KHUYẾN MÃI : Chúng tôi đang có chương trình giảm giá với combo 600 + theme, plugin bản quyền với giá chỉ 249k. Xem danh sách tại đây: Mua Theme wordpress
KHUYẾN MÃI : Chúng tôi đang có chương trình giảm giá với combo 600 + theme, plugin bản quyền với giá chỉ 249k. Xem danh sách tại đây: Mua Theme wordpress
SecuPress PRO có một loạt các tính năng tuyệt vời. Nhưng nó không chỉ về tính năng, nó còn về hiệu suất, tốc độ tải, sử dụng bộ nhớ. Và ít hơn về mặt kỹ thuật, việc sử dụng một plugin được hoàn thiện tốt với giao diện người dùng đẹp và trải nghiệm người dùng tuyệt vời là rất quan trọng. Sau đó, chúng tôi lưu ý đến việc bảo mật một số lượng lớn các trang web, bạn có thể là một phần của điều này. Điều quan trọng nhất đối với chúng tôi là bạn có một trang web được bảo mật, sử dụng SecuPress hay không.
Link Demo : https://secupress.me/features/
Các tính năng của SecuPress PRO :
Máy quét tình trạng trang web
Xuất Báo cáo Tình trạng Trang web ở dạng PDF
Di chuyển trang đăng nhập
Giới hạn nỗ lực đăng nhập
Ẩn lỗi đăng nhập Đúng Đúng
Captcha tự làm (không phải Google)
Bắt buộc một tên người dùng và mật khẩu chính xác
Cấm danh sách tài khoản
Khóa cài đặt WordPress nhạy cảm
Tải lên .zip miễn phí cho theme và Plugin
Buộc cập nhật WordPress Thêm Hằng số bảo mật trong tệp wp-config.php (7) Bảo mật các khóa bảo mật WordPress Nhẹ và chống thư rác mạnh mẽ Chống lạm dụng trong nhận xét Ẩn các phiên bản PHP / WordPress / WooCommerce / WPML Ẩn Trứng Phục sinh PHP Cấm hiển thị nội dung của thư mục (Dir. Listing) Cấm truy cập vào các tệp lõi WordPress nhạy cảm Lỗi 404 bị cấm trên tệp .php Block Bad Robots (Black Hole) Chặn lượt truy cập từ tác nhân người dùng xấu Chặn Giao thức XML-RPC Block Bots giả vờ là Công cụ Tìm kiếm Chặn lượt truy cập bằng phương thức truy vấn không hợp lệ Chặn lượt truy cập có nội dung xấu (BBQ) Ghi nhật ký các hành động quan trọng của người dùng Xác thực nhân tố kép (2FA) Máy quét tệp phần mềm độc hại mạnh mẽ tự chế Máy quét nội dung vào các bài báo và trang của bạn Phát hiện các phần mở rộng và theme dễ bị tổn thương đã biết Cấm địa chỉ IP Chặn các quốc gia theo vị trí địa lý IP Chặn lượt truy cập từ những người giới thiệu không hợp lệ Thông báo qua email và Slack Cảnh báo sự kiện trên trang web của bạn Báo cáo Hành động Hàng ngày Chống liên kết nóng Đoán chống 404 Sao lưu cơ sở dữ liệu và tệp Kiểm soát Phiên tài khoản Tuổi thọ mật khẩu Bắt buộc một tên người dùng và mật khẩu chính xác Cấm tạo tài khoản Quản lý tốt các hành động trên theme và plugin Chọn tiền tố cơ sở dữ liệu tùy chỉnh Bảo vệ Thư mục Tải lên Lịch trình và sao lưu của máy quét Nhãn trắng Hỗ trợ ưu tiên
Free Download SecuPress PRO v2.1.1 – WordPress Security Plugin nulled changelog
2.2 — 03 January 2022
New#930: Scan for @include as a malware in wp-config.php only (known for that)
New#932: Add support for .php .phtml files in malware scanner
New#937: New option to force FTP creds when adding a theme or plugin, see “Disable .zip uploads” in “Plugins & Themes” module page
Improvement#455: Add filters to all our email subject and messages. Search for “secupress.mail.”
Improvement#954: Better filetree for both free and pro version. No more /core, /inc, no more 2 uninstall files, no more weird file inclusions.
Improvement#885: remove FaceBook share button
Improvement#931: Do not log 404 that are redirected by SEO plugins
Improvement#935: Support MemberPress to prevent login out of passwordless when activated
Improvement#958: Update zxcvbnphp lib
Fix#889: files from core still show themes as diff files
Fix#944: PHP Notice: Undefined variable: ip in/core/functions/ip.php on line 59
Fix#945: Uncaught Error: Object of class stdClass could not be converted to string in /core/modules/plugins-themes/tools.php:174
Fix#946: PHP Fatal error: Uncaught Error: Call to a member function views() on null in /core/classes/common/class-secupress-logs-list.php:165
Fix#947: set_time_limit() is forbidden on infomaniak, leads to fatal error in PHP8+
Fix#948: Whitelabel is not displaying a plugin author url in settings
Fix#949: missing subfolder in secupress_bad_file_extensions_get_regex_pattern
Fix#950: i18n files showing up in core file differences
Fix#951: “toggle all” checkbox in “file core diff” does not work
Fix#950: i18n files showing up in core file differences
Fix#955: PHP Fatal error: Uncaught TypeError: count(): Argument #1 ($value) must be of type Countable|array, null given in /core/admin/multisite/settings.php:96
Fix#957: Move Login can still disclose the login page when registration is disabled.
2.1.1 — 22 October 2021
Fix#941: Warning: explode() expects parameter 2 to be string, array given in secupress-pro/inc/modules/firewall/plugins/bad-referer.php on line 13
Fix#940: DB scan error on XMLHttpRequest
Fix#939: secupress_stop_user_enumeration_rest() does not return the $response param
Fix#929: hidden passwords in logs always add variables in global arrays
2.1 — 04 October 2021
New: Compatibility WP 5.8+
New#920: New GeoIP Database API
New#921: New Plugins and Themes vulnerability database using Patchstack.com
New#923: New Sessions Control Details
Fix#925: Fatal error: Uncaught ArgumentCountError: Too few arguments to function add_site_option(), 1 passed in secupress-pro/inc/admin/migrate.php on line 31 and exactly 2 expected
Fix#926: “Nothing found” not displayed in malware scanner
Fix#928: Fatal Error : Uncaught Error: Unknown named parameter $new PHP8
Improvement#916: Add hook in PHP 404
Fix#919: PHP Fatal error: Uncaught TypeError: array_map(): Argument #2 ($array) must be of type array, bool given in secupress_get_malwarescastatus_admin_post_cb
Fix#918: Move Login in subfolder (again and again and again!)
Fix#917: Uncaught Error: Call to undefined function secupress_status()
2.0.3 – 12 April 2021
Improvement#909: add hook in secupress_update_https_detection_errors
Improvement#910: Constant SECUPRESS_ALLOW_LOGIN_ACCESS will also work for our Captcha
Improvement#914: fr_BE & fr_CA = fr_FR
Fix#913: user_can can lead to fatal error (see https://core.trac.wordpress.org/ticket/52076)
Fix: undefined functions (free version only)
Fix: Captcha save button was not available (free version only)
Fix: role was not translated in the alerts
2.0.2 – 06 April 2021
Improvement: Add Jetpack SSO as supported 2FA
Improvement: Add a few forbidden names in “bad login IDs” module
Fix: Emails for PasswordLess were not sent or sent in spam. (WP 5.7.1 will also fix this)
Fix: Export Mode not read correctly
Fix: 3 undefined index PHP warning
Fix: 2 possible PHP fatal error (but won’t break the front site)
Fix: Move Login with WP running in a subdir was broken since 2.0
2.0.1 – 29 March 2021
New#905: Expert Mode has been added as a simple checkbox (but already available since 1.4.6 – 9 august 2018 ;p so, “new” feature)
Improvement#885: Extend allowed request methods
Improvement#893: Test if file exists be fore being tagged as PHP404 to prevent false positives
Improvement#894: Better HTTPS tests
Improvement#896: Emails from SecuPress will now come from the admin email address instead of [email protected] (the WP filter hook wp_mail_from is still usable)
Improvement#901: New way to propose deactivation on incompatible plugins + force deactivation on plugins that directly enters in conflict
Improvement#906: ?wp_lang param was not usable on moved login pages
Fix#897: A Grade was not accessible even with all the tests OK
Fix#898: WordPress Site Health page is back!
Fix#900: Undefined Index on step4
Fix#902: Update WP_Background_Process Lib
Fix#904: Locked Default Role was not deactivable
Fix#903: Database Prefix Rename feature didn’t renamed the checked tables
Fix#907: Alerts Emails contains HTML tags
2.0 aka Python (Mark XX) – 05 March 2021
New#318: Malware Scan on DataBase
New#332: WordPress Core > Change DB Prefix Manually
New#399: WordPress Core > Renew you security keys in one click
New#531,769: Revamp the Malware Scan Module: better detection, more detection (and remove the delete file button, sorry)
New#575: Addon Module Page
New#791: WordPress Wore > Lock admin_email, default_role, membership settings from WP
New#821: Your Grade can not get a “+”, and the A Grade is more accessible
New#823: Sensitive Data > Prevent 404 guessing
New#825: PHP8 Compatibility
New#828: WordPress Core > Lock home_url and site_url
New#863: Main Scanner > You can now scan a specific item
New#866: fr_BE and fr_CA will get the fr_FR translations
New#870: New php constant SECUPRESS_ALLOW_GEOIP_ACCESS to bypass geoip auto blocking
New#872: FireWall > Block Bad referers
New#873: Alerts > Slack Notifications
Improvement#184: Add the total of scanners when displayed (like 22/35)
Improvement#187,292,783: Better uninstallation of the whole plugin (wp-config & htaccess content, mu-plugins)
Improvement#194,220,395,482,579,775,789,809,812,840,842,871: Better wording, i18n, explanations, remove “Cheatin’uh?”, remove whitelist/blacklist, remove masculin terms in french to be more epicene + do not ever use WP text domain and keep our trad at home
Improvement#229: Add links to related modules in schedules page
Improvement#740: Reset button with JS confirmation (but at the same time, remove the button for now, see blog post)
Improvement#752: Better report email subject
Improvement#753: Remove the obsolete Block SQLi option
Improvement#754: Stop main scanner after 3 minutes
Improvement#778: Remove the date by month in security keys to prevent too many disconnection and prevent some bad dev based on thoses keys to mess up (please do not relay on these keys, use wp_salt()…)
Improvement#781: Better anti hotlink to prevent possible 404 urls on our fake image + allow google image
Improvement#782: Change recommandations for PHP Version to be more flexible
Improvement#786: Add “wp-config-sample.php” to old WordPress files
Improvement#796: Add the found IP in filter secupress.ip.default_ip
Improvement#800: Import settings will now import htaccess modifications (based on activated modules, not in the exported file)
Improvement#808: return HTTP response code matching the data passed to secupress_die (props @jeherve)
Improvement#815: Hide all login errors instead of a list
Improvement#822: Grade is included in the email subject
Improvement#827: Email only if grade has changed and is worst
Improvement#831: Remove license.txt, wp-config-sample.php, readme.html from being missing files in malware scanner
Improvement#834: Remove notices about wp-config.php and .htaccess not writable
Improvement#835: Remove SCRIPT_DEBUG from wp-config scanner
Improvement#837: Better secupress.plugin.passwordless_email_message replacements
Improvement#855: Empty User-Agent is not a bad one anymore
Improvement#860: On module (de)activation, rescan the test if present
Improvement#861: Do a JS check on captcha module to be sure it can be activated
Improvement#862: If a scanner gone bad, send it to alerts
Improvement#865: Remove the “ask old password” option
Improvement#876: Our mu-plugins won’t work if SP is not activated
Fix#362: SecuPress tables tagged as unknown when autofix the DB prefix switch
Fix#471: Remove unwanted columns in Logs pages
Fix#499: .htaccess path was not correct with ABSPATH
Fix#547: Remove “www.” in domain for antihotlink (for multisite subdomains)
Fix#746: Notice: “listMessage is not a constant”
Fix#762: Fix displaying wrong confirmation message when addind multiple IP to (dis)allow
Fix#767: Notice: “Undefined index: SERVER_PORT/HTTP_HOST in core/functions/common.php on line 797/800”
Fix#774: Remove the warning emoji in move login message
Fix#779: Email confirmation is present at each connection when move login is activated
Fix#784: Cannot use move login when pro is installed but not activated with the license
Fix#788: Settings link in plugins page is not correct with white label
Fix#792: Update doc links with https
Fix#793: Update Support for 2FA 3rd party
Fix#798: Google Bot was blocked due to a bad method query
Fix#801: Block double slashed users route from REST API
Fix#802,875: Remove old obsolete devs from <2.0 (recovery_email, support)
Fix#804: Double auth still displays 2 fields
Fix#814: API Keys can’t be hidden anymore
Fix#817: AntiSpam let any comment pass, sometimes…
Fix#818: If WooCommerce, do not scan login errors
Fix#819: Fatal error on GeoIP update (in background, your site was not harmed)
Fix#824: Display strange chars in Grade
Fix#830: Notice: “Undefined index: move-login_custom_page_url”
Fix#838: Move Login password page won’t work
Fix#855: Do not display SecuPress in admin footer and if hide WordPress version active, hide it in admin footer too
Fix#879: Missing items in our admin bar menu
Security Fix#844: A visitor can ban any IP
1.4.12 – 26 May 2020
Fix: Don’t ban IP, just block. This will prevent false positives on Banned IPs but still can block bad stuff.
Removed: The AntiFront BruteForce feature doesn’t exist anymore, too much false positive since now, websites can need may requests.
188.8.131.52 – 22 Fev 2020
Fix: fatal error during cron background tasks
1.4.11 – 18 November 2019
Improvement#759: GeoIP blocked IP will be logged as “critical” now.
Improvement#748: Antibrute Force on Front will be logged as “critical” now.
Improvement#749: You can now use the PHP bypass constant SECUPRESS_ALLOW_LOGIN_ACCESS for both Move Login and PasswordLess.
Fix#772: PasswordLess fields were not correct since WP 5.3
Fix#771: Move Login “logout” link was not correct since WP 5.3
Fix#768: “Prevent User Creation” was preventing users to change their passwords
Fix#763: Alerts modules was not activated on demand
Fix#757: “Site Health” will not be an empty page anymore when you didn’t scanned yet your site with SP.
Fix#755: PHP Error message with secupress_get_submodule_file_path()
Fix#747: Brute Force module activation does not requires 2 clicks on save button.
Fix#746: Message more specific when switching to pro version.
Fix#745: Purge the bruteforce table more efficiently
Fix#744: Banned IPs are now the top prio over “bad url content” module
Fix#743: Better datation for banned IPs
Fix#742: Better hooks content for secupress.plugin.passwordless_email_activation_subject and secupress.plugin.passwordless_email_activation_message
Fix#726: Uncaught Error: Call to a member function views() on null in /inc/classes/common/class-secupress-logs-list.php:165
1.4.10 – 26 August 2019
New Feature#736: Do not allow User Creation
Fix#737: Blacklist IP didn’t worked as expected, fixed now.
Fix#733: Add a try/catch on shell_exec test to prevent fatal errors (seems that functions_exists is not enough oO)
Improvement#734: Prevent the plugin to be tagged as malicious because of all the “bad words” contained in the code
184.108.40.206 – 14 August 2019
Fix the “secupress_filter_scanner” PHP error, props Loic Martin
220.127.116.11 – 24 July 2019
SF Move Login is not allowed anymore as a replacement plugin for our Move Login module
A new filter `secupress.move-login.override-plugins` is not there to add your plugin if needed.
Fix#729: Improve the detection of bad contents
Fix#731: Site Health page is on error is no scanner has been done yet (of course !)
Fix#732: Some menus links could be modified by SecuPress
Fix#536: Translations in pro were having “secupress” domain instead of “secupress-pro”…
Security Fix: Move Login will not display the new login page in an certain exploit (see secupress.me blog, related to “wps hide login” flaws)
18.104.22.168 – 21 June 2019
Improvement: Add more details on block page for better support
Fix: Remove some agressive bad content rules that triggered the block page too often
Fix: Fatal error on plugin activation if a module has to be silently activated (not so often)
Fix: Better result for some scanners that were not valid (but the protection was there!)
22.214.171.124 – 18 June 2019
Fix: Fatal Error on Pro update for some users
1.4.9 – 17 June 2019
New: New scanners to match Site Health: HTTPS, Communication with WP.org.
New#707: New Site Health page from WP 5.2 is now managed by SecuPress for all “security” points.
Improvement: Remove 2 textarea fields from firewall, too many times blocked by hosts, use a hook if you really want to customize the rules.
Improvement#717: Update firewall rules with custom 7G rules.
Improvement#701: GeoIP Module is now compatible with IPv6.
Improvement#705: Move Login can now be configured to display a custom message or redirect on a custom page.
Improvement#721: Whitelist and Blacklist in “log” module are now compatibles with IPv6, IP ranges and IP lists than can be copy/pasted.
Improvement#724: Remove all actions before get_users() for passwordless to prevent someone/a plugin to hack the list, resulting on not being possible to log-in.
Improvement#725: Function secupress_send_mail() replace blogname with url if empty, yes it exists.
Fix#705: Updates (for SecuPress of other plugin, sometimes) were not always visible.
Fix#709: “Alerts” settings were not saved correctly.
Fix#720: Uncaught Error: Call to undefined function secupress_filter_scanner()
Fix#723: Antispam forbid usage of pb and tb is removing too much.
1.4.8 – 30 april 2019
Improvement#696: add blogname in the email in secupress_retrieve_password()
Improvement#697: Update the PHP minimum values. Bye 5.x, welcome 7.x
Improvement#698: remove admin-bar.php from the bad url access scanner
Improvement: Remove the “page protect” module, we don’t need this protection finally.
Improvement: Various CSS and PHP improvements.
Fix#686: (again) The scanner for “bad user agent header” could not read the correct value, Grade A was not possible, it’s back in the game!
Fix#700: fix geoips db table name
Fix#702: Warning: "continue" targeting switch is equivalent to "break". in /secupress/inc/classes/settings/class-secupress-settings.php on line 972
Fix#703: Notice: Undefined index: confidence in /secupress/inc/modules/antispam/plugins/fightspam.php on line 732
1.4.7 – 26 september 2018
New#689: Dark Mode compatibility! Check https://wordpress.org/plugins/dark-mode/ (merge in core proposed)
Improvement#680: Add all “debug” and “.log” files to the “anti disclose readme/changelog” feature
Improvement#683: Add 2 filters on captcha messages to replace the default “Yes i‘m a human” and “Session expired”. See `secupress.plugins.login-captcha.checkbox.text` and `secupress.plugins.login-captcha.error.text`
Improvement#684: Better 64 bits check.
Improvement#685: Better “stop user enumeration” on Rest API, (JSON return instead of diying)
Improvement#679: Compatibility with PHP7 for a vendor package (PDF)
Improvement#686: Remove the HTML tags check from “bad user-agents” feature. Too many false positive since WP 4.9.8 😐
Fix#691: GeoIP was returning false since 1.4.5 because of the bad prepare format.
1.4.6 – 9 august 2018
New#668: Add support for https://fr.wordpress.org/plugins/2fas-light/ as a 2FA plugin
New#676: SecuPress Expert Mode. You can set a SECUPRESS_MODE constant on “expert” to hide descriptions and help all over the plugin to have a clear interface.
Improvement#663: GeoIP module can now bypass real seo bots! So you can block USA but still got Google on your website for example.
Improvement#665: Backups are now done using offset, this means that there is more chance to finish instead of dying.
Improvement#670: GeoIP database will update everyday automatically using a cron. You and your visitors won’t fell the update. Why everyday? Because everyday IPs are changing (in fact, every second… but I didn’t want to be so mean). This will prevent false positives and false negatives from your visitors, bots, crons.
Improvement#671: Strip URLs from UA before check bad UA to prevent false positives.
Improvement#672: Better compatibility for secupress_get_main_url compat().
Improvement#675: Add a checkbox for login errors module to allow its deactivation.
Fix#660: Fix the JARVIS encounter in a bad SecuPress settings link.
Fix#661: SECUPRESS_HIDE_API_KEY was not hiding the key anymore, ironic.
Fix#664: Fatal error: Uncaught Error: Call to undefined function secupress_global_settings_activate_pro_license() in /secupress-pro/core/core.php:227
Fix#667: WP Cron Fatal error: Uncaught Error: Call to undefined function secupress_scanit() in /secupress-pro/inc/modules/schedules/plugins/inc/php/class-secupress-background-process-schedules-scan.php:47
Fix#673: MoveLogin with nginx sais you have to “remove” rules instead of adding them. Funny or not.
126.96.36.199 — 27 june 2018
New: Hotfix a non patched vulnerability in WordPress Core, read more at https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
1.4.5 – 18 june 2018
New#659: You can now set a scanner speed on scanner page, just below the scanner button. This is designed to resolve some server issue that does not love/allow too much (ajax) requests at the same time (30+ in 1 sec by default to 0,25sec or 1 per sec now). Improvement#649: Change the behavior of the scanner for minimum role. It’s not ‘Subscriber‘ anymore but ‘Not Administrator‘, so you can now set your default role on “Customer” or whatever without being tagged as “bad“.
Improvement#655: The new “confirmaction” links on WP 4.9.6 were showing the new moved login page. It will now show a “confirmaction” shortcut when move login is active.
Improvement#657: Remove the “Ask for support” on each scan result in step 3, nobody was using them.
Fix#626: Block Fake SEO Bots won’t block Facebook share anymore.
Fix#640: Import file was tagged as “empty”, not anymore.
Fix#641,#647: Some module were impossible to activate/check, it’s now ok.
Fix#642: Warning: count(): Parameter must be an array or an object that implements Countable in /secupress/inc/functions/common.php on line 1288
Fix#643: The “Add my license” and “Settings” link is now correct.
Fix#644: GeoIPs database will now work on 32 bits servers (INT MAX issue).
Fix#645: GeoIPs database has been updated to perfectly match countries, and won’t block an unknown country now.
Fix#646: Warning: shell_exec() has been disabled for security reasons in /secupress/inc/functions/ip.php on line 229
Fix#648: Fatal error: Cannot redeclare secupress_remove_comment_feature_add_packed_plugin() (previously declared in secupress-pro/core/modules/antispam/callbacks.php on line 64
Fix#650: Fatal error: Uncaught Error: Call to undefined function secupress_pro_settings_white_label_callback() in /secupress/inc/modules/welcome/callbacks.php on line 27
Fix #651: Move login and subfolder love/hate again.
Fix #654: Warning: fileperms(): stat failed for /index.php in /secupress/inc/functions/files.php on line 29
Fix #656: The scanner step 3 was not showing all the possible fixes.
1.4.4 – 23 may 2018
New Dashboard: The first module page is now a dashboard, you can see your licence info here now.
New: You can now reset the SecuPress settings or just module per module.
Improvement#628: GeoIP Database has been updated with new IPs
Improvement#630: Force strong password is now available on reset form too.
Fix#614: Exported settings file doesn’t contains the whitelabeled name, this will prevent the impossibility to import this file
on another website whitout the same whitelabel name.
Fix#617: Warning: shell_exec() has been disabled for security reasons in /secupress-pro/core/functions/ip.php on line 229
Fix#620: PHP Fatal error: Uncaught Error: Call to undefined function secupress_global_settings_activate_pro_license() in
Fix#622: Warning: count(): Parameter must be an array or an object that implements Countable in
/secupress/functions/common.php on line 1288
Fix#625: Remove “Wget” from bad User Agents
Fix#626: Facebook share post parser was blocked by block fake bot module
Fix#627: GooglePageSpeed too
Fix#628: GeoIP will not block anymore an unknown IP address (country not found)
1.4.3 – 9 may 2018
New#605: New feature added in Sessions Control module: Send a reset link to users
Improvement#599: UI was not full width
Improvement#600: Checkboxes in step 2 seems enabled
Improvement#602: Compat with HostPAPA.ca
Improvement#609: Remove the notices “These options are disabled…”
Improvement: Remove every check about WP being under 4.0
Fix#597: Fatal error when updating using folder overwrite (FTP for example)
Fix#598: GooglePageSpeed is blocked by Fake SEO Bots module
Fix#601: 404 on PHP should block but not ban
Fix#606: regex of fake bots’ user agents was too large
Fix#607: Alerts were always sent every 15mn, even with a higher number
Fix#608: Fix “Warning: set_time_limit() has been disabled for security reasons”
1.4.2 – 23 april 2018
Improvement#587: Remove SecuPress main logo on whitelabel (there is still some, wait!)
Improvement#589: API Key is hidden behind ••••• chars.
Improvement#592: Add a Facebook link when grade is A to share the result.
Fix#587: CSS missing when whitelabel is on.
Fix#588: Move Login died when it should not.
Fix#591: Block Fake Bots should not block real bots, right?
Fix#595: Fatal error when blocking User Enumeration on REST API
Fix#596: Security Fix: The new moved login page could be guessed because of a redirect due to a lack of “die()”, there is no more whitelist condition now. Thanks to Aymen Borgi.
1.4.1 – 18 april 2018
Improvement#583: Better PHP Version detection and warning (php 7 is now the best recommended one)
Improvement: Easy Login scan will now detect correctly 15 2FA plugins, not only our PasswordLess module.
Fix#581: You can now correctly disconnect if you’re using Move Login Page.
Fix#582: You can now correctly save the malware scan option page.
Fix#586: Possible 503 error : “The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.”
1.4 aka Hotrod – 11 avril 2018
New: PHP required version is now 5.4 (and will grow at each major version)
New: WordPress required version is now 4.0 (and will grow at each major version)
New#490: Block User Enumeration Feature
New#551: Ban 404 on .php Files Feature
New#544: API Key is hidden by default, you can also hide the full block using the new constant `SECUPRESS_HIDE_API_KEY` (will be set to true if `SECUPRESS_API_EMAIL` and `SECUPRESS_API_KEY` are set)
New#557: New constants `SECUPRESS_API_EMAIL` and `SECUPRESS_API_KEY` to overridde data from settings
New#558: New filter `secupress.pre_scan.$class` to shortcut any scanner
New#564: Block Fake SEO Bots Feature
New#562: New filter `secupress.get_email` to change the email when sending
New#567: New filter `secupress.nginx.notice` to prevent Nginx notices to pop
New#572: New filter `secupress.settings.load_plugin.$plugin` to prevent a full block of settings to be displayed
New#572: New filter `secupress.settings.field.$args[‘name’]` to hide an option from a setting block
New#576: New scan 404 on .php files
New: Pro version is now required to auto-fix issues on step 2 in the scanner
Improvement#242: When Pro is active, you’ll see a small yellow Ezio (the eagle) logo on each pro feature, so you know what is a pro feature.
Improvement#401: Remove outdated scanners and features : REST API Blocking, Non Login Time Slot, DirectoryIndex, no need that now.
Improvement#480: Change the way we display the anti sqli scanner code, more lorem, more ipsum, less random
Improvement#541: Change the way we load Move Login to prevent any “404 management” plugin to generate conflict
Improvement#550: Move Login will now let the priority to “WPS Hide Login” and “SF Move Login”
Improvement#553: Move Login will now redirect into the dashboard if the user is logged in
Improvement#563: Do not log banned IPs
Improvement#569: Let the possibility to go to step2 without launching a new scan
Improvement#570: Revamp of the “Get Pro” page (use an external link instead haha)
Improvement#571: Remove the hardcoded ads, add more help instead + you can still disable the full bar using the filter `secupress.no_sidebar` or just future ads with `secupress.no_sideads`
Improvement#573: Add a 3rdparty.php file to have a better detection of 2FA plugins installed, and better compat with hosts like WPServeur and O2Switch
Fix#470: Some messages could be in 2 different languages in the scan results
Fix#533: Move Login was not acting correctly when subfoldered
Fix#543: ManageWP couldn’t always correctly access the plugins list, now it’s ok
Fix#545: Move Login new page was disclosed by wp-signup.php page
Fix#559: Notice: Undefined index: move-login_login-access in /secupress/modules/users-login/callbacks.php on line 246
Fix#565: GEOIp was not blocking all countries correctly
Fix#566: Anti Bruteforce Front was not blocking all requests correctly
Fix#568: Remove the Captcha hidden field, too much false negatives
1.3.3 – 04 september 2017
Fix#527, #526, #525, #524, #509: Passwordless now send an email when activated (each time), not at each page save.
1.3.2 – 01 september 2017
Improvement: When PasswordLess is activated, you’ll have to valide this action by clicking on a link in an email. This will prevent you to be locked out.
Fix #502: Move login and PasswordLess are friends, again.
1.3.1 – 02 august 2017
New #510: Remove the “Avoid Double Logins” module since it’s not efficient enough
Improvement #511: You dont have to add 2 email addresses for the alerts
Improvement #478: Display a message when the malware scan found nothing
Improvement #512: Remove the recovery email notice, you won’t need to fill this anymore
Improvement #507: Lighter Move Login module with less options, no .htaccess/web.config/ngnix.conf modifications but more decisions and less bugs instead of endless bugs.
Improvement #506: Remove the scan and fix for empty user agent (not efficient enough in 2017, too much false positive)
Improvement #505: Remove the scan and fix for too long URLs (not efficient enough in 2017, too much false positive)
Improvement #488: New bad user agent (Gecko/2009032609 Firefox), thanks to Fabrice from wpformation.com
Improvement #481: Better message (less sarcastic, yes) when you lock yourself out.
Fix #504: On some servers, $_SERVER[‘SERVER_ADDR’] does not exists, well, ok.
Fix #502: Move login was not cool with PasswordLess
Fix #501: Some multisites websites could not validate their licence.
Fix #473: Captcha always returned “human verification fail” when autofill from browser is enabled.
1.3 aka Bleeding Edge – 18 july 2017
New: you don’t need the Free version to run the Pro version now: one plugin is enough.
New: migrating between the Pro plugin and the Free plugin is now easier.
Improvement #457: no more errors after editing the wp-config.php file. We added a sandbox that doesn’t keep
modifications in place if there is a problem.
Improvement #448: Better detection of user’s right for DB scan
Improvement #365: removed OrangeBot from the bad user agents list.
Improvement #337: captcha is now also available on the user registration page.
Improvement #308: Sometimes after a scan (step 1), some results are still tagged as “new”, you should encounter less cases.
Improvement #268: settings page lock: scanners page and logs page are now locked.
Improvement #247: malware scan: wp-config-sample.php is not flagged as missing from core anymore.
Improvement #180: added a warning about disabling the XML-RPC API.
Fix #469: customize.php redirects to the login page (thanks to @wpmarmite)
Fix #454: logs export: the file name was wrong. Moreover, now it includes the date.
Fix #451: Fatal error on WP <4.2.11 when sending emails
Fix #448: on some rare cases, the tables prefix couldn’t be changed because “the user doesn’t … have edition rights”.
Fix #417: malware scan: huge files are skipped (otherwise the process never ends).
Fix #416: malware scan: sometimes it couldn’t be stopped.
Fix #414: fixed some PHP 7 errors.
1.2.7 – 18th April 2017
Improvement: removed the monthly plans from the “Get Pro” page and improved a few things.
188.8.131.52 – 06th April 2017
Improvement #450: use a new API for the “Get Pro” page, to fetch prices.
Improvement #445: display the missing “Rate us” box in the settings page.
Improvements #387 and #449: changed a few things in the “Get Pro” page, mainly focused on the monthly plans.
Fix #447: prevented Move Login to change `&` characters into `&` in filtered URLs, it may cause problems when used as a redirection target.
184.108.40.206 – 19th March 2017
Fix #424: a htaccess server error appeared if you were using WP
1.2.5 – 16th March 2017
Improvement #413: improved PHP and WP version check on activation.
Improvement #408: improved Move Login settings. Now you HAVE to specify a new login URL: no default value anymore, no forgotten URL anymore. Also, your new URLs can be seen while you type in 🙂
Improvement #397: improved the theme/plugin installation/upload sub-modules: even white-listed IPs are blocked now.
Fix #402: in some cases, the scan testing the `readme.html` direct access was testing a wrong URL.
Fix #111: added the IP address `0.0.0.0` to the hardcoded white-list. It should prevent some cron processes to be blocked (because of an empty User Agent for example).
Improvement #397: improved the theme/plugin activation/deactivation/deletion sub-modules: even white-listed IPs are blocked now.
Fix #415: on some installations, the file `fpdf.php` was constantly showing in the malware scan, even being in the smart white-list.
Fix #409: the backup process couldn’t create the backup folders (D’OH!).
Fix #325: the protection against bad file extensions wasn’t working if domain sharding is used for medias.
1.2.4 – 28th February 2017
Improvement #382: if the salt keys scan still reports problems after the MU plugin is created, it will still try to fix it.
Fix #282: links in email messages should now be fine.
Fix #170: the notice saying the `.htaccess` file is not writable now is displayed only if the file exists.
Tested with php 7.1.
Various small fixes and improvements.
Fix #393: settings and profile pages were not accessible when the password protections are enabled.
Fix #374: the malware scanner doesn’t report empty files as malwares anymore.
Fix #327: in the malware scanner, white-listed files and “old WP files” are now removed from the “not from WP core” list.
Fix #209: in the malware scanner, the “scan” button wasn’t reporting the right status on first scan (only after reloading the page).
Fix #283: use the right charset collate for the “Anti Front Brute Force” and “GeoIP Management” database tables.
Fix #282: links in email messages should now be fine.
Fix #391: whenever an IP address is banned, the message was displayed to everybody.
1.2.3 – 20th February 2017
Improvement #370: in the scanner, each scan has now its own documentation ?. The “Read the documentation” links can be found at step 3, the Manual Operations.
Improvement #357: for the “Too Long URL” protection, requests made with `wp_request_***()` to self are not blocked anymore.
Fix #373: fixed a bug that allowed a specifically forged URL to cheat the “Too Long URL” protection.
Fix #367: fixed a PHP notice `Missing argument 2 for SecuPress_Action_Log::pre_process_action_wp_login()`.
Fix #363: fixed a possible failure on step 2 of the scanner (Auto-Fix).
Fix #352: revamp the whole “Auto Update” scan and protection, mainly focusing on the constant definitions.
Fix #347: the Twitter bird now can sing correctly.
Fix #343: when some scans display a message “Unable to determine…”, a link to activate manually the protection should be displaying. Some were missing.
Fix #329: the directory listing scan now reports a “Good” status if folders display an empty page with HTTP code 200.
Improvement #321: the malware scan now has a way to toggle multiple checkboxes at the same time. Yay for speed.
Improvement #273: logged in users are not considered as spam by the antispam anymore.
Fix #369: reviewed our 3 log-in protections (PasswordLess, Only One Connection, Captcha). Lots of work has been done to prevent users to be locked out.
Fix #368: fixed a `gzinflate()` error while importing settings. The down side is *old settings exports won’t work anymore: please do new settings exports after this update*.
Fix #360: in the malware scan, removed Akismet from core files. Sometimes it is not included in WordPress releases and triggers false positives.
Fix #349: alerts were still reporting whitelisted IPs.
1.2.2 – 27th January 2017
Fix #355: fixed a “recursion” that caused some scans to return a “bad” status while the corresponding protections were working
Fix #351: fixed license invalidation on multisite or multilingual sites.
Fix #346: fixed a PHP warning about `vsprintf()` in the scanner page.
Fix #345: don’t manipulate headers if they have been already sent.
Fix #313: fixed one of our easter eggs. ?
Fix #256: in the `wp-config.php` file, don’t comment a constant that is already commented or the sky will fall.
Fix #46, #154, #328, #348: fixed the whole chmod scan. Some fixes made in version 1.0.3 dramagically disappeared at some point, we bring them back: chmod values are correct again, test for the `web.config` file is back (if applicable). In the scan result, the list of files/folders were incomplete. In the scan result, folders are not called files anymore. Test for `.htaccess` and `web.config` existence instead of testing for Apache / IIS7.
Improvement #356: added back a “View details” link on the plugin row (in the plugins list), so the changelog and all the info can be viewed anytime.
Fix #269: fixed PDF export failure.
1.2.1 – 11th January 2017
Happy new year! ?
Improvement #336: prevent a rare PHP warning: array_count_values() can only count string and integer values! that could mess with the scan results.
Improvement #322: CSS animations are no more on Logs page, interacting with them is now easier.
Fix #342: in the Malware Scan module, the “Save All Changes” button under the Directory Index option was disabled.
Fix #340: solve a fatal error on deactivation.
1.2 aka Heavy Duty – 20th December 2016
New: up to 12 options for you to control. Directory Index, Directory Listing, PHP modules disclosure, PHP version disclosure, WordPress version disclosure, Bad URL Access, Protect readme files, WooCommerce and WPML version disclosure, File edition constant, Unfiltered HTML constant, Unfiltered uploads constant: all these protections can now be activated and deactivated separately as needed
New: some scans were slightly modified, so here is a new one that will test only the ShellShock vulnerability
New: if a scan displays a “Not able to access your front page” message, it brings you the possibility to activate the protection anyway.
Improvement #118: in the scanner’s manual fixes, the “Ignore this step” button is more understandable.
Improvement #147: in logs and alerts, no more “UAHE”, “BUC”, or any other obscur codes when a request is blocked, only a human readable sentence.
Improvement #199: the User Agent blacklist is now case sensitive.
Improvement #274: if you use a “Coming Soon” or “Maintenance” page, manual scans have now a small drill and can get through it and will no longer trigger a “Not able to access your front page” message for this reason.
Improvement #286: updated the “no longer in directory” and “not updated over 2 years” plugins lists.
Improvement #289: the scan message related to the constant `COOKIEHASH` is more accurate.
Improvement #290: whitelisted IPs don’t trigger alerts and logs when they are *not* blocked.
Improvement #297: the checkbox to activate the protection to deny access to malicious file extensions in the uploads folder now displays rewrite rules if the configuration file is not writable.
Improvement #324: tell cache plugins not to cache our blocking messages nor the login pages.
Improvement: prevent our icons to be overridden by other plugins or themes.
Fix #264: the scanner related to the admin user wouldn’t fix anything in a specific case. Nothing is better than a whip sometimes.
Fix #265: fixed a message displayed by the chmod scan. In some cases it was speaking nonsense about files `/` and `/`.
Fix #281: “Ask for old password” and “Strong Passwords” are now besties
Fix #285: typo in a `IfModule`
Fix #291: the fix related to the WordPress version disclosure ate the rewrite rules on Nginx. So we made it give them back (that was kind of scary).
New: the malware scanner now has a smart whitelist. You can also mark files as “not a malware”: when we receive enough notifications about the same file, it is included in the whitelist for everyone.
New: redesign the malwares scan’s page.
New: up to 12 options for you to control. Directory Index, Directory Listing, PHP modules disclosure, PHP version disclosure, WordPress version disclosure, Bad URL Access, Protect readme files, WooCommerce and WPML version disclosure, File edition constant, Unfiltered HTML constant, Unfiltered uploads constant: all these protections are now activatable and deactivatable separately when you want
Improvement #139: cleanup our crons on plugin deactivation.
Improvement #189: better plugin activation and deactivation processes.
Improvement #196: now you can also deactivate your license directly within the plugin.
Improvement #203: now you can send a support request even if the emails are not working on your server.
Improvement #290: whitelisted IPs don’t trigger alerts and logs when they are *not* blocked.
Improvement #298: now PasswordLess, Avoid Double Logins, and Captcha work better together
Fix #208: repaired layout on the “See differences”‘s page.
Fix #312: changed the PDF reports file name to prevent bad encoding.
1.1.3 – 07th November 2016
Improvement #258: Remove the blog_id and website URL in the new salf keys to avoid having to log in on each website on a multisite, was just annoying.
Improvement #259: Better hook usage to allow any cache plugin (like WP Rocket of course) to ignore login page.
Improvement #195: Better Move Login rules on Ngnix. And better rules in general for all modules.
Fix #262: Some firewall sub-modules are not working in frontend, the functions were not in the right file 😐
Fix #252: X-Powered by header was not hidden on Ngnix. Ngnix my friend …
Fix #250: WPML still appeared as a “bad plugin removed from repo”, well, the whitelist filter was not used.
1.0.2 – 07th November 2016
Fix #255: Warning: Missing argument 2 for SecuPress_Alerts::_wp_login_test() in /inc/modules/alerts/plugins/inc/php/alerts/class-secupress-alerts.php on line 299.
Fix #253: Bad File Extensions were not protected on Nginx. Ngnix my friend…
Fix #249: The Only One Connexion module didn’t worked as expected, now, it is.
Fix #248: Import settings didn’t import setting, now, it import settings.
1.1.2 — 25th October 2016
Just new prices table compatibility
1.0.1 – 22th October 2016
Improvement: typos, and missing translations.
Fix #210: The plugin could be activated without the free version, merge drama.
Fix #222: Fatal error, we’re requiring a non existant file from free instead os pro version.
Fix #225: Text encoding in PDF export was broken on accents.
Fix #233: Fatal error in class-secupress-background-process-file-monitoring.php “Can’t use function return value in write context”, now the context is right.
1.1.1 — 22th October 2016
Improvement #216: The button “Ask for support” is now always present on scanner step 3
Improvement #205: typos, and missing text domain
Fix #186: Add description and author to the COOKIEHASH MU plugin
Fix #204: When fixing the last thing in step 3, redirect to step 4
Fix #207: Table prefix fix won’t show up on step 3
Fix #219: PDF Export not exporting anything, wow.
Fix #224: In scanner JS, HTML entities were in status text.
Fix #227: Notice on affected role section Undefined index: double-auth_affected_role in /inc/admin/functions/modules.php on line 555
Fix #232: Bad request methods scan returned false negatives status.
1.1 — 19th October 2016
New: Design revamp for modules homepage
1.0 aka Mark I – 18th October 2016
1.0.6 — 18th October 2016
Fix #158 & #179: Affected roles on modules were reset to empty. I prefer a filled field.
Fix #159: The error message from files backup talked about DB backup. Go home!
Fix #178: The PasswordLess scan will now check if its module is active, and in a near future will really check for any 2FA code.
Fix #185: A mysterious “////” title was present in the french translation, near “XML-RPC”.
Fix #190: The module link in the non login time slot scan has now its # to get a correct anchor. Happy sailor.
Fix #191: A function was missing, so the PasswordLess scan couldn’t activate its module, now, he can and he’s happy too.
Fix #193: The antibruteforce scan always said “false” because we didn’t call him by its real name.
Fix #197: When one of our muplugin was created on plugin deactivation, it triggered a fatal error, it was so fatal that we decided to remove it.
1.0.5 — 07th October 2016
Fix #167: Possibly locked at step 1 with a fake “New scan” for readme.txt files, you’re not stuck anymore.
Fix #166: Various CSS improvements.
Fix #171: Scans related to the firewall were always returning a bad status, even if the protections were running.
Fix #172: The scan and the protection related to the “Bad request methods” were not accurate.
Fix #176: A SQL warning occurred if you didn’t had logs to delete from 1.0.4, a new IF condition has been added to prevent that.
1.0.4 — 26th September 2016
TAKE CARE, ALL YOUR LOGS WILL BE DELETED! THANK YOU
Improvement #164: Logs are now lighter and can be deleted much faster
New #160: Add a filter named `secupress.remote_timeout` if you got too many “Pending” status in scanner, add more timeout since cUrl is not always gentle with us ><
1.0.3 — 14th September, 2016
Improvement: Commented salt keys (previously fixed) will now be deleted to avoid another error 500 case (in case of, you know)
Improvement: The banner button has now a better display on tiny screen
Improvement: Since SecuPress is compatible with WP 3.7 and 3.8, the icons are now compatible too
Improvement: Better bad user-agent blacklist, some were too current and blocked legit users.
Fix: User-Agent with more than 255 chars won’t be blocked anymore, too many false positive cases
Fix: The recovery email can now be set even if 2 users got the same email address (don’t ask …)
Fix: wp-config.php file permissions was sometimes set on 064 and broke some sites when autofix was done.
Fix: The PHP version warning was marked as bad for nothing, it will now mark it correctly
1.0.2 — 02nd September, 2016
Fix: The PHP Notice: wp_enqueue_script/wp_enqueue_style called incorrectly is now called correctly and won’t disturb you anymore everywhere in your admin area
Fix: The Error 500 caused by commented salt keys will not happen again
Fix: We removed the “ping” keyword from the bad user-agents since “pingdom” is not so malicious, isn’t it?
Fix: SecuPress couldn’t fix the “admin user” scan with open registration and no admin account.
Fix: The TinyMCE editor is not broken anymore, you can use it normally now \o/
1.0.1 — 31th August, 2016
Fix: The PHP Fatal Error on activation or deactivation has been killed.
Fix: Warning in class-secupress-scan-bad-vuln-plugins.php, we won’t use $this in a static method anymore, promise.
Fix: Warning in class-secupress-scan-bad-vuln-plugins.php, ok this one is the last.
Fix: Warning in class-secupress-scan-bad-old-plugins.php, well, it was the real last one.
Fix: Warning in settings.php usage of a protected method is now allowed.
Fix: Warning in modules.php because we called secupress_insert_iis7_nodes() without the second mandatory argument.
Fix: The following PHP Parse error "syntax error, unexpected 'ai' (T_STRING) in mu-plugins/_secupress_deactivation-notice-nginx_remove_rules.php" won’t show up anymore for french users.
1.0 aka Mark I — 23th August, 2016
Initial release \o/
Free Download SecuPress PRO v2.1.1 – WordPress Security Plugin :
Trong khi chờ đợi, vui lòng nhấn vao quảng cáo phía trên để tác giả có phí duy trì website , xin cám ơn ^^^
In the meantime, please click on the ad so that the author has a website maintenance fee, very very very thank you ^^^ !!!!
Join our official telegram group and channel for latest updates.