Author: AITpro Admin
Published: April 22, 2015
Updated: April 22, 2015
Core Improvements|Enhancements: AutoRestore (ARQ) Automation
The Core functionality of ARQ Automation is still the same. Improvements|Enhancements and additional Theme upgrade and installation automation handling were added for both standard single site and Network|Multisite installations of WordPress. The displayed BPS Pro AutoRestore (ARQ) Automatic Shutdown & Backup Notice has been changed. The ARQ successful completion Notice has been changed. WordPress Automatic update Security Log logging minor format|text changes.
• WordPress Automatic updates: AutoRestore automatically handles background WordPress Automatic updates seamlessly. No further action is required by you.
• Manually upgrading WordPress by clicking the update now link on the WordPress Updates page: AutoRestore automatically handles this seamlessly. No further action is required by you.
• Manually upgrading or installing a Theme on the WordPress Updates page or Themes page: Requires one click by you to allow ARQ Automation to continue and complete.
• Manually upgrading a Plugin on the WordPress Updates page: Requires one click by you to allow ARQ Automation to continue and complete.
10.2 BPS Pro AutoRestore (ARQ) Automatic Shutdown & Backup Notice displayed on the WordPress Updates page
10.2 BPS Pro ARQ successful completion Notice on the WordPress About page
|
Login Security New Option and Core Functionality Improvements
New Option Attempts Remaining: You can choose to display a “Login Attempts Remaining X” message when an incorrect password is entered. X is the total number of login attempts left/remaining before the User Account is locked. This new option is enabled by default during BPS Pro upgrades and new installations.
Core Functionality Improvements: When a User Account is locked out and previous User Account logins were logged|stored in the DB, those previously logged logins and data for those DB Rows is not changed|updated and instead a new DB Row is inserted. This allows for better chronological login tracking and monitoring. Affects both Logging Options – Log All Account Logins and Log Only Account Lockouts options and allows for switching between these Logging Options without affecting functionality or causing issues/problems. |
New Bonus Custom Code|Bonus Custom Code Dismiss Notice function Consolidation
Bonus Custom Code Dismiss Notice Consolidation: Combined|consolidated all Bonus Custom Code Notices into 1 Bonus Custom Code Notice function with 1 displayed Notice message instead of having several different displayed Notices. Each Bonus Custom Code contains a link to the Bonus Custom Code and a Dismiss Notice link.
Referer Spammers|Phishing Protection
Mime Sniffing, Data Sniffing, Content Sniffing, Drive-by Download Attack Protection
External iFrame and Clickjacking Protection |
Core Addition: New Heads Up Static Alert Checks: /plugins/index.php Code Injection file check & /uploads/index.php file check
These are known common hacking attack vectors. Both of these attack vectors are already protected against by UAEG and the Plugin Firewall. These additional checks are more for detection|EP|EW|alerting purposes. Checks the /uploads folder for an index.php file. The /uploads folder does not have an index.php by default. Check the /plugins folder index.php file for Code Injections. |
BugFixes|Code Corrections|Enhancements|Misc|CSS|Visual|Other:
• System Info page conditional check added for: gc_enabled & gc_collect_cycles functions.
• WP Toolbar Functionality In BPS Plugin Pages: Default Network/Multisite menu items (nodes) added.
• DB Backup: Backup Files Download|Delete Form scrollable table added and additional Read Me help information added.
• POST Forms Undefined index php errors in BPS Pro Status Display function.
• Undefined offset php error in P-Security Diagnostic Checks.
• WP 4.2 Bug Reported|Ticket created with POC and solution provided: WP 4.2 hash anchor Bug Hash anchors were being stripped of URI’s. Solution provided to WP folks. Solution implemented by WP folks. No other issues or problems found with WP 4.2 and BPS Pro versions.
• WP flush_rewrite_rules function added to BPS Pro plugin uninstall function. Creates new default generic WP root htaccess file on BPS Pro plugin uninstall.
• Dismiss Notice link correction when basename == wp-admin on first Dashboard login.
• Setup Wizard: Additional Activation Key valid|invalid check (CSS|js) Error message with animated arrow gif. |
|
Tags: BPS Pro 10.2 Whats New, BulletProof Security 10.2 Whats New
Categories: BulletProof Security Pro