Bug Fix: Fatal error when running on a site with an unprefixed version of Pimple or Psr/Container that was loaded before iThemes Security.

Important: iThemes Security now requires PHP 7.3 and WordPress 5.9 or later.New: Introducing passkeys for Passwordless Login! Users can log into their site using biometrics like Face ID, Touch ID, or Windows Hello. Enable the new "Passkeys" module to add it as a Passwordless Login method.Bug Fix: Preliminary PHP 8.1 compatibility.

Tweak: Add Security Alert when running a PHP version older than 7.3.0. Future versions of iThemes Security will require PHP 7.3.0.Bug Fix: Don't attempt to Hide Backend when a Cron request is being processed.Bug Fix: Prevent entering invalid date values when selecting a custom date range in the Security Dashboard.

Tweak: Require a Title when creating a new Dashboard.Bug Fix: Don't attempt to send a Site Scan notification for Clean scans preventing a fatal error after scheduled site scans.Bug Fix: Initialize Theme in Dashboard Widget rectifying the "An error occurred while rendering this card" message.Bug Fix: Use Site Registration Authentication when performing a Site Scan on Multisite Subsites rectifying the "Request is missing verification credentials" message.

Tweak: Schedule the Automatic Updater to run 5 minutes after a Site Scan finds Vulnerable Software.Bug Fix: Help styling on WordPress 5.9.Bug Fix: Compatibility with plugins that expected a logged-in user during lockouts.Bug Fix: Error when visiting the Notifications page after activating a module with notifications for the first time.Bug Fix: Update deprecated withState usages to useState.Bug Fix: Set a default value for the Notification User Roles control.

Important: iThemes Security now requires WordPress 5.8 or later. New Feature: Introduce a new Import Export feature that allows for greater customization and flexibility. Bug Fix: Scroll to top of window when navigating. Bug Fix: Allow searching for Password Requirements. Bug Fix: Login page would be blank when Passwordless Login was configured to use the "Username First" flow. Bug Fix: Don't load WordPress and System Tweaks modules when the `ITSEC_DISABLE_MODULES` constant is enabled. Bug Fix: Prevent incidentally loading the Two-Factor module when it is unregistered. Bug Fix: Conditionally display the NGINX File Path setting. Bug Fix: Allow saving Notifications when "default recipients must contain at least 1 item" error is present.

Enhancement: Reintroduce Feature Flags management UI.Tweak: Reposition "Advanced" and "Tools" menu items to be more readable on lengthy screens.Bug Fix: Sites that did not support HTTPS, but had the SSL module active, but not configured, on upgrade would get redirected to the HTTPS version of the site.Bug Fix: When the Change Admin User tool is run, update any User Groups referencing the old user id.Bug Fix: Unregister the iThemes Security Two-Factor module when the Two-Factor Feature Plugin is enabled.Bug Fix: Add missing and correct erroneous textdomains.Bug Fix: WordPress footer would appear in the middle of the logs page.

Tweak: Move "Have I Been Pwned" integration to the Core plugin.Tweak: Reduce filename length and complexity for built CSS and JS files.Bug Fix: Disable XML-RPC rules in server config files. Previously, XML-RPC was being disabled using the XML-RPC enabled filter.Bug Fix: Fatal error on logs page when User Logging and Two-Factor are enabled and a user logs in using Two-Factor.Bug Fix: Add missing constants to the debug page.Bug Fix: Fatal error when sending the "Inactive Users" notification.Bug Fix: Remove deleted recipients when saving notifications.Bug Fix: Allow using reserved words as prefixes for the Hide Backend Login Slug.Bug Fix: Enforce SSL would not redirect users from HTTP to HTTPS on the front-end of the website.Bug Fix: Correct Site Scan statuses for scans with no issues.

Bug Fix:Prevent Password Requirements being re-enabled if they were disabled before upgrading to iThemes Security 7.0, but had a group selected for them.Arguments to the implode function were reversed, causing a Fatal Error on PHP 8.Allow installing on WordPress 5.7.0, not just 5.7.1+.Ensure values passed to the TextareaListControl is an array.Don't run the dashboard migration if unneeded.Labels for Disable PHP Execution in Plugins and Themes were reversed.Activate the Geolocation module if Trusted Devices provided Geolocation API keys.