- New: Firewall widget displaying a list of the countries with the highest number of blocked IPs- Enhance: Block IP when UA is banned- Enhance: Display IP value in the Firewall log header- Enhance: Save TOTP secret key to DB only after code verification- Enhance: Add max number of lockout records- Enhance: Add timestamp for all lockout records- Enhance: Firewall Log improvements- Enhance: User role check- Fix: Settings saved notice not dismissed automatically- Fix: Two files from Avada builder 3.8 are reported as suspicious- Fix: Broken CVSS score details of previously ignored issue

- New: Disable Google reCAPTCHA for logged-in users- Enhance: Check HTML Entity for Audit Logs- Enhance: Web Authentication notice on 2FA page- Enhance: Show CVSS score in plugin vulnerability details- Enhance: Compatibility with WordPress 6.1- Enhance: IP detection- Fix: Web Authentication during plugin upgrade- Fix: Banned usernames for existing users- Fix: Outdated manual rules for Prevent Information Disclosure- Fix: User detail doesn't match the login/logout audit logs- Fix: Defender 2FA conflicts with other plugins on Users page- Fix: Displaying users when bulk updating notifications- Fix: Masked Login not updating on My sites menu- Fix: Conflict with OptimizePress

Enhance: 2FA flow for secret keys

Fix: Encrypt 2FA secret keys

- Enhance: 2FA security improvements- Enhance: IP detection- Enhance: Replace Google fonts with Bunny fonts for GDPR compliance- Enhance: Membership detection- Fix: Defender User Agent banning

- New: Google reCAPTCHA integration with BuddyPress plugin- New: Google reCAPTCHA for WooCommerce Checkout- Enhance: Add new Delete Lockouts button- Enhance: Prevent brute force attack though 2fa- Enhance: Wildcard for User Agent- Enhance: Add new checkbox for User Agent Lockout to Firewall notification- Enhance: Disable Delete button for active theme- Enhance: Vulnerability when scanned using OWASP tools- Fix: WebAuthn not working automatically on Subsites when it is enabled in Network for Multisite- Fix: WebAuthn devices unregistered from user profile if salt keys are updated- Fix: Audit log not capturing event on few themes during login or logout- Fix: Google reCAPTCHA triggers on Rest API and prevents adding new user for WooCommerce

- New: WooCommerce integration with 2FA- New: Disable 2FA for a specific user- New: Use URL for image in 2FA > Custom Graphic- Enhance: Unsubscribe links in email notifications- Enhance: White label email notifications- Enhance: White label 2FA backup codes file- Enhance: 2FA summary section- Enhance: Configure 2FA for Super Admin users on multisite- Enhance: Check HTML Entity for 2FA > App Title- Enhance: Description for 2FA > User Roles option- Enhance: Hide Cancel-tooltip while scanning- Enhance: Include string comments for translators- Fix: 2FA throwing a blank page- Fix: Password Reset Link for user fails when Google reCAPTCHA location is set for Lost Password- Fix: Wrong Malware scan reports when there are identical plugin slugs at wp.org- Fix: Google reCAPTCHA verification fails if the form is submitted after 2 minutes - token expiration issue

- Fix: WAF status not showing correctly- Fix: Notification scheduler error- Fix: Plugin support link error

Fix: Notifications module error

- New: YubiKey Authentication- Enhance: Distinguish Pro and Free plugins with the same slug- Enhance: Mobile styling for 2FA form- Enhance: Replace the Support link with a variable- Enhance: Update the default allowlist of IP addresses- Enhance: Upgrade vendor packages- Fix: Wrong confirmation message on Firewall logs screen- Fix: Defender notification recipients aren't associated with users- Fix: Configs not applied from the Hub- Fix: Scan HUB synchronization- Fix: Notification bulk action is not working- Fix: Pwned Password updated with simple password on Profile page- Fix: Storing the MaxMind DB file path relatively instead of a full path

Fix: Beehive Pro plugin flagged issues

- New: Biometric Authentication- New: Giveaway Opt-in for Free version- Enhance: PHP version upgrade- Enhance: Compatibility with WordPress 6.0- Enhance: WP-CLI command to show Scan details- Enhance: Update SUI to the latest version- Fix: Audit events logged not showing after applying some date range

- Enhance: PHP upgrade notice- Fix: Defender column country_iso_code missing from Lockout table- Fix: Defender sets all country iso codes as NULL

Fix: All site visitors are blocked

- Enhance: Hide write permissions error notices for Tweaks while applying config- Enhance: Update the default Auth method on the Users page- Enhance: Singular or plural translation in email templates- Enhance: Login Protection and 404 Detection Section Update- Enhance: Show country flags for country-based lockouts- Fix: Update Firewall's 404 Detection blocklist and allowlist information notice- Fix: Firewall not working when Country is added to whitelist- Fix: Updating plugins with known vulnerabilities- Fix: No passcode when Fallback Email is not the default method- Fix: 404 Exclusions Inconsistent Logging- Fix: 2FA token issue- Fix: Undefined array key "HTTP_HOST"- Fix: Duplicate key name 'country_iso_code'- Fix: Welcome modal when white-label enabled- Fix: Jquery issue on Def's 2FA TOTP page

- New: Backup codes- Enhance: Text version of 2FA code- Enhance: Add Update Old Security Keys settings to config- Enhance: Automatically check for MaxMind database updates- Enhance: WP-CLI command to delete Defender logs- Enhance: Delete security tweak settings during uninstallation- Fix: IP Lockout issue- Fix: Malware Scanning PHP 8.1 error- Fix: Native domain mapping doesn't work with login masking- Fix: Firewall log export doesn't include all entries- Fix: Duplicate configs- Fix: Geo DB downloaded to WP-Admin directory- Fix: Branda conflict – Update User listed twice in logs- Fix: Notifications user search missing some users- Fix: When Defender login masking is active, SmartCrawl report URL are broken- Fix: User filter dropdown count not updating dynamically- Fix: SSO not working with login masking on multisite

- New: Create new endpoints to toggle reCAPTCHA, 2FA modules from Hub- Enhance: Update SUI to latest version- Enhance: Refactor Firewall logs- Enhance: Update admin menu icon- Enhance: Remove deprecated hooks- Enhance: Unsubscribe link doesn't work for not logged in users- Fix: Fatal error on plugin activation with PHP 8.1- Fix: Display error on Dashboard and Tools pages for huge post data- Fix: Configure reCAPTCHA without WooCommerce options- Fix: Invite By Email doesn't check if recipient already added- Fix: Email text overflows on Notification page- Fix: Defender downgrade fails

- Enhance: Add User Agent Banning to Configs- Enhance: Add User Agent ban status to Log filters- Enhance: Prevent PHP Execution exceptions- Enhance: Modify API logic to work with The Hub- Enhance: Proper validation message for Firewall IP list- Enhance: Remove outdated scheduled actions- Enhance: New WP-CLI commands for scheduled actions- Enhance: PHP 8.1 compatibility- Enhance: Hide vulnerability warnings after plugin update- Enhance: Log improvements- Enhance: False positive improvements- Fix: Blank dialogue modal shown after login- Fix: Staff user role blocked when accessing via WPMU DEV Dashboard- Fix: Malware Scanning progress 'undefined' when session expires- Fix: Login without completing reCAPTCHA conditions- Fix: Unable to upload CSV file on MU site- Fix: Error during malware scanning- Fix: Typo in Security Recommendations

Fix: Allow admin-post.php on Mask Login Area

- New: Plugin vulnerability warnings- New: Import & export User Agent list- New: Highlight new features in Welcome modal- Enhance: Update SUI to latest version- Enhance: Update Upsell buttons- Enhance: Dashboard widget changes- Enhance: Update IP Banning Import-Export icon and note- Enhance: Replace Login Protection 'Deactivate' icon- Fix: Some malicious files not flagged- Fix: Malicious plugin not detected- Fix: Defender continually creating scheduled actions- Fix: Audit Logging creating duplicate post entries- Fix: Audit Logging creating user record on multisite- Fix: Mask URL not working correctly on WordPress installed in subdirectory- Fix: reCAPTCHA error thrown on theme login modal

- New: Google reCAPTCHA integration with WooCommerce plugin- New: "What's New" modal hidden on fresh installs- Enhance: Upgrade required minimum PHP version- Enhance: Unlock active lockouts using WP CLI- Enhance: Show more detailed log with Audit Logging- Enhance: Audit Logging on subsites- Enhance: Rename Feature Policy header to Permission Policy header- Enhance: "Send notifications when Defender couldn't scan the files" not working- Enhance: Set a time limit to cancel malware scanning- Enhance: Mobile view improvements- Enhance: Add log entry when signing in with 2FA- Enhance: Change "Basic config" to "Basic Config"- Enhance: Save a post as Draft and see 3 entries created in Audit log on multisite- Enhance: Add "Activate" button instead of "Continue" when activating the Notification- Enhance: Hide malware scan filter when there is no issue- Enhance: Remove Academy link- Fix: Audit log duplicates when updating menu items- Fix: Max countdown showing 24 hours instead of 72 hours- Fix: Conflict with WooCommerce Payments- Fix: Typo in User Agent Banning Allowlist UI- Fix: Issue with 2FA flow- Fix: Getting PHP Notice / warming on malware scanning- Fix: Google reCAPTCHA for comments doesn't work with HB Lazy Load- Fix: Redirect to optimal URL on 2FA OTP success in custom login page- Fix: Incorrect Google reCAPTCHA error Code for multisite user registration- Fix: PHP version shows null inside the recommendation- Fix: Aren't able to explore Recommendations on our hosting

- New: User Agent banning- New: "What's New" modal hidden on fresh installs- Enhance: Update Firewall filters and widgets to include User Agent lockouts- Enhance: Add Countdown timer on the lockout screen- Enhance Update IP Banning Blocklist/Allowlist UI- Enhance: Update misaligned pagination on Firewall Logs page- Fix: GEOIP.PHP issue in Defender Pro- Fix: Update Malware Scanning loopback request params to same as WP core- Fix: Can't login using WooCommerce's login/registration forms when Defender reCAPTCHA is enabled- Fix: PHP version recommendation- Fix: Integrate Defender password features with activated 2FA feature- Fix: Issue with activated Mask Login Area and 2FA features- Fix: Malware Scanning reports not sent on MU sites

Fix: Firewall Locations ban issue

- New: Google reCAPTCHA for WordPress login/register/password reset pages- New: Highlight new features in welcome modal- Enhance: Compatibility with WordPress 5.8- Enhance: Update WP-CLI scan options- Enhance: Tools dashboard widget- Fix: Locations feature not working on Flywheel hosting- Fix: Warnings with PHP version 7.4- Fix: Password reset page showing if users from any subsite try to save pwned password- Fix: Guest User under Malware Scanning Notification- Fix: Various issues with notifications in Defender- Fix: Can't update email when mask login enabled- Fix: Minor typo in Dashboard modal- Fix: Issue Details section not showing code- Fix: Hide notice on Configs page