Security Ninja – Secure Firewall & Secure Malware Scanner

Changelog

5.150

• WP 6.1.1 compatibility.
• Improved visitor log visuals and logging.
• Updated language files. Volounteer translators are translating the plugin and making it easier to use in Bulgarian, German, Spanish (Colombia), Spanish (Ecuador), Spanish (Spain), Spanish (Venezuela). Thank you translators 🙂
• New: Remove settings when deactivating. Now you can choose if the plugin database and settings should be removed when deactivating the plugin. Per default this is not enabled to help with debugging. Thank you Thomas 🙂

5.149

• WP 6.1 compatibility.

5.148

• Prettified the interface
• Minor improvements to translated strings. Language files updated.
• Added more events from WooCommerce to the Events Logger – more detailed activity.

5.147

• Fix: PHP notice on some installations showing update status notification.
• Fix: IP Range CIDR matching – improved matching of IP ranges.
• Improve memory usage and reduce unnecessary details and options that load automatically = Faster plugin.
• Update Freemius SDK to 2.4.5

5.146

• FIX: Firewall blocked exports – Thank you Kevin 🙂
• FIX: Restore upgrade.php on sites where missing.

5.145

• Improved MainWP integration with Secret Access URL.
• Improved database usage.
• Updated documentation in plugin and on website for Permissions Policy (used to be called Feature Policy) security headers. Thank you Oliver 🙂

5.144

• Fix: PHP error on some installs – Thank you @fakkel and @computerbuddha.
• New: Expand all details for security tests. Thank you Alauddin.
• Fix: Typo in warning messages.

5.143

• Improve vulnerabilities interface and text.
• New: Detected vulnerabilities list update when website
  finishes update routines.
• Fix: PHP notice on tests page.
• Fix: PHP notice on vulnerabilities page.
• Fix: Whitelabel – missing name replacements several places. Thank you Jay.
• Fix: PHP pruning visitor log in some cases.
• Fix: Plugin name was showing up even if whitelabel feature enabled. Thank you Jay.
• Fix: Not detecting themes properly.
• Compatibility check with WordPress 6.0
• Updated language files.

5.142

• Fix: PHP notice when amount of vulnerabilities change.
• Fix: Error if multiple Strict-Transport-Security headers are used – Thank you Jay.
• Fix: PHP notice in auto-fixer module, thank you Jay.
• Fix: When renaming the login URL the default page now returns 404. Thank you Alauddin.

5.141

• New: Filter for whitelisting custom files and folder for malware scanner. wpsecurityninja.com/docs/filters-hooks/securityninja_whitelist/
• Wizard: Auto update plugin enabled per default.
• The autofix is back and improved – Easy fixes for many of the security tests.
• Fix for the “Remove unnecessary themes”. Thank you Jay.
• Fix whitelisting folders and files in malware scanner
• Fix for Russian language websites. Opt-in dialogue failed. Thank you Mikhail 🙂

5.140

• Improved MainWP integration.
• Improved auto-updates integration.
• Fix: Logging database tables sometimes not created before plugin tried to log something.

5.139

• NEW – Notice to easily enable automatic background updates.
• Wizard – automatically sends email with unblock URL to administrator currently logged in.
• FIX – PHP Notice missing database table when deactivating and reactivating.
• Updated the description of the Content Security Policy, thank you Reza.
• Code preparation for integration with MainWP! 😀
• Cleanup JS code.

5.138

• Improved test “Check if automatic WordPress core updates are enabled.” with better explanation – thank you Reza.
• Removed clutter in interface.
• Fixed potential bug in installation script.
• Updated firewall with new rules.
• Tested up to WP 5.9.2

5.137

• Removed events logger step from wizard – it is automatically enabled.
• Improved the Wizard layout and process.
• Fix bug in event log, thank you Eelco.

5.136

• Security Tests – Improved layout changes, “Details” link moved.
• Security Tests – Fixed the test for unnecessary themes. Thank you Jay 🙂
• Fix – Opt in reset link.
• Visitor Log: Rearrange details for each request, easier to get an overview.
• Event logging is always on, helps detect patterns, eg. failed logins and repeated attacks spread over longer periods of time.
• Retired old database optimizer module.
• Removed syslog feature from events module.
• Cleanup old code.
• Minor improvements to event logger page styling.

5.135

• Core Scanner – Now with “Delete all” button.
• Security fix.

5.134

• Rename login – when activated shows same message as set in the settings for blocked pages.
• Fix – Firewall rename login module was deactivated in settings.
• Fix – First time activation goes to main page.

5.133

• Fix for empty table name when updating.
• Code tightening and 3rd party library updates.
• Tested WP 5.9.1

5.132

• Disable “Rename login URL” feature when the firewall module is disabled. Thank you Alauddin.
• Updated IP detection functionality – fix for firewall issues.

5.131

• Fix for firewall – thank you Barry 🙂

5.130

• Fixes to firewall issues reported on some websites. Sorry to those affected.
• Pro: New feature, automatically remove unwanted files – Enable on Fixes page.
• Pro: Improved event logging detecting user in some cases.
• Pro: Fixed problem loading the wizard on some websites.
• Pro: More details in “Event logger” – see raw data for more events.

5.129

• Improved test interface, less clicks needed.
• Pro: New feature, enforce secure cookies on your website. Easy 1-click fix.
• Improved PHP 8 compatibility
• Updated 3rd party libraries.
• Tested up to WP 5.9

5.126

• NEW – Rename login. Hide your login page from automated scripts.
• NEW – Core Scanner now runs automatically every day. No need to manually scan the core WordPress files. This now happens automatically for you 🙂
• NEW – Added applebot.apple.com to verifyable crawlers.
• NEW – Whitelisting IPs for WP Rocket and Broken Link Checker services.
• Updated 3rd party libraries.
• Tested up to WP 5.8.2

5.125

• Version skipped.

5.124

• FIX – Made the notice about updated vulnerability list dismissable.
• FIX – Minor bug in test if Admin SSL is enforced – Thank you Christopher.
• FIX – Updated malware scanner to fix false positive – Thank you Benjamin.
• NEW – Added petalsearch.com to list of validated crawlers – Thank you Thomas.
• Language files updated.

5.123

• NEW: Improved firewall with better search engine crawler detection – Thank you Thomas.
• FIX: Missing details when logging a failed login – Thank you Eric.

5.122

• Fix – High memory usage when activating plugin – getting vulnerabilities could stop activating the plugin. Thank you Patrick for the help locating this!
• Fix – Internal links
• Fix – Wizard CSS layout was not properly loading

5.121

• Fix: Vulnerabilities – Small display error when showing how many vulnerabilities added in last update.
• Fix: Vulnerabilities – Memory issue converting data on some servers, thank you John.
• Improved visitor logging, faster code.

5.120

• New: Get email warning if any vulnerabilities are detected on your website!
• Fix: Some visits were not properly logged, thank you Thomas, John and others for reporting.
• New: Improved reporting of blocked IPs -> Faster plugin 🙂
• New: Our global IP network of blocked IPs is now out of beta -> More protection for your website.
• New: Notice shows new vulnerabilities added since last update.
• Improved the visitor log -> Only updates when the browser window is in focus, less work for your server.
• Updated language files. Thanks to all the translators for their hard work! 🙂

5.119

• Tested up to WP 5.7.2
• Minor PHP fixes.
• Updated language file.
• New – Visitor log with live updates (Pro)
• Improve IP reporting network functionality (Pro)
• Improve firewall rules (Pro)
• Fix – PHP notice regarding wizard (Pro)
• Fix – Removed visitor logs on Firewall tab (Pro)
• Fix – Firewall visitor log mistakenly reported administrators as blocked, eventhough they were not (Pro)
• Fix – Visitor log not including WP_AJAX requests (Pro)
• Fix – Visitor log not including cron jobs.

5.118

• New – Pointer introduction for new users!
• Fix Welcome page layout and improved styling

5.117

• Fix minor issue in malware scanner
• Fix persistent error in WC logging.

5.116

• Fix – Event logging not working properly on some WooCommerce shops.

5.115

• Fix – Downloading vulnerability list showed error notification on some website configurations.
• Fix – Properly overwrite settings in wp-config.php
• Fix – General cleanup of code.
• Tested up to WP 5.7
• New – PRO: Added basic WooCommerce tracking to Events Logger.
• PRO: Feature-Policy has been deprecated, it has been renamed to Permissions-Policy. Currently both headers are used temporarily.
• Updated 3rd party libraries.
• Fix problem on some systems – error when activating firewall – “Undocumented error. Page will automatically reload. Reworked code.
• Fixed notice in welcome module when deactivating plugin. Thank you Ebrahim.
• Whitelabel now available for 20+ site licenses.
• Languages available: Bulgarian, English (US), Spanish (Ecuador), Spanish (Spain), and Spanish (Venezuela). Thanks to all the translators! 😀
• 225,923 downloads

5.114.1

• Quick fix for PHP notice showing up in debug log on some websites.
• 216,033 downloads

5.114

• NEW: Settings for vulnerability module – control what is being checked for and disable the counter in the admin menu.
• Improved plugin loading time – Doing more tasks in background.
• Pro Changes:
• NEW: Wizard – Get started in minutes with a few simple steps – protect your website with ease.
• NEW: Introducing IP ban network – all sites reports heavy attacks to a central API to send out block warning to all sites in the network.
• NEW: Fixes: Disable WP XML Sitemaps introduced in WordPress 5.5
• NEW: Fixes: Enable/disable username enumeration
• Import/export works with vulnerability settings.
• Improved handling of importing data.
• Removed debug page in plugin in favor of “Site Health” included with WP.
• 213,303 downloads

5.113

• Fix: MySQL no longer creates database tables with “MyISAM” as the engine. Uses the site default configuration. Thank you Kien.
• Fix: “Test this IP” did not work correctly with IP ranges. Thank you Justin.
• Fix: Core Scanner module – now works faster and loads data without reloading the entire plugin page. Improved user interface.
• 205,441 downloads

5.112

• New: Check for Application Password feature introduced in WP 5.6
• New: Enable/disable the Application Password feature (Pro)
• Fix: PHP notice when downloading and saving vulnerability list.
• Tested with WordPress 5.6
• 201,061 downloads

5.111

• Update Freemius to 2.4.1 and other 3rd party libraries.
• 193,411 downloads

5.110

• NEW: Fixes page – Enable/disable security features on your website.
• NEW: Set Security Headers values on “Fixes” page.
• NEW: Hide PHP Version and Server info.
• Improved user interface, made changes to colors and layout.
• Tested up to WP 5.5.1
• Further work on PHP compatibility – Thank you Barry.
• 185,502 downloads

5.109

• FIX – Nginx example corrected for “Referrer-Policy” from “no-referrer” to the correct “same-origin”. Thank you Mk.
• FIX – Nginx example corrected for “Feature-Policy” security header. Thank you Mk.
• FIX – “Secure the site” showing up multiple places on plugins page in admin.
• Improvement – Better instructions on how to change weak database passwords and removing the autofixer.
• Minor cleanup in logging routines.
• Fix: Loading outdated plugin list from file instead of from database – caused problem on some servers.
• Fix: Wrongly saying “Vulnerabilities found” eventhough no vulns were found.
• Fix: Check for wp-config permissions (chmod) failed if the file had been moved. Thank you Mk.
• Fix: Minor error showing last blocked logins in sidebar.
• Updated 3rd party libraries for better PHP 7.4 compatibility.
• 182,512 downloads

5.108

• FIX: “Secure this site” link under all plugins. Thank you Mk.
• FIX: Opening up welcome page for all new plugin installations.
• Updating jQuery code due to changes to WordPress 5.5
• Tested WP 5.5 compatible.
• More detailed description in Firewall for “Hide login errors”.
• 177,103 downloads

…

Entire changelog can be seen here: changelog