Change Log

Changelog

Back to Top

Version 1.7.6

  • Updated WP 6.9 tested note
  • Updated opt-in library to 1.1.0
Back to Top

Version 1.7.5

  • Added PHP 8.4 compatibility
  • Updated wp-env configuration to use PHP 8.4
  • Added PHP 8.4 compatibility checks to build process
Back to Top

Version 1.7.4

  • fix changelog
Back to Top

Version 1.7.3

  • Fixed URL-encoding bypass vulnerability in REST API protection
  • Fixed simple-jwt-login bypass vulnerability by checking exceptions
    only in route paths, not query parameters
  • Improved REST API security by using WordPress REST API methods
    instead of checking REQUEST_URI
  • Enhanced IP address validation using FILTER_VALIDATE_IP
  • Fixed X-Forwarded-For header handling to properly parse multiple
    IPs
  • Fix ability to by-pass the WP REST API protection functionality,
    props Bob @ WpScan
Back to Top

Version 1.7.1

  • add developer hooks and filters for extending plugin
    functionality
  • added stop_user_enumeration_ip filter to allow modifying detected IP
    addresses
  • added stop_user_enumeration_should_block filter to conditionally
    allow or block requests
  • added stop_user_enumeration_attempt action hook for processing
    enumeration attempts
  • fix doing_it_wrong notice for WP 6.8
Back to Top

Version 1.7

  • add opt in library
Back to Top

Version 1.6.3

  • fix warning with die
Back to Top

Version 1.6.2

  • set wp_die to return 403
  • added defer to script
Back to Top

Version 1.6.1

  • updated tested to 6.6
Back to Top

Version 1.6

  • change getenv to $_SERVER for better compatability
  • added extra sanitization to meet current plugin repo standards
  • allow exception for Simple JWT Login rest route and add filters to
    adjust match and exception of rest rules
Back to Top

Version 1.5.0

  • remove admin notifications for reviews and donations
Back to Top

Version 1.4.9

  • update library
Back to Top

Version 1.4.8

  • update library
Back to Top

Version 1.4.7

  • update library to remove deprecation notices
Back to Top

Version 1.4.6

  • set default option early enough for multi site network wide
    activation
Back to Top

Version 1.4.5

  • remove redundant CSS and fonts
Back to Top

Version 1.4.3

  • add buy me a coffee donation
Back to Top

Version 1.4.3

  • Move query arg to init hook to avoid unnecessary warnings
  • Update donation lib
Back to Top

Version 1.4.2

  • Fix edge case where review / donate become undismissible
Back to Top

Version 1.4.1

  • Tidy donation library for build to remove dev dependencies
Back to Top

Version 1.4.0

  • Remove freemius library and optional registration
  • Add donation and contribution notices
Back to Top

Version 1.3.32

  • be case insensitive when checking REST API
Back to Top

Version 1.3.31

  • Upgrade to version 1.3.30 to disable author site maps – you will
    need to enable in settings (closes issue #6)
Back to Top

Version 1.3.30

  • option to remove author site maps
Back to Top

Version 1.3.29

  • Minor javascript fix
  • better IP detection for proxies
Back to Top

Version 1.3.28

  • Library update
Back to Top

Version 1.3.27

  • Removed console issue when no comments turned on
Back to Top

Version 1.3.26

  • Updated library
Back to Top

Version 1.3.25

  • Removed link
Back to Top

Version 1.3.24

  • Changed settings page
Back to Top

Version 1.3.23

  • Removed donate link
Back to Top

Version 1.3.22

  • Moved support link to settings page to reduce menu clutter
  • Updated Freemius library to 2.3.0
Back to Top

Version 1.3.21

  • Changed menu name and support link
Back to Top

Version 1.3.20

  • minor improvement
Back to Top

Version 1.3.19

  • minor improvement
Back to Top

Version 1.3.18

  • minor tweak to work better with 5.0
Back to Top

Version 1.3.17

  • changed settings page to stop random metaboxes
Back to Top

Version 1.3.16

  • Reworked settings page
Back to Top

Version 1.3.15

  • fix to ensure scripts not enqueued unless required
Back to Top

Version 1.3.14

  • fix double plugin header
Back to Top

Version 1.3.13

  • ability to link to shared host firewall ( fullworks-firewall )
Back to Top

Version 1.3.12

  • Resolve some missing files
Back to Top

Version 1.3.11

  • Added language localisation for translations
  • Added Spanish translation
Back to Top

Version 1.3.10

Fixed unused javascript & css in settings page

Back to Top

Version 1.3.9

Added language settings to allow translation.

Sanitized text being written to syslog

Closed potential REST API bypass

Back to Top

Version 1.3.8

Security fix to stop XSS exploit

Also coded so should work with PHP 5.3 – although PHP 5.3. has been
end of life for over two years it seems some hosts still use this. This
is a security risk in its own right and sites using PHP 5.3 should try
to upgrade to a supported version of PHP, but this change is for
backward compatibility.

Back to Top

Version 1.3.7

Fix to allow deprecated PHP Version 5.4 to work, as 5.4 seems to
still be in common use despite end of life

Note this code wont work on PHP 5.3

Back to Top

Version 1.3.6

Fix PHP error

Back to Top

Version 1.3.5

  • full rewrite
  • Changed detection rules to stop a reported bypass
  • Added detection and suppression of REST API calls to user data
  • Added settings page to allow REST API calls or stop system logging
    as required
  • Added code to remove numbers from comment authors, and setting to
    turn that off
Back to Top

Was this helpful?