Released on: Tuesday, 07 January 2020 05:41
Removed GeoGraphic IP blocking due to changes in MaxMind's policy. MaxMind removed public downloads of the GeoIP library. We are removing the GeoIP-related features in our software per our announcement. Practically, this means that Geographic IP Blocking is removed and emails from Admin Tools will no longer include the country and continent of the IP address being blocked.
Password-protect WP Administration: option to reset custom error pages to avoid 404 errors accessing wp-admin. Some servers are preconfigured to use custom error pages, plain HTML files to be displayed in case of a server error including the HTTP 401 your server sends when you password-protect a directory. Since these servers do not, actually, include these custom HTML error files you end up with a 404 error which prevents you from accessing the password-protected directory. This feature undoes the wrong configuration of these servers to avoid locking you out of your site.
Administrator IP whitelist, Never Block these IPs: you can now add dynamic IPv6 domain names instead of IPs by prefixing them with #. If you are on an IPv6-enabled network and you're using a dynamic domain service that supports IPv6 (such as DynDNS) you can use the
#customdomain.example.com notation everywhere an IP address is accepted to have Admin Tools resolve the domain name to an IPv6 address. This complements the
@customdomain.example.com notation which always resolves to an IPv4 address.
Common PHP version warning scripts. We have normalized the wording of warnings about old, End of Life and dangerously old PHP versions. You will get a reminder to update PHP if it has entered its final year of support, a warning to update PHP if it has recently become End of Life, a much more urgent warning if it's been End of Life for over 6 months and an error if it's no longer supported by our software.
Translations now use the INI format. They are far more practical for translating complex software and the performance difference is a fraction of a millisecond.
Away Schedule is now more clear about the use of time zones. Previously we essentially asked you to guess which timezone the away time was being entered in – well, you could have read the documentation but that's not very convenient. Now we are telling you explicitly.
The Malware Scanner has been rewritten for better performance. We wrote a new site scanner engine from the ground up to make it more performant and use less resources than its previous incarnation.
Bug fixes and minor improvements. Please take a look at the CHANGELOG below.
We officially support only the latest released version of WordPress 4.9 and 5.x.
While our software should run on any WordPress version newer than 3.8 (with several features only working fully or at all on WordPress 4.4 and later) we VERY STRONGLY recommend using the latest version of WordPress only. Newer versions of WordPress address security issues which can not be guarded against through a web application firewall / security plugin. Moreover, newer WordPress versions address bugs and features which by themselves are not security issues but can be used to facilitate the compromise of a site. For example, support for the UTF8MB4 character code may have been billed as “Emoji support” but, in fact, addresses a whole class of very sinister database attacks, hinging on the way MySQL quashes extended characters in plain UTF8 mode, which are impossible to address in a generic firewall.
In short: trying to have a secure site with old code that contains known vulnerabilities is an exercise in futility. Do the smart thing, update WordPress first, then use a security plugin to tighten your security.
We only officially support using our software with PHP 5.6, 7.2, 7.3 or 7.4. We strongly advise you to run the latest available version of PHP on a branch currently maintained by the PHP project for security reasons. Older versions of PHP have known major security issues which are being actively exploited to hack sites and they have stopped receiving security updates, leaving you exposed to these issues.
Our software should still run on PHP 7.0 and 7.1. However, we do not test with these versions and we no longer treat breaking support for these obsolete PHP versions of PHP as a bug.
Our software will not run on versions of PHP older than 5.6 such as 5.5, 5.4, 5.3 or even older.