* Fix: a TypeError in the 2FA query builder that could occur when updating from older plugin versions
* Fix: all users will now appear in the 2FA list
* Fix: paths for advanced-headers.php and firewall config are now correctly updated during site migration
* Fix: PHP 8.4 deprecation notices
* Fix: tasks will now always display on multisite
* Fix: skip/don't ask again is now hidden for users who already configured passkeys
* Improvement: the activate_ssl WP-CLI command can now be run with the --force argument to skip confirmation
* Improvement: passkeys can now be used as a stand-alone feature
* Improvement: standardized REST namespaces to really-simple-security
* Fix: activating the Pro and Multisite plugin at the same time will no longer throw a fatal error
* Fix: added a check for the getmyuid function to prevent errors in case this function was missing
* Fix: Right-To-Left CSS now works correctly when SCRIPT_DEBUG is enabled
* Fix: Prevent empty content to be written into htaccess
* Fix: Prevented .htaccess from being overwritten with an empty file, auto-creation now requires explicit filter opt-in
* Fix: removed unnecessary call to install() in firewall constructor
* Fix: header_length_ok() now uses options instead of transients for caching
* Fix: user agent and 404 detection are now excluded on cron requests
* Fix: added a check to prevent a typeError in generating htaccess rules
* Improvement: reworked .htaccess handling with insert_with_markers and improved WP Rocket integration.
* Improvement: moved firewall rules to separate firewall.php with dedicated rule classes.
* Improvement: SBOM added to plugin.
* Improvement: corrected spelling, grammar, and consistency issues in plugin strings; updated geopolitical terms.
* Fix: replaced accidental Dutch word in 2FA datatable with correct English translation.
* Fix: resolved PHP 8.4 deprecation warnings while maintaining compatibility with PHP 7.4–8.4.
* Fix: whitelisted LiteSpeed Cache crawler in .htaccess to prevent redirect issues.
* Fix: corrected 2FA grace period email logic to avoid sending reminders to users with active 2FA.
* Fix: updated hosting provider name from "XXL Hosting" to "Superspace".
* Improvement: improved compatibility with plain permalinks.
* Improvement: handling of user agents in the firewall.
* Improvement: auto cleanup 404 watchlist via cron job.
* Improvement: updated links in the plugin.
* Improvement: made various improvements to CSP learning mode.
* Fix: handled a case where the user ID could be empty in 2FA.
* Fix: learn more button in vulnerability e-mail link now links to the correct page.
* Fix: fixed an issue where rsssl_user_can_manage could be undefined when downloading the system status.
* Fix: changed a constant from uppercase to lowercase.
* Fix: Adjusted .htaccess redirect requirements for subfolder configurations
* Fix: re-send e-mail button on the 2FA page will now show a message when the e-mail is sent.
* Fix: restored SCSS files.
* Fix: fixed an issue where the plugin kept redirecting to its settings page after activation.
* Improvement: limit login attempts will now also trigger on password reset pages.
* Improvement: updated the way other plugins are installed via the onboarding and dashboard page.
* Improvement: added notice with an option to force verify e-mail address.
* Improvement: updated minimum WordPress version to 6.6.