The new release from AIOS has improved key features of the UI, leading to a smoother experience and a more intuitive, easy to use interface for users. Important elements which have been updated include a complete overhaul of the scanner page, as well as a number of new user interface widgets. Multiple admin menus have also been merged into one, nested under a new user security menu.
We would also like to thank Naveen Muthusamy for discovering a defect which would have allowed potential hackers to access websites via hidden login pages on multisite installs. This defect has now been fixed.
For a full list of changes, please see the changelog below:
Changelog:
* SECURITY: On a multisite install, if using the AIOS feature for renaming and hiding the login page, a route existed for an attacker to discover the hidden login page, thus negating the usefulness of the feature. Thanks to Naveen Muthusamy for disclosing this defect.
* FEATURE: Block POST requests that have a blank user-agent and referer
* FEATURE: Added reverse IP Lookup data to the login lockdown notification email
* FIX: Prevent a fatal error when setting up the firewall if the host has disabled the function parse_ini_file
* FIX: Prevent the firewall message store from filling up with unused entries
* FIX: Prevent legitimate Googlebot traffic being blocked on sites where the gethostbyaddr function fails or is disabled
* FIX: An issue that prevented MainWP updates from being performed correctly
* FIX: Prevent user enumeration via the REST API and oEmbed protocol
* FIX: User agent blacklist not matching all strings correctly
* FIX: Logged in user table not showing the correct information
* TWEAK: Improve comment spam detection by using hidden fields and cookies
* TWEAK: Login whitelist suggests both IPv4 and IPv6 addresses to whitelist
* TWEAK: The menu actions in the dashboard admin menu are now processed via AJAX
* TWEAK: Converted checkboxes in the admin menu pages to switches
* TWEAK: Add network_id and site_id column to debug logs table for differentiating logs between sites on multisite
* TWEAK: Combined various user admin menus into a new ‘User Security’ admin menu
* TWEAK: Export configuration filename now reflects the local timezone.
* TWEAK: Improve the UI/UX of the file scanner making way for future improvements
* TWEAK: Redesign the feature manager badges
* TWEAK: Removed various admin menu tabs as previously announced
* TWEAK: Add features that depend on other plugins to the feature manager conditionally
* TWEAK: Added a null check to function that removes wp meta info from scripts and styles src to prevent a PHP deprecation warning
* TWEAK: Audit log date and time are now displayed in the sites timezone
* TWEAK: PHP warning undefined array key REQUEST_METHOD in rule-proxy-comment-posting.php
* TWEAK: When TranslatePress is active, logging out via WooCommerce should not show a 404 page if the “rename login page” setting is on.
