* New: GeoIP Location on Login
* New: Search field in admin UI.
* New: Scanner for malwares in our 35 scanners.
* Improvement: UI for Malware Scanner has been improved, and will be again 😉 You'll find a "WP File Integrity" which has always been there since 1.0, just not mentionned as is.
* Improvement: Add WP 2FA compatibility to Easy Login scan
* Fix: Dashboard Widget not displaying graphs
* Fix: PHP Version Scanner was saying that the last version was "ok tier"
* Fix: PasswordLess activation checkbox was not checked after reload
* Fix: Remove secupress-data directory on uninstall (I forgot, my bad)
* Fix: "wp-includes/version.php" should not be tagged "different" anymore if you use a localised zip (in malware scanners)
* Fix: Possible fatal error when deactivating the module "Disable all actions on plugins" + "disable all actions on FTP"
* Fix: Possible fatal error "Call to undefined method SecuPress_Background_Process_Bad_Plugins::is_processing()"
* New: Colored notices can be added up in the plugins page to help you prioritize updates by showing you since when the update is available.
* New: The standalone "SF Move Login" is now renamed "SP Move Login" and since it's the same feature as the one here, it will be deactivated and this feature here activated.
* New: "Move Login" feature can now display a Honeypot instead of a message or page. This is an expert setting, also, only available if you only have Admins on your site (or lusers will be banned trying to log-in, I know them)
* New: Translations are now done using the new `.l10n.php` format
* Improvement: "Move login" feature will now display every other slugs, it now depends on the login one. "Register" is only available is the registration is open.
* Improvement: Dashboard widget finally get a skin, can display a graph to check evolution of monthly attacks.
* Improvement: All the messages from the "unlock yourself as an admin" on login page have been set to the same one to prevent guessing an admin email. props to Lohen Florent
* Fix: JS Error when Antispam Comment Timer module is active
* Fix: Correct custom validity for roles in some cases
* Fix: Warning for undefined SECUPRESS_INSTALLED_MUPLUGINS constant
* Fix: Warning when the distant DB was not accessible
* Fix: Passwords couldn't be updated when Passwordless was active, even if your role was not targeted, or module activatjon not validated yet
* Fix: Changelogs couldn't be opened in the iframe popup in plugins.php page when "Prevent Actions on Plugins" feature was activated
* New: Force Better Encryption System
* Improvement: Add the filter "secupress.get_wp_directory" to make a better compat with BedRock (with which we are not compatible natively)
* Improvement: Password reset cannot be asked for account using PasswordLess
* Improvement: Add a message on "Forbid user enumeration" to recall that author front pages will be replaced by homepage.
* Fix: Remove ajax call from antispam delay module to prevent unwanted indexed ajax URL
* Fix: Password reset was not possible for some roles, due to activation+deactivation of the PasswordLess module
* Fix: Some notices where duplicated
* Fix: Password not updating in "Force Strong Passwords" module
* Fix: Check allowed IP before auth_redirect in "bad usernames" module
* Update: Allowed IP List
* Fix: Remove "1" from "Bad Usernames" because Man/age WP use it as a fake login and it break the connection. You don't say.
* Fix: Possible multiple notices when malware database is updating.
* Fix: Possible PHP Warning when renaming a username.
* Fix: Fatal error when saving Firewall settings
* Fix: Missing captcha session on registration page
* Improve: Better UI and UX. We use the WP login page and not our own page design (byebye secupress_action_page() on some modules)
* Improve: Module "Password Lifespan" now depends of "Force Strong Passwords", because if you care about the lifetime of a password, I bet you care tyour their strengh too and before.
* Improve: Constant SECUPRESS_MODE improved, read the doc: https://docs.secupress.me/article/237-secupressmode
* Update: ZXCVBN libs
* Fix: Cookie hash file was not created when running the autofix
* Fix: "Bad Url Access" and "Bad File Extensions" were tagged as "fixable in pro only"
* Fix: "Already done your way" message on "Security Keys" module was wrong.
* Fix: Upgrader should always check the mu version file
* Fix: Remove "mail*" from the bad usernames list, too wide (Hello Maïlis & Mailisa...)
* Improve: Regenerating salt keys will now display a notice message as a feedback #UX
* Improve: Some strings were not translated.
* Improve: Better handling for "Rename User Names"
* Improve: "Show Admin Bar Menu" & "Hide Contextual Help & Tips"
* New: "Show Contextual Help & Tips" and "Admin Bar Menu" are now a user setting
* Fix: A possible loop when login
* Fix: A too big SQL query on site with too many users
Fix v2.2.5.2 Blackhole nonce bloking some front requests
Update Malware Database
* Security Fix: TOCTOU in Limit Login Attempts (Thanks to Konan Nagashima)
* Improvement#963: Add context for secupress_die()
* Improvement: Add DE translations (Thanks to Klaus Bei)
* Improvement: Status "bad" into "warning" on bad plugins scanner results in free version
* Fix#1036: Remove REST API calls made using query parameters (Thanks to JB Audras) + usage of rawurldecode() (Thanks to Aether Black)
* Fix#1035: Malware scan file too big
* Fix#1034: Matomo was blocked
* Fix#1033: Bad referer default list, "cialis"
* Fix#1032: Uncaught TypeError: Cannot read properties of null (reading 'querySelectorAll')
* Fix#1030: Plugins&Themes settings on MS does not save correctly
* Fix#1021: PHP Deprecated: filter_var() null in parameter 3
* Fix#1015: Better output secupress_pro_sessions_control_users_column_content()
* Fix#1010: Uncaught TypeError: strpos(): Argument 1 must be of type string, array given
* Fix#1001: Move secupress_format_message()
* Fix#962: Ranged IPs can prevent ip detection to block
* Update Malware Database
* Update global i18n