- New: Firewall widget displaying a list of the countries with the highest number of blocked IPs

- Enhance: Block IP when UA is banned

- Enhance: Display IP value in the Firewall log header

- Enhance: Save TOTP secret key to DB only after code verification

- Enhance: Add max number of lockout records

- Enhance: Add timestamp for all lockout records

- Enhance: Firewall Log improvements

- Enhance: User role check

- Fix: Settings saved notice not dismissed automatically

- Fix: Two files from Avada builder 3.8 are reported as suspicious

- Fix: Broken CVSS score details of previously ignored issue

- New: Disable Google reCAPTCHA for logged-in users

- Enhance: Check HTML Entity for Audit Logs

- Enhance: Web Authentication notice on 2FA page

- Enhance: Show CVSS score in plugin vulnerability details

- Enhance: Compatibility with WordPress 6.1

- Enhance: IP detection

- Fix: Web Authentication during plugin upgrade

- Fix: Banned usernames for existing users

- Fix: Outdated manual rules for Prevent Information Disclosure

- Fix: User detail doesn't match the login/logout audit logs

- Fix: Defender 2FA conflicts with other plugins on Users page

- Fix: Displaying users when bulk updating notifications

- Fix: Masked Login not updating on My sites menu

- Fix: Conflict with OptimizePress

Enhance: 2FA flow for secret keys

Fix: Encrypt 2FA secret keys

- Enhance: 2FA security improvements

- Enhance: IP detection

- Enhance: Replace Google fonts with Bunny fonts for GDPR compliance

- Enhance: Membership detection

- Fix: Defender User Agent banning

- New: Google reCAPTCHA integration with BuddyPress plugin

- New: Google reCAPTCHA for WooCommerce Checkout

- Enhance: Add new Delete Lockouts button

- Enhance: Prevent brute force attack though 2fa

- Enhance: Wildcard for User Agent

- Enhance: Add new checkbox for User Agent Lockout to Firewall notification

- Enhance: Disable Delete button for active theme

- Enhance: Vulnerability when scanned using OWASP tools

- Fix: WebAuthn not working automatically on Subsites when it is enabled in Network for Multisite

- Fix: WebAuthn devices unregistered from user profile if salt keys are updated

- Fix: Audit log not capturing event on few themes during login or logout

- Fix: Google reCAPTCHA triggers on Rest API and prevents adding new user for WooCommerce

- New: WooCommerce integration with 2FA

- New: Disable 2FA for a specific user

- New: Use URL for image in 2FA > Custom Graphic

- Enhance: Unsubscribe links in email notifications

- Enhance: White label email notifications

- Enhance: White label 2FA backup codes file

- Enhance: 2FA summary section

- Enhance: Configure 2FA for Super Admin users on multisite

- Enhance: Check HTML Entity for 2FA > App Title

- Enhance: Description for 2FA > User Roles option

- Enhance: Hide Cancel-tooltip while scanning

- Enhance: Include string comments for translators

- Fix: 2FA throwing a blank page

- Fix: Password Reset Link for user fails when Google reCAPTCHA location is set for Lost Password

- Fix: Wrong Malware scan reports when there are identical plugin slugs at wp.org

- Fix: Google reCAPTCHA verification fails if the form is submitted after 2 minutes - token expiration issue

- Fix: WAF status not showing correctly

- Fix: Notification scheduler error

- Fix: Plugin support link error

Fix: Notifications module error

- New: YubiKey Authentication

- Enhance: Distinguish Pro and Free plugins with the same slug

- Enhance: Mobile styling for 2FA form

- Enhance: Replace the Support link with a variable

- Enhance: Update the default allowlist of IP addresses

- Enhance: Upgrade vendor packages

- Fix: Wrong confirmation message on Firewall logs screen

- Fix: Defender notification recipients aren't associated with users

- Fix: Configs not applied from the Hub

- Fix: Scan HUB synchronization

- Fix: Notification bulk action is not working

- Fix: Pwned Password updated with simple password on Profile page

- Fix: Storing the MaxMind DB file path relatively instead of a full path

Fix: Beehive Pro plugin flagged issues

- New: Biometric Authentication

- New: Giveaway Opt-in for Free version

- Enhance: PHP version upgrade

- Enhance: Compatibility with WordPress 6.0

- Enhance: WP-CLI command to show Scan details

- Enhance: Update SUI to the latest version

- Fix: Audit events logged not showing after applying some date range

- Enhance: PHP upgrade notice

- Fix: Defender column country_iso_code missing from Lockout table

- Fix: Defender sets all country iso codes as NULL

Fix: All site visitors are blocked

- Enhance: Hide write permissions error notices for Tweaks while applying config

- Enhance: Update the default Auth method on the Users page

- Enhance: Singular or plural translation in email templates

- Enhance: Login Protection and 404 Detection Section Update

- Enhance: Show country flags for country-based lockouts

- Fix: Update Firewall's 404 Detection blocklist and allowlist information notice

- Fix: Firewall not working when Country is added to whitelist

- Fix: Updating plugins with known vulnerabilities

- Fix: No passcode when Fallback Email is not the default method

- Fix: 404 Exclusions Inconsistent Logging

- Fix: 2FA token issue

- Fix: Undefined array key "HTTP_HOST"

- Fix: Duplicate key name 'country_iso_code'

- Fix: Welcome modal when white-label enabled

- Fix: Jquery issue on Def's 2FA TOTP page

- New: Backup codes

- Enhance: Text version of 2FA code

- Enhance: Add Update Old Security Keys settings to config

- Enhance: Automatically check for MaxMind database updates

- Enhance: WP-CLI command to delete Defender logs

- Enhance: Delete security tweak settings during uninstallation

- Fix: IP Lockout issue

- Fix: Malware Scanning PHP 8.1 error

- Fix: Native domain mapping doesn't work with login masking

- Fix: Firewall log export doesn't include all entries

- Fix: Duplicate configs

- Fix: Geo DB downloaded to WP-Admin directory

- Fix: Branda conflict – Update User listed twice in logs

- Fix: Notifications user search missing some users

- Fix: When Defender login masking is active, SmartCrawl report URL are broken

- Fix: User filter dropdown count not updating dynamically

- Fix: SSO not working with login masking on multisite

- New: Create new endpoints to toggle reCAPTCHA, 2FA modules from Hub

- Enhance: Update SUI to latest version

- Enhance: Refactor Firewall logs

- Enhance: Update admin menu icon

- Enhance: Remove deprecated hooks

- Enhance: Unsubscribe link doesn't work for not logged in users

- Fix: Fatal error on plugin activation with PHP 8.1

- Fix: Display error on Dashboard and Tools pages for huge post data

- Fix: Configure reCAPTCHA without WooCommerce options

- Fix: Invite By Email doesn't check if recipient already added

- Fix: Email text overflows on Notification page

- Fix: Defender downgrade fails

- Enhance: Add User Agent Banning to Configs

- Enhance: Add User Agent ban status to Log filters

- Enhance: Prevent PHP Execution exceptions

- Enhance: Modify API logic to work with The Hub

- Enhance: Proper validation message for Firewall IP list

- Enhance: Remove outdated scheduled actions

- Enhance: New WP-CLI commands for scheduled actions

- Enhance: PHP 8.1 compatibility

- Enhance: Hide vulnerability warnings after plugin update

- Enhance: Log improvements

- Enhance: False positive improvements

- Fix: Blank dialogue modal shown after login

- Fix: Staff user role blocked when accessing via WPMU DEV Dashboard

- Fix: Malware Scanning progress 'undefined' when session expires

- Fix: Login without completing reCAPTCHA conditions

- Fix: Unable to upload CSV file on MU site

- Fix: Error during malware scanning

- Fix: Typo in Security Recommendations

Fix: Allow admin-post.php on Mask Login Area

- New: Plugin vulnerability warnings

- New: Import & export User Agent list

- New: Highlight new features in Welcome modal

- Enhance: Update SUI to latest version

- Enhance: Update Upsell buttons

- Enhance: Dashboard widget changes

- Enhance: Update IP Banning Import-Export icon and note

- Enhance: Replace Login Protection 'Deactivate' icon

- Fix: Some malicious files not flagged

- Fix: Malicious plugin not detected

- Fix: Defender continually creating scheduled actions

- Fix: Audit Logging creating duplicate post entries

- Fix: Audit Logging creating user record on multisite

- Fix: Mask URL not working correctly on WordPress installed in subdirectory

- Fix: reCAPTCHA error thrown on theme login modal

- New: Google reCAPTCHA integration with WooCommerce plugin

- New: "What's New" modal hidden on fresh installs

- Enhance: Upgrade required minimum PHP version

- Enhance: Unlock active lockouts using WP CLI

- Enhance: Show more detailed log with Audit Logging

- Enhance: Audit Logging on subsites

- Enhance: Rename Feature Policy header to Permission Policy header

- Enhance: "Send notifications when Defender couldn't scan the files" not working

- Enhance: Set a time limit to cancel malware scanning

- Enhance: Mobile view improvements

- Enhance: Add log entry when signing in with 2FA

- Enhance: Change "Basic config" to "Basic Config"

- Enhance: Save a post as Draft and see 3 entries created in Audit log on multisite

- Enhance: Add "Activate" button instead of "Continue" when activating the Notification

- Enhance: Hide malware scan filter when there is no issue

- Enhance: Remove Academy link

- Fix: Audit log duplicates when updating menu items

- Fix: Max countdown showing 24 hours instead of 72 hours

- Fix: Conflict with WooCommerce Payments

- Fix: Typo in User Agent Banning Allowlist UI

- Fix: Issue with 2FA flow

- Fix: Getting PHP Notice / warming on malware scanning

- Fix: Google reCAPTCHA for comments doesn't work with HB Lazy Load

- Fix: Redirect to optimal URL on 2FA OTP success in custom login page

- Fix: Incorrect Google reCAPTCHA error Code for multisite user registration

- Fix: PHP version shows null inside the recommendation

- Fix: Aren't able to explore Recommendations on our hosting

- New: User Agent banning

- New: "What's New" modal hidden on fresh installs

- Enhance: Update Firewall filters and widgets to include User Agent lockouts

- Enhance: Add Countdown timer on the lockout screen

- Enhance Update IP Banning Blocklist/Allowlist UI

- Enhance: Update misaligned pagination on Firewall Logs page

- Fix: GEOIP.PHP issue in Defender Pro

- Fix: Update Malware Scanning loopback request params to same as WP core

- Fix: Can't login using WooCommerce's login/registration forms when Defender reCAPTCHA is enabled

- Fix: PHP version recommendation

- Fix: Integrate Defender password features with activated 2FA feature

- Fix: Issue with activated Mask Login Area and 2FA features

- Fix: Malware Scanning reports not sent on MU sites

Fix: Firewall Locations ban issue

- New: Google reCAPTCHA for WordPress login/register/password reset pages

- New: Highlight new features in welcome modal

- Enhance: Compatibility with WordPress 5.8

- Enhance: Update WP-CLI scan options

- Enhance: Tools dashboard widget

- Fix: Locations feature not working on Flywheel hosting

- Fix: Warnings with PHP version 7.4

- Fix: Password reset page showing if users from any subsite try to save pwned password

- Fix: Guest User under Malware Scanning Notification

- Fix: Various issues with notifications in Defender

- Fix: Can't update email when mask login enabled

- Fix: Minor typo in Dashboard modal

- Fix: Issue Details section not showing code

- Fix: Hide notice on Configs page