* Remove translated messages for errors logging in, creating a loop trying to present translated messages using WP's translation engine.
* Fix: Fixed database prefix renaming to properly handle option names containing embedded prefixes. Thank you Chris!
* Enhanced: Improved custom login URL security with proper access control and error handling
* NEW: Added "Reset Secret Access URL" button to the Tools page. This allows administrators to quickly reset the secret access URL used for firewall whitelisting.
* FIX: Prevent firewall from blocking REST API endpoints for plugins like Webba Booking
* Improved - Better instructions for setting up 2FA.
* FIX: Visitor log issue with White Label enabled.
* NEW: Filter by event type in the Events tab overview.
* FIX: Core Scanner - Resolved false positive alerts when users delete default themes (like Twenty Twenty-Three and Twenty Twenty-Four). The scanner now properly distinguishes between missing essential core files and intentionally removed theme/plugin files. Theme and plugin modifications are still detected as security issues, but deletions are no longer flagged as problems.
* CHANGE: Core Scanner – Focus on critical core files only. Modifications under `wp-content/` (themes, plugins, language packs) are excluded from Core Scanner "modified core files" results and from the tab counter. Deletions of default themes/plugins remain treated as non-issues.
* Remove references to the plugin name in the email sent with Secret Access URL details - if White label feature enabled.
* FIX: Issues with logging in with custom login URL for some users.
* FIX: User ID 1 Change - Fixed issue where users would lose administrator privileges when changing user ID 1 to a new ID. The fix now properly transfers user capabilities and ensures administrator role is maintained.
* NEW: Events Logger – REST API diagnostics. Added hooks to log REST authentication failures, pre-dispatch errors, final REST error responses, and successful REST post creations. View details in Events.
* FIX: Some settings not saving for some users (block admin function)
* FIX: Added specific whitelist rules for WPVivid Backup Pro and Free version files containing legitimate php_uname() usage and nested function calls.
* Updated French translation file.
* FIX: Multisite activation issues - Database tables now properly created for all sites in multisite networks
* FIX: PHP 8.1+ compatibility - Added safe string functions to prevent deprecation warnings
* IMPROVED: Code refactoring - Moved utility functions to dedicated classes
* IMPROVED: Enhanced multisite compatibility for all security tests
* IMPROVED: Test execution system, in particular to multisite testing.
* IMPROVED: Vulnerability scanner - Fixed time difference calculation for "Last Updated" display
* IMPROVED: Vulnerability file download - Simplified to single "Download All Files" button
* IMPROVED: Freemius integration - Added license validation hooks to ensure premium tables are created
* NEW: Enhanced test interface with smooth animations - Tests now show spinner animations during execution and completion highlights for better visual feedback.
* NEW: 2FA - Use E-mail based codes or app - Several users wanted to be able to choose email instead of app-based authentication.
* Fix: Removed minimum of 5 days in 2FA grace period.
* Fix: Some users reported settings reset - we tracked it to a race-condition where an update could overwrite the settings if not loaded yet.
* Fix: Error with importing latest settings that included malware scanner results. Trimmed down the export settings.
* Fix: Minor adjustment to file-viewer class, function to check where file is located.
* FIX: Enhanced REST API protection to prevent blocking legitimate API calls. Thank you Alex.
* FIX: Firewall settings randomly deactivates in rare cases.
* FIX: Change login URL feature did not properly save its state.
* NEW: Added WooCommerce protection to the Wizard for new installations.
* IMPROVED: Firewall settings module loads more efficiently, moved non-essential code to sub structure to improve load time in and out of admin.
* IMPROVED: Dashboard Widget visually improved and contains more practical information.
* FIX: "Details" button in events log would sometimes expand details and also reload the entire page.
* Improved visuals on the overview page for the firewall events.
* Continued improving the visual layout of the plugin.
* Improvements to visitor logging - better filtering of unecessary requests.
* Added checks for the unecessary themes to include theme from 2025, thank you Troy.
* Added fix for incorrect CSP header values in the auto-fixer. Saving a header value containing a URL could lead to incorrect values being saved. Thank you Maxime.
* Cleaning up temporary files - Thank you Heath.
* Fixed: Scheduled Scanner now correctly respects the "Send an email only when test results change" setting, preventing daily emails when no changes are detected. Thank you Jean.
* Fixed: Added a database update routine to fix missing URL column in visitor log table that was causing errors. Thank you Jean for reporting this issue.
* Fixed: WordPress version detection issue, thanks to Tom for pointing it out.
* Change: Renamed the license file from `license.txt` to `license_key.txt` for better clarity and consistency, this prevents overlap with tests trying to remove the file.