SecuPress 1.4 has arrived! After a few time without updates 1.4 is finally here. The goal of this version is to be more compatible with hosts, open the doors to the next 1.4.x and keep an eye on security topics and maybe remove things. Because a new version is not always to add, but sometimes to remove.
Hotrod is the name of the Tony Stark car and also the Codename of the Mark 22. As you may noticed, every major release version has an armor codename from Iron Man comics from Marvel.
Why Hotrod, it does not mean “hot rod” but more “hot road”, like a long journey to came here. The 1.4 is an opening to the next minor versions that will come in weeks.
What’s new
Ok so what’s new, the changelog is quite big, here’s a list with screenshots:
PHP 5.4 and WordPress 4.0 are required
Big point, formerly SecuPress was compatible with PHP 5.3 and WordPress 3.7. We decided to feed these numbers, months later, they grew up. And they will still grow for each major version. The goal is to stay at 2 major releases away from WordPress and always with a supported version of PHP.
Update your website, update your servers, update yourself!
Stop User Enumeration
New Free Feature! It’s a demand from users, blocking user enumeration and author pages is asked since a few months. We did it, blocking the REST API user enumeration and blocking the author pages.
Ban 404 on .php
New Free Feature! Same, a demand form users on contact and support form. When a wave of attack is performed, hackers’ bots will try to check if your website contains that or this file. Those file are .php, if they can access to it, they will exploit you. But if your website is not vulnerable (thanks to SecuPress), don’t even let them try to visit and crawl your website : ban their IP right now automatically!
Block Fake SEO Bots
New Free Feature! And same again, a demand from users. The goal is to block bots that try to say “hey let me in, I’m …GoogleBot?!” We check if it’s a real bot, not only from Google but also Yahoo, Bing, Facebook, DuckDuckGo, Baidu, Yandex, Alexa …
Licence Keys
You can now use 2 PHP constants named SECUPRESS_API_EMAIL and SECUPRESS_API_KEY to set your licence. If set, the licence will automatically activate itself, also the full licence block will be hidden. You can also use the new SECUPRESS_HIDE_API_KEY can be used.
Pro tip, if you use this trick with the free version, the pro one will be downloaded, installed, activated and licence activated too, wonderful.
New Filters
secupress.pre_scan.$classto shortcut any scannersecupress.get_emailto change the email when sendingsecupress.nginx.noticeto prevent Nginx notices to popsecupress.settings.load_plugin.$pluginto prevent a full block of settings to be displayedsecupress.settings.field.$args['name']to hide an option from a setting block
Remove Some Stuff
Because the security in 2015 in not the same in 2018, we removed outdated scanners and features : REST API Blocking, Non Login Time Slot, DirectoryIndex, Disallow unfiltered HTML, you don’t need that anymore.
Small Changes
- The PRO version is now required to auto-fix issues on step 2 in the scanner.
- When Pro is active, you’ll see a small yellow Ezio (the eagle) logo on each pro feature, so you know what is a pro feature.
- Change the way we display the anti sqli scanner code, more lorem, more ipsum, less random
- Change the way we load Move Login to prevent any “404 management” plugin to generate conflict
- Move Login will now let the priority to “WPS Hide Login” and “SF Move Login”
- Move Login will now redirect into the dashboard if the user is logged in
- We do not log banned IPs anymore
- Remove the hardcoded ads to add a more useful sidebar
The Future
In a very next future, versions 1.4.x will be released with a revamped Antispam API, revamped Logs module, revamped Backups module, revamped Malware scan module, revamped smart plugin whitelist, revamped vulnerable and old plugins & themes, revamped dashboard and settings page, new features like content Malware Scanning, change DB prefix manually, CSP, …
Update your SecuPress versions now!
