for the report)
  • Fix#1039 false positive on "include in wp-config" in malware scanner
  • Update Malware Database
  • Update i18n
Loading

v2.2.5.1

22 Dec 16:52
@JulioPotier JulioPotier
v2.2.5.1
50d0368
Compare
Choose a tag to compare
v2.2.5.1

21 Dec 2023

  • Security Fix: TOCTOU in Limit Login Attempts (Thanks to Konan Nagashima)
  • Improvement#963: Add context for secupress_die()
  • Improvement: Add DE translations (Thanks to Klaus Bei)
  • Improvement: Status "bad" into "warning" on bad plugins scanner results in free version
  • Fix#1036: Remove REST API calls made using query parameters (Thanks to JB Audras) + usage of rawurldecode() (Thanks to Aether Black)
  • Fix#1035: Malware scan file too big
  • Fix#1034: Matomo was blocked
  • Fix#1033: Bad referer default list, "cialis"
  • Fix#1032: Uncaught TypeError: Cannot read properties of null (reading 'querySelectorAll')
  • Fix#1030: Plugins&Themes settings on MS does not save correctly
  • Fix#1021: PHP Deprecated: filter_var() null in parameter 3
  • Fix#1015: Better output secupress_pro_sessions_control_users_column_content()
  • Fix#1010: Uncaught TypeError: strpos(): Argument 1 must be of type string, array given
  • Fix#1001: Move secupress_format_message()
  • Fix#962: Ranged IPs can prevent ip detection to block
  • Update Malware Database
  • Update global i18n
Loading

v2.2.4.1

05 Oct 07:45
@JulioPotier JulioPotier
v2.2.4.1
bef7c76
Compare
Choose a tag to compare
v2.2.4.1
  • Update: Malware Database
  • Fix#1001: Call to undefined function secupress_format_message() in /secupress-pro/free/admin/functions/scan-fix.php:51
  • Fix#1000: Passing null to parameter #1 ($string) of type string is deprecated in /secupress/free/functions/files.php on line 693
  • Fix#996: PHP Fatal error: Allowed memory size of 1075838976 bytes exhausted in secupress-pro/pro/modules/file-system/tools.php on line 88
  • Fix#993: joker in IPs ban everything
  • Fix#977: Time to soon for antispam
  • Fix#904: cannot deactivate default role lock
  • Fix global i18n
Loading

v2.2.3

14 Sep 15:00
@JulioPotier JulioPotier
v2.2.3
6b9d8b7
Compare
Choose a tag to compare
v2.2.3
  • 14 September 2022
  • Update: Malware Database v22.9.14
  • Security Fix#985: IP Spoofing, thanks to Calvin Alkan on https://snicco.io/
  • Fix#987: new passwordless UI didn't need to validate the captcha to get the magic link
  • Fix#986: unban link for admins does not always work
  • Fix#984: fix "two factor authentication" plugin detection
  • Fix#981: Move Login could be activated without pretty permalinks
  • Fix#980: key regeneration button is hidden by the helpers style
  • Fix#962: Ranged IPs can prevent ip detection to be blocked
  • Fix global i18n
Loading

v2.1.3

19 Nov 08:46
@JulioPotier JulioPotier
v2.1.3
7313d66
Compare
Choose a tag to compare
v2.1.3 
bump versions
Loading