- Enhancement: Improve AntiBot Stats endpoint
- Enhancement: Improve handling of response data in the Audit API
- Enhancement: Update malware signatures
- Enhancement: Improve suspicious issue view on the Malware Scanning page
- Enhancement: Include selected presets in the User Agent blocklist during export
- Fix: Error when filtering the Firewall logs
- Fix: Error when switching languages with WPML while Bot Trap is enabled
- Fix: Strong Passwords do not work when Mask Login URL is enabled
- Fix: Colored elements appear on Defender admin pages when High Contrast Mode is enabled
- Fix: Exported Firewall logs do not follow the selected sort order
- New: WooCommerce and BuddyPress integrations in Cloudflare Turnstile
- Enhancement: Compatibility with PHP 8.4
- Enhancement: Update malware signatures
- Enhancement: Update ALTCHA functionality
- Enhancement: Improve plugin code style using PHPStan
- Enhancement: Refactor CAPTCHA file structure
- Enhancement: Add Thinkbot user agent to Blocklist Presets
- Enhancement: Display the readme file on the Malware Scanning page after it is renamed
- Enhancement: Add new "Outdated and closed plugin" key to the config structure
- Fix: Prevent audit logs from being created when updating a user profile without changes
- Fix: Backslash character in salt generator can break the site
- Fix: Update copy for Mask URL block page
- Fix: Hide Settings > General > "More info" link when Whitelabel is enabled
- Fix: Inconsistent validation in CAPTCHA when the Preview test is not passed
- Fix: IP address and event type filters not working in the audit log export file
- Fix: Masked Login URL slug validation after activation
- New: Detect suspicious code in JavaScript files during Malware Scanning
- Enhance: Prevent false lockouts when requests contain mixed Facebook/Twitterbot user agents
- Enhance: Update Axios and form-data package versions
- Enhance: Update malware signatures
- Enhance: Split Bulk checkboxes between tabs on Malware Scanning page
- Enhance: Display Disconnect Site button on Defender’s general settings screen
- Enhance: Improve plugin code style using PHPStan
- Enhance: Improve UI for background Malware Scanning
- Enhance: Restore reCAPTCHA class alias for backward compatibility
- Enhance: Add new audit logging events
- Enhance: Migrate notification events to the centralized Cron Manager
- Enhance: Migrate common plugin events to the centralized Cron Manager
- Fix: Update .htaccess rules for LiteSpeed servers
- Fix: Duplicate user agent records in robots.txt
- Fix: Extra space and hidden Google reCAPTCHA field shown on multisite registration page
- Fix: Duplicates of Ignored Scan issues
- Fix: Deprecation warnings from the thecodingmachine/safe package in PHP 8.4
- Fix: Quarantine activation link does not work in the free version
- Fix: Incorrect "Configure" button flow in the Firewall widget on the Dashboard
- Fix: UI improvements
- New: Cloudflare Turnstile integration
- Enhance: Compatibility with WordPress 6.9
- Enhance: Redesigned CAPTCHA menu
- Enhance: Optimize database performance on multisite
- Enhance: Add additional widget IDs on Defender’s Dashboard page
- Enhance: Add new hooks to simplify Audit testing and Firewall logs deletion
- Enhance: Update minimum supported PHP version to 8.0
- Enhance: Disable New Scan button until the background scan is complete
- Enhance: Migrate Security Recommendations multisite events to the centralized Cron Manager system
- Enhance: Migrate Malware Scanning multisite events to the centralized Cron Manager system
- Enhance: Tracking improvements
- Fix: Masking URL displays a notice when using a slug already assigned to another page
- Fix: Defender not detecting some outdated plugins
- Fix: Recommended PHP version appears as NULL on WP Engine hosting
- Fix: Default Security Config name and description not saving properly
- Fix: Malicious Bot Detector blocking Facebook Sharing Debugger bot
- New: Malicious Bot Detector
- New: WooCommerce integration with Defender > Strong Password
- Enhance: Migrate Audit multisite events to the centralized Cron Manager system
- Enhance: Migrate Firewall multisite events to the centralized Cron Manager system
- Enhance: Improve plugin detection logic to exclude plugins not from wp.org
- Enhance: Remove AntiBot IP list after site disconnection
- Enhance: Add rel="nofollow" to Bot Trap URL
- Enhance: Hide Blocklist Checker and AntiBot Stats button when Whitelabel is enabled
- Enhance: Sync with the Custom IP Block/Allow list across different hosting memberships
- Enhance: Add parameter to WP-CLI Scan command for outdated and closed plugins
- Enhance: Add audit logging event to detect Hub SSO login
- Enhance: Improve plugin code style using PHPStan and ESLint rules
- Fix: Web Authentication improvements
- Fix: Security Recommendations > Security key value not saved
- Fix: Defender not adding noindex tag to secret link of Bot Trap
- Fix: Notification hints not displaying properly
- Fix: Issue on Firewall Logs page when logging in with an expired session using the default WordPress login modal
- Fix: Defender country blocklist not working for EU region and UK
- Enhance: Change Outdated Plugin threshold to 2 Years
- Enhance: Create hook to customize Outdated Plugin threshold
- New: Detection of outdated and removed plugins in scans
- New: Scan process runs in the background
- Enhance: Display User Agent name in Bot Trap logs
- Enhance: Improve Blocklist Lockout with updates for the move_uploaded_file function
- Enhance: Update YARA rules for better Malware detection
- Enhance: Tab improvements in Security Headers
- Enhance: Improve WooCommerce compatibility with Force Strong and Pwned Password features
- Enhance: Enable "Unlock Me" option by default on AntiBot activation
- Enhance: Migrate "audit_clean_up_logs" multisite event to the centralized Cron Manager system
- Enhance: Rename "File Change Detection" to "Issue Type" on the Malware Scanning page
- Enhance: Remove "In progress" upsell during onboarding
- Enhance: Improve flow for expired members
- Enhance: Improve code style in Defender core
- Fix: Defender Bot Trap causing invalid robots.txt
- Fix: Blank Defender > Get Started page when WPMU DEV branding is enabled
- Fix: Error on WooCommerce > Login page when logging in using a weak password and Strong Passwords option is enabled
- Fix: Improve Vulnerability Scan for free and premium plugins using the same slug
- Fix: Default login pages return error 500 instead of 403 when Mask Login area is active and configured
- Enhance: Add a button to direct the users to the AntiBot Statistics page
- Enhance: Improve Bot Trap flow
- Fix: UI Improvements