iThemes Security Pro v3.1.0 – WordPress Security Plugin security that’s more like a to-do list than a terminal. iThemes Security Pro shows you a list of things to do to make your site more secure with a simple way to turn options on or off. We’ve simplified these steps and provided descriptions of each action so you know exactly what’s happening on your site. You shouldn’t have to be a security pro to use a security plugin. And isn’t that the point?
iThemes Security Pro v3.1.0 – WordPress Security Plugin Changelog
v3.1.0 – 2016-10-27 – Chris Jean
Bug Fix: Fixed data save issue that could cause multiple notification emails to be sent in a short period of time.
Bug Fix: Fixed issue that could cause the malware scanner to fail on sites that change the arg_separator.output php.ini value from its default value.
Bug Fix: Removed redundant entries in the HackRepair blacklist.
Bug Fix: Enabling Protect System Files in System Tweaks will now only block install.php for the current site. This fixes the issue where the setting can block installation of a site in a subdirectory.
Bug Fix: Fixed problem that could cause requests for iThemes Security data from iThemes Sync to fail due to large amounts of log entries.
Bug Fix: Scheduled backups now run if the ITSEC_BACKUP_CRON define is set with a non-boolean value.
Bug Fix: Replaced static references to wp-includes with the WPINC define.
Bug Fix: Moved blocking of query strings containing %0[0-9A-F] characters from the Non-English Characters setting to the Suspicious Query Strings setting as those characters are control code characters and are not associated with a language.
Bug Fix: Added escaping to some translation strings.
Bug Fix: Removed unused files from the WordPress Tweaks module directory.
Bug Fix: Fixed the Daily Digest email reversing the user and host lockout counts.
Bug Fix: The database backup email no longer sends from the email address configured in Settings > General. It now defaults to the same from address that the wp_mail() function uses. This will fix the mail being blocked by some mail servers due to a spoofed from address.
Enhancement: Updated the server config rules generated by the System Tweaks settings. They are now more consistent between Apache, LiteSpeed, and nginx. They are also more efficient and have been improved to limit accidentally blocking non-targeted requests.
Enhancement: Updated the database backup email to a new design.
Enhancement: Added a note that the Filter Request Methods setting in System Tweaks should not be enabled if the WordPress REST API is used. This is becasue the DELETE HTTP method is blocked when the setting is enabled.
New Feature: Added setting to block requests for PHP files in the plugins directory in System Tweaks.
New Feature: Added setting to block requests for PHP files in the themes directory in System Tweaks.