= 2.6.6 =
* FIX: Improved compatibility with bbPress.
= 2.6.5 =
* FIX: Could not enable Admin Access Protection feature on new installs due to too aggressive testing on security.
= 2.6.4 =
* ENHANCED: Dashboard now shows a more visual summary of settings and removes duplicate options settings with links to sections.
* ENHANCED: WordPress Lock Down options now also set the corresponding WordPress defines if they’re not already.
= 2.6.3 =
* ADDED: More in-line plugin links to help/blog resources
* ENHANCED: Admin Access Protection is further enhanced in 3 ways:
- More robust cookie values using MD5s
- Blocks plugin options updating right at the point of WordPress options update so nothing can rewrite the actual plugin options.
- Locks the current Admin Access session to your IP address – effectively only 1 Shield admin allowed at a time.
= 2.6.2 =
* ENHANCED: Added option to completely reject a SPAM comment and redirect to the home page (so it doesn’t fill up your database with rubbish)
* ADDED: Plugin now has an internal stats counter for spam and other significant plugin events.
= 2.6.1 =
* ADDED: Plugin now installs with default SPAM blacklist.
* ADDED: Now automatically checks and updates the SPAM blacklist when it’s older than 48hrs.
* ENHANCED: Comment messages indicate where the SPAM content was found when marking human-based spam messages.
= 2.6.0 =
Major Features Release: Please review SPAM comments filtering options to determine where SPAM goes
* FEATURE: Added Human SPAM comments filtering – replacement for Akismet that doesn’t use or send any data to 3rd party services. Uses Blacklist provided and maintained by Grant Hutchinson
* ENHANCED: Two-Factor Login now automatically logs in the user to the admin area without them having to re-login again.
* ENHANCED: Added ability to terminate all currently (two-factor) verified logins.
* ENHANCED: Spam filter/scanning adds an explanation to the SPAM content to show why a message was filtered.
* FIX: For PHP warnings while in php strict mode.
* CLEAN: Much cleaning up of code.
= 2.5.9 =
* FEATURE: Added option to try and exclude search engine bots from firewall checking option – OFF by default.
= 2.5.8 =
* FEATURE: Added ‘PHP Code’ Firewall checking option.
= 2.5.7 =
* IMPROVED: Handling and logic of two-factor authentication and user roles/levels
= 2.5.6 =
* FEATURE: Added ability to specify the particular WordPress user roles that are subject to 2-factor authentication. (Default: Contributors, Authors, Editors and Administrators)
= 2.5.5 =
* FEATURE: Added ‘Lockdown’ feature to force login to WordPress over SSL.
* FEATURE: Added ‘Lockdown’ feature to force WordPress Admin dashboard to be delivered over SSL.
* FIX: Admin restricted access feature wasn’t disabled with the “forceOff” option.
= 2.5.4 =
* FIX: How WordPress Automatic/Background Updates filters worked was changed with WordPress 3.8.2.
= 2.5.3 =
* UPDATED: Translations. And confirmed compatibility with WordPress 3.9
= 2.5.2 =
* FEATURE: Option to Prevent Remote Posting to the WordPress Login system. Will check that the login form was submitted from the same site.
= 2.5.1 =
* UPDATED: Translations and added some partials (Catalan, Persian)
* FIX: for cleanup cron running on non-existent tables.
= 2.5.0 =
* FEATURE: Two-Factor Authenticated Login using Yubikey One Time Passwords (OTP).
= 2.4.3 =
* ADDED: Translations: Spanish, Italian, Turkish. (~15% complete)
* UPDATED: Hebrew Translations (100%)
= 2.4.2 =
* ADDED: Contextual help links for many options. More to come…
* ADDED: More Portuguese (Brazil) translations (~80%)
= 2.4.1 =
* ADDED: More strings to the translation set for better multilingual support
* ADDED: Portuguese (Brazil) translations (~40%)
* UPDATED: Hebrew Translations
* FIXED: Automatic cleaning of database logs wasn’t actually working as expected. Should now be fixed.
= 2.4.0 =
* NEW: Option to enable Two-Factor Authentication based on Cookie. In this way you can tie a user session to a single browser.
* FIX: Better WordPress Multisite (WPMS) Support.
= 2.3.4 =
* FIX: Automatic updating of itself.
= 2.3.3 =
* ADDED: Hebrew Translations. Thanks [Ahrale](http://atar4u.com)!
* ADDED: Automatic trimming of the Firewall access log to 7 days – it just grows too large otherwise.
* FIX: The previously added automatic clean up of old comments and login protect database entries was wiping out the valid login protect
entries and was forcing users to re-login every 24hrs.
* FIX: Some small bugs, errors, and PHPDoc Comments.
= 2.3.2 =
* ADDED: Automatic cleaning of GASP Comments Filter and Login Protection database entries (older than 24hrs) using WordPress Cron (everyday @ 6am)
* CHANGED: Huge code refactoring to allow for more easily use with other WordPress plugins.
= 2.2.5 =
* ADDED: Email sending options for automatic update notifications – options to change the notification email address, or turn it off completely.
= 2.2.4 =
* FIX: Small bug fix.
* CHANGED: When running a force automatic updates process, tries to remove influence from other plugins and uses only this plugin’s automatic updates settings.
* CHANGED: A bit of automatic updates code refactoring.
= 2.2.2 =
* CHANGED: Changed all options to be disabled by default.
* CHANGED: The option for admin notices will turn off all main admin notices except after you update options.
= 2.2.1 =
* ADDED: Verified compatibility with WordPress 3.8
= 2.2.0 =
* CHANGED: Certain filesystem calls are more compatible with restrictive hosting environments.
* CHANGED: Plugin is now ready to integate with [iControlWP automatic background updates system](http://www.icontrolwp.com/2013/11/manage-wordpress-automatic-background-updates-icontrolwp/).
* FIX: Login Protection Cooldown feature may not operate properly in certain scenarios.
= 2.1.5 =
* IMPROVED: Improved logic for Firewall whitelisting for pages and parameters to ensure whitelisting rules are followed.
* CHANGED: The whitelisting rule for posting pages/posts is only for the “content” and the firewall checking will apply to all other page parameters.
= 2.1.4 =
* FIX: When you run the Force Automatic Background Updates, it disables the plugins. This problem is now fixed.
= 2.1.2 =
* FIX: A bug that prevented auto-updates of this plugin.
* FIX: Not being able to hide translations and upgrade notices.
* ADDED: Tweaks to auto-update feature to allow interfacing with the iControlWP service to customize the auto update system.
= 2.1.0 =
* ADDED: A button that lets you run the WordPress Automatic Updates process on-demand (so you don’t have to wait for WordPress cron).
* CHANGED: The plugin now sets more options to be turned on by default when the plugin is first activated.
* CHANGED: A lot of optimizations and code refactoring.
= 2.0.3 =
* FIX: Whoops, sorry, accidentally removed the option to toggle “disable file editing”. It’s back now.
= 2.0.2 =
* CHANGED: WordPress filters used to programmatically update whitelists now update the Login Protection IP whitelist
= 2.0.1 =
* ADDED: Localization capabilities. All we need now are translators! [Go here to get started](http://translate.icontrolwp.com/).
* ADDED: Option to mask the WordPress version so the real version is never publicly visible.
= 1.9.2 =
* CHANGED: Simplified the automatic WordPress Plugin updates into 1 filter for consistency
= 1.9.1 =
* ADDED: Increased admin access security features – blocks the deactivation of itself if you’re not authenticated fully with the plugin.
* ADDED: If you’re not authenticated with the plugin, the plugin listing view wont have ‘Deactivate’ or ‘Edit’ links.
= 1.9.0 =
* ADDED: New WordPress Automatic Updates Configuration settings
= 1.8.2 =
* ADDED: Notification of available plugin upgrade is now an option under the ‘Dashboard’
* CHANGED: Certain admin and upgrade notices now only appear when you’re authenticated with the plugin (if this is enabled)
* FIXED: PHP Notice with undefined index.
= 1.8.1 =
* ADDED: Feature- Access Key Restriction [more info](http://icwp.io/2s).
* ADDED: Feature- WordPress Lockdown. Currently only provides 1 option, but more to come.
= 1.7.3 =
* CHANGED: Reworked a lot of the plugin to optimize for further performance.
* FIX: Potential infinite loop in processing firewall.
= 1.7.1 =
* ADDED: Much more efficiency yet again in the loading/saving of the plugin options.
= 1.7.0 =
* ADDED: Preliminary WordPress Multisite (WPMS/WPMU) Support.
* CHANGED: The Firewall now kicks in on the ‘plugins_loaded’ hook instead of as the actual firewall plugin is initialized (as a result
of WP Multisite support).
= 1.6.2 =
* REMOVED: Automatic upgrade option until I can ascertain what caused the plugin to auto-disable.
= 1.6.1 =
* ADDED: Options to fully customize the text displayed by the GASP comments section.
* ADDED: Option to include logged-in users in the GASP Comments Filter.
= 1.6.0 =
* ADDED: A new section – ‘Comments Filtering’ that will form the basis for filtering comments with SPAM etc.
* ADDED: Option to add enhanced GASP based comments filtering to prevent SPAM bots posting comments to your site.
= 1.5.6 =
* IMPROVED: Whitelist/Blacklist IP range processing to better cater for ranges when saving, with more thorough checking.
* IMPROVED: Whitelist/Blacklist IP range processing for 32-bit systems.
* FIXED: A bug with Whitelist/Blacklist IP checking.
= 1.5.5 =
* FIXED: Quite a few bugs fixed.
= 1.5.4 =
* FIXED: Typo error.
= 1.5.3 =
* FIXED: Some of the firewall processors were saving unnecessary data.
= 1.5.2 =
* CHANGED: The method for finding the client IP address is more thorough, in a bid to work with Proxy servers etc.
* FIXED: PHP notice reported here: http://wordpress.org/support/topic/getting-errors-when-logged-in
= 1.5.1 =
* FIXED: Bug fix where IP address didn’t show in email.
* FIXED: Attempt to fix problem where update message never hides.
= 1.5.0 =
* ADDED: A new IP whitelist on the Login Protect that lets you by-pass login protect rules for given IP addresses.
* REMOVED: Firewall rule for wp-login.php and whitelisted IPs.
= 1.4.2 =
* ADDED: The plugin now has an option to automatically upgrade itself when an update is detected – enabled by default.
= 1.4.1 =
* ADDED: The plugin will now displays an admin notice when a plugin upgrade is available with a link to immediately update.
* ADDED: Plugin collision: removes the main hook by ‘All In One WordPress Security’. No need to have both plugins running.
* ADDED: Improved Login Cooldown Feature- works more like email throttling as it now uses an extra filesystem-based level of protection.
* FIXED: Login Cooldown Feature didn’t take effect in certain circumstances.
= 1.4.0 =
* ADDED: All-new plugin options handling making them more efficient, easier to manage/update, using far fewer WordPress database options.
* CHANGED: Huge improvements on database calls and efficiency in loading plugin options.
* FIXED: Nonce implementation.
= 1.3.2 =
* FIXED: Small compatibility issue with Quick Cache menu not showing.
= 1.3.0 =
* ADDED: Email Throttle Feature – this will prevent you getting bombarded by 1000s of emails in case you’re hit by a bot.
* ADDED: Another Firewall die() option. New option will print a message and uses the wp_die() function instead.
* ADDED: Refactored and improved the logging system (upgrading will delete your current logs!).
* ADDED: Option to separately log Login Protect features.
* ADDED: Option to by-pass 2-factor authentication in the case sending the verification email fails
(so you don’t get locked out if your hosting doesn’t support email!).
* CHANGED: Login Protect checking now better logs out users immediately with a redirect.
* CHANGED: We now escape the log data being printed – just in case there’s any HTML/JS etc in there we don’t want.
* CHANGED: Optimized and cleaned a lot of the option caching code to improve reliability and performance (more to come).
= 1.2.7 =
* FIX: Bug where the GASP Login protection was only working when you had 2-factor authentication enabled.
= 1.2.6 =
* ADDED: Ability to import settings from WordPress Firewall 2 plugin options – note, doesn’t import page and variables whitelisting.
* FIX: A reported bug – parameter values could also be arrays.
= 1.2.5 =
* ADDED: New Feature – Option to add a checkbox that blocks automated SPAM Bots trying to log into your site.
* ADDED: Added a clear user message when they verify their 2-factor authentication.
* FIX: A few bugfixes and logic corrections.
= 1.2.4 =
* CHANGED: Documentation on the dashboard, and the message after installing the firewall have been updated to be clearer and more informative.
* FIX: A few bugfixes and logic corrections.
= 1.2.3 =
* FIX: bugfix.
= 1.2.2 =
* FIX: Some warnings and display bugs.
= 1.2.1 =
* ADDED: New Feature – Login Wait Interval. To reduce the effectiveness of brute force login attacks, you can add an interval by
which WordPress will wait before processing any more login attempts on a site.
* CHANGED: Optimized some settings for performance.
* CHANGED: Cleaned up the UI when the Firewall / Login Protect features are disabled (more to come).
* CHANGED: Further code improvements (more to come).
= 1.2.0 =
* ADDED: New Feature – **Login Protect**. Added 2-Factor Login Authentication for all users and their associated IP addresses.
* CHANGED: The method for processing the IP address lists is improved.
* CHANGED: Improved .htaccess rules (thanks MickeyRoush)
* CHANGED: Mailing method now uses WP_MAIL
* CHANGED: Lot’s of code improvements.
= 1.1.6 =
* ADDED: Option to include Cookies in the firewall checking.
= 1.1.5 =
* ADDED: Ability to whitelist particular pages and their parameters (see FAQ)
* CHANGED: Quite a few improvements made to the reliability of the firewall processing.
= 1.1.4 =
* FIX: Left test path in plugin.
= 1.1.3 =
* ADDED: Option to completely ignore logged-in Administrators from the Firewall processing (they wont even trigger logging etc).
* ADDED: Ability to (un)blacklist and (un)whitelist IP addresses directly from within the log.
* ADDED: helpful link to IP WHOIS from within the log.
= 1.1.2 =
* CHANGED: Logging now has its own dedicated database table.
= 1.1.1 =
* FIX: Block notification emails weren’t showing the user-friendly IP Address format.
= 1.1.0 =
* You can now specify IP ranges in whitelists and blacklists. To do this separate the start and end address with a hypen (-) E.g. For everything between 1.2.3.4 and 1.2.3.10, you would do: 1.2.3.4-1.2.3.10
* You can now specify which email address to send the notification emails.
* You can now add a comment to IP addresses in the whitelist/blacklist. To do this, write your IP address then type a SPACE and write whatever you want (don’t take a new line).
* You can now set to delete ALL firewall settings when you deactivate the plugin.
* Improved formatting of the firewall log.
= 1.0.2 =
* First Release
== Upgrade Notice ==
= 1.1.2 =
* CHANGED: Logging now has its own dedicated database table.
* FIX: Block notification emails weren’t showing the user-friendly IP Address format.
* You can now specify IP ranges in whitelists and blacklists. To do this separate the start and end address with a hypen (-) E.g. For everything between 1.2.3.4 and 1.2.3.10, you would do: 1.2.3.4-1.2.3.10
* You can now specify which email address to send the notification emails.
* You can now add a comment to IP addresses in the whitelist/blacklist. To do this, write your IP address then type a SPACE and write whatever you want (don’t take a new line).
* You can now set to delete ALL firewall settings when you deactivate the plugin.
* Improved formatting of the firewall log.