Improved .htaccess and web.config Maker. We made improvements in expiration time, on the fly file compression, CORS and server signature removal features of the .htaccess and web.config Maker. These will help you better customize your sites' server configuration files for performance and security.
Automatically suggest enabling the IP workarounds when necessary. Admin Tools will check whether a blocked IP address belongs to an internal network or CloudFlare. If so, it will suggest that you enable the IP Workarounds to let it know that it should use the forwarded IP address, not the one Apache reports as the visitor's IP.
Better unhandled error reporting in the administration interface. WordPress has an annoying feature which hides PHP error messages, even in the administration interface. While it's supposed to email you with more information, we've found that the emailed information is absolutely useless for determining what is going on beyond "oh, something must have broken". For this reason we created an error handling page of our own which gives far more useful information for troubleshooting and debugging.
Added option to disable image scaling. WordPress has a hidden feature to disable automatic image scaling. Admin Tools now displays an interface to it.
Removed DFIShield feature since it was causing too many false positives. The Direct File Inclusion Shield (DFIShield) feature was causing too many false positives to be useful. We decided to remove it altogether since it had a net negative impact on your sites' stability.
Bug fixes and minor improvements. Please take a look at the CHANGELOG below.
We officially support only the latest released version of WordPress 4.9 and 5.x.
While our software should run on any WordPress version newer than 3.8 (with several features only working fully or at all on WordPress 4.4 and later) we VERY STRONGLY recommend using the latest version of WordPress only. Newer versions of WordPress address security issues which can not be guarded against through a web application firewall / security plugin. Moreover, newer WordPress versions address bugs and features which by themselves are not security issues but can be used to facilitate the compromise of a site. For example, support for the UTF8MB4 character code may have been billed as “Emoji support” but, in fact, addresses a whole class of very sinister database attacks, hinging on the way MySQL quashes extended characters in plain UTF8 mode, which are impossible to address in a generic firewall.
In short: trying to have a secure site with old code that contains known vulnerabilities is an exercise in futility. Do the smart thing, update WordPress first, then use a security plugin to tighten your security.
We only officially support using our software with PHP 5.6, 7.2, 7.3 or 7.4. We strongly advise you to run the latest available version of PHP on a branch currently maintained by the PHP project for security reasons. Older versions of PHP have known major security issues which are being actively exploited to hack sites and they have stopped receiving security updates, leaving you exposed to these issues.
Our software should still run on PHP 7.0 and 7.1. However, we do not test with these versions and we no longer treat breaking support for these obsolete PHP versions of PHP as a bug.
Our software will not run on versions of PHP older than 5.6 such as 5.5, 5.4, 5.3 or even older.