Security & Malware scan by CleanTalk


Security features

  • Security FireWall to filter access to your site by IP, Networks or Countries
  • Web Application Security Firewall
  • Security Malware scanner with AntiVirus functions
  • Daily auto malware scan
  • Stops brute force attacks to hack passwords(Like Fail2ban)
  • Stops brute force attacks to find WordPress accounts(Like Fail2ban)
  • Limit Login Attempts
  • Security Protection for WordPress login form
  • Security Protection for WordPress backend
  • Security daily report to email
  • Security audit log
  • Security Real-time traffic monitor
  • Checking Outbound Links
  • Two Factor Authentication
  • No Malware – No Google Penalties. Give your SEO boost.
  • Custom wp-login URL
  • Notifications of administrator users authorizations to your website
  • Backend PHP logs
  • Hide Login Default Login Page

CleanTalk is a Cloud security service that protects your website from online threats and provides you great security instruments to control your website security. We provide detailed security stats for all of our security features to have a full control of security. All security logs are stored in the cloud for 45 days.

Security FireWall by CleanTalk is a free plugin which works with the premium Cloud security service This security plugin as a service

Malware always becomes a headache for site owners. If you don’t regularly check for malware, it will be able to work insensibly a lot of time and damage your reputation. If you prevent malware attacks before they happen, you will be able to save your resources.

What is malware and why does it matter to your business? Malware is malicious code that performs actions for hackers. If your site has been infected with malware it will be able a problem for customer trust and their personal details. First, you need to scan your site to confirm the malware exists. The next step you should fix all files with malware.

Limit Login Attempts

Limit Login Attempts – is a part of brute-force protection and security firewall.

Security Firewall has a limit for requests to your website (by default 1000 requests per hour, so you can change it) and if any IP exceed this threshold it will be added to security firewall for next 24 hours. It allows you to break some of the DDoS attacks.

Brute Force Protection

It adds a few seconds delay for any failed attempt to login to WordPress admin area. WordPress Security & Firewall by CleanTalk makes access to your website more secure. Service will check your security log once per hour and if some IP’s have 10 and more attempts to log in per hour, then these IP’s will be banned for next 24 hours.

Security Audit Log keeps track of actions in the WP Dashboard to let you know what is happening on your blog.
With the Security Audit Log is very easy to see user activity in order to understand what changes have done and who made them.
Security Audit Log shows who logged in and when and how much time they spent on each page.

Security Traffic Control

CleanTalk security Traffic Control will track every single visitor no matter if they are using JavaScript or not and provides many valuable traffic parameters.

Another option in Security Traffic Control – “Block user after requests amounts more than” – blocks access to the site for any IP that has exceeded the number of HTTP requests per hour. If this number of requests will be exceeded, this IP will be added to the Security FireWall Black List for 24 hours.

Security Firewall

To enhance the security of your site, you can use the CleanTalk Security FireWall, which will allow you to block access by HTTP/HTTPS to your website for individual IP addresses, IP networks and block access to users from specific countries. Use personal BlackList to block IP addresses with a suspicious activity to enhance the WordPress security.

Security FireWall may significantly reduce the risk of hacking and reduces the load on your web server.

CleanTalk Security is fully compatible with the most popular VPN services.
Also, CleanTalk security supports all search engines Google, Bing, Yahoo, Baidu, MSN, Yandex and etc.

Security Malware Scanner

Scans WordPress files for hacker files or code for hacker code.

Security Malware Scanner runs manually in the settings. All of the results will send in your Security CleanTalk Dashboard with the details and you will be able to investigate them and see if that was a legitimate change or some bad code was injected.

CleanTalk Antivirus protects your website from viruses and deletes infected code from files. Antivirus scans not only WP core, it will check all of the files on your WordPress. Heuristics antivirus scan allows finding malware/viruses code by bad php constructions.

CleanTalk Security has a “Feedback System” for analyzing suspicious files. This is the client-server feature in CleanTalk Security that allows sending suspicious files from the WordPress backend to CleanTalk cloud.

Security Malware Scanner shows a list of suspicious files and you can view code that was indicated as bad. If you don’t have programming experience and don’t know, is there security issue or not, you will be able to send some files to CleanTalk and we will check them for malware code. After checking we will send you an email notification with results, is there viruses or not.

Every day, CleanTalk Security Malware Scanner will check new files and files that have been changed from the last scanning.

Please, look at our guide How malware file analysis works.
About Scanner Feedback System

Security Malware Heuristic Check

This option allows you to check files of plugins and themes with heuristic analysis. Probably it will find more than you expect.

Security Malware scanner to find SQL Injections

The CleanTalk Security Malware Scanner allows you to find code that allows performing SQL injection. It is this problem that the scanner solves.

CleanTalk Web Application FireWall for WordPress Security Plugin

The main purpose of Security Web Application FireWall is to protect the Web application from unauthorized access, even if there are critical vulnerabilities.

Security Web Application FireWall catches all requests to your website and checks HTTP parameters that include: SQL Injection, Cross Site Scripting (XSS), uploading files from non-authorised users, PHP constructions/code, the presence of malicious code in the downloaded files.

In addition to effective information security and information security applications are required to know what is quality of protection and CleanTalk Security has logged all blocked requests that allow you to know and analyze accurate information. You can see your Cleantalk Security Logs in your Control panel.

Security CleanTalk Web Application FireWall for WordPress is the proactive defense against known and unknown vulnerabilities to prevent hacks in real-time.

Learn more how to set up and test
About Security Web Application Firewall

Improve your website security with Two Factor Authentication

It requires a bit of your time but Two Factor (2 Step) Authentication immediately gives a much higher level of security.

With your first authorization, the CleanTalk Security plugin remembers your browser and you won’t have to input your authorization code every time anymore. However, if you started to use a new device or a new browser then you are required to input your security authorization code. CleanTalk security plugin will remember your browser for 30 days.

Change the URL of the wp-login page

This option helps you change the default wp-login URL. Hackers use scripts for massive brute-force attacks, and since most sites use a default login page URL, hackers configure scripts for such URLs. When you change the URL of the authorization page, hackers will not have the opportunity to perform brute-force attacks in scripts in automatic mode.

To enable the option, go to the WP Dashboard plugin settings -> Settings -> Security by CleanTalk -> General Settings and check box Change address to login script. Then add a new URL and click Save Settings.
This option does not change files and does not rewrite URLs in system files. To return the address of the default authorization page, it is enough to disable the option in the plugin settings or set a new value.

If you are using caching plugins, then you need to add a new authorization page in the caching exceptions.

Can I use CleanTalk Security and Wordfence together

Sure, you can use CleanTalk Security and Wordfence. Quite often we get question from our customers, will there be a conflict between CleanTalk and Wordfence? We tested CleanTalk Security and Wordfence working together and they work without any conflicts.

Email Notifications when administrators are logged in

We added this option to our security plugin. Now you can receive notifications if you want to know about an unauthorized entrance to your WP Dashboard.

Notification will be sent only when a user was able to authorize entering login and password. If you are logged into the admin panel from the saved session, then the alert won’t be sent.

You can enable the option “Receive notifications for admin authorizations in your CleanTalk Dashboard. Choose “Site Security” in the “Services” menu, then click “Settings”.

Can CleanTalk Security protect from DDoS?

Security FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, Security FireWall blocks all requests from bad IP addresses. If your website under DDoS attack you will be able to add IPs to your personal BlackList to block all Post and GET requests.

`Send additional HTTP headers` option

There are several additional http-headers which added to the every http-requests by the plugin if this option is enabled:
– “X-Content-Type-Options” improves the security of your site (and your users) against some types of drive-by-downloads.
– “X-XSS-Protection” header improves the security of your site against some types of XSS (cross-site scripting) attacks.
– “Strict-Transport-Security” response header (often abbreviated as HSTS) informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
– “Referrer-Policy” make the Referer http-header transferring more strictly.


  • Firewall log tab. The log includes detailed info about each of visitor that reached the site and his firewall check status. Also show Traffic Control activity for the user.
  • Security Log tab. The log includes list of Brute force attacks or failed logins and list of successful logins for up to 45 days. The plugin keeps the log on CleanTalk servers to make the log not accessible for hackers.
  • General settings tab. Here you can manage all the plugin settings.
  • General settings - authentication and log in. Here you can manage Brute-Force protection, 2FA auth and change login URL.
  • General settings - firewall. Here you can manage Firewall modules and Traffic Control settings.
  • General settings - scanner. Here you can manage automatic scanner start, types of checks, directories exclusions for scanner and enable important files monitoring.
  • General settings - admin bar. Here you can set behavior of admin bar module.
  • Admin bar. How the admin bar module looks.
  • General settings - trusted text. Here you can manage your affiliate links and trusted text shown for visitors.
  • Trusted text. How the trusted text looks.
  • Malware scanner tab. Here you can scan all WordPress files for malicious and suspicious code and see the result.
  • Malware scanner results - critical. There is a list of files that contains dangerous code or malware signatures.
  • Malware scanner results - suspicious. There is a list of files that contains suspicious code.
  • Malware scanner results - approved. There is a list of files that were approved by user, Cloud analysis or CleanTalk team.
  • Malware scanner results - analysis log. There is a list of files that were sent for Cloud Malware Scanner analysis and their status.
  • Malware scanner results - unknown. There is a list of files that contain no malware, but they are not a part of WordPress core or plugins/themes.
  • Malware scanner results - cured. There is a list of files that have been automatically cured.
  • Malware scanner results - frontend malware. There is a list of frontend pages that contains malicious HTML/JavaScript code.
  • Malware scanner results - unsafe permissions. There is a list of files that could be reached by a hacker because of unsafe permission set.
  • Malware scanner results - file monitoring. There is a list of important files and their snapshots. You can use this to know if they were changed.
  • Malware scanner results - snapshot. How the important file snapshot looks.
  • Malware scanner results - PFD report. How the PDF report of scan results looks.
  • Backups interface. How the backups interface looks.
  • Summary tab. The general info about the plugin state.
  • Templates interface. Using this interface you can apply the settings from another site of your CleanTalk account or a template saved before.
  • Example of blocking page - Firewall. If the visitor IP is in hazardous net list or blacklisted in your personal list, he will see this screen.
  • Example of blocking page - XSS. If the visitor attempts to implement XXS, he will see this screen.
  • Example of blocking page - SQL. If the visitor attempts to implement SQL injection, he will see this screen.
  • Example of blocking page - Brute-Force. If the visitor tried to use wrong credentials for many times, he will see this screen.
  • Example of blocking page - Traffic Control. If the visitor has requested site pages too often, he will see this screen.


Why are they attacking me?

Hackers want to get access to your website and use it to get backlinks from your site to improve their site’s PageRank or redirect your visitors to malicious sites or use your website to send spam and viruses or other attacks.These attacks can damage your reputation with readers and commentators if you fail to tackle it. It is not uncommon for some WordPress websites to receive hundreds or even thousands of attacks every week. However, by using the Security CleanTalk plugin, all attacks will be stopped on your WordPress website.

How to install the plugin?

Installing the plugin is very simple and does not require much time or special knowledge.

Manual installation

  1. Download latest version on your computer’s hard drive,

  1. Go to your WordPress Dashboard->Plugins->Add New->Upload CleanTalk zip file.

  2. Click Install Now and Activate.

  3. After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on “Get access key automatically”

Installation completed successfully.

Installation from directory

  1. Navigate to Plugins Menu option in your WordPress administration panel and click the button “Add New”.

  2. Type CleanTalk in the Search box, and click Search plugins.

  3. When the results are displayed, click Install Now.

  4. Select Install Now.

  5. Then choose to Activate the plugin.

  6. After activated, go to plugin settings. Then you will need to create an API key, this is done automatically for you. Just click on “Get access key automatically”

Installation completed successfully.

How to test the security service?

Please use the wrong username or password to log-in to your WP admin panel to see how the Security Plugin works. Then you may log-in with your correct account name and see the logs for the last actions in the settings or our plugin. Also, Audit Log will display the last visited URL’s of the current user.

Is the plugin compatible with WordPress MultiUser (WPMU or WordPress network)?

Yes, the plugin is compatible with WordPress MultiUser.

How to control security activities on your website?

Go to your CleanTalk account->Log. Use filters to sort data for analyses.

Security logs provide you to receive and keep information for 45 days. You have the following possibilities:
1. Time period for all records you want to see.

  1. Website for which you want to see security records. Leave the field empty to see security records for all websites.

  2. Choose an event you want to see:

    • Authorization Login — all successful logins to your website.
    • Authorization Logout — all closed sessions.
    • Authorization Invalid username — login attempts with not existing username.
    • Authorization Auth failed — wrong password login attempts.
    • Audit View — records of actions and events of users in your website backend.
  3. Searching records by IP address.

  4. Searching records by country.

There are date and time of events for each record, username who performed an action and his IP (country) address. How to use Security Log

Is it possible to set custom email for notification?

Yes, it is possible. Go to your CleanTalk account->Change email

Why do you need an access key?

Access Key allows you to keep statistics up to 45 days in the cloud and different additional settings and has more possibilities to sort the data and analyses. Our plugin evolves to Cloud Technology and all its logs are transferred to Cloud. Cloud Service takes data processing and data storage and allows to reduce your webserver load.

How to use Security Log

  • First go to your Security Dashboard. Choose “Site Security” in the “Services” menu.
    • Then go to your Security Log.

You have the following possibilities:

  • Time period for all records you want to see.
  • Website for which you want to see security records. Leave the field empty to see security records for all websites.

Choose an event you want to see:

  • Authorization Login — all successful logins to your website.
  • Authorization Logout — all closed sessions.
  • Authorization Invalid username — login attempts with not existing username.
  • Authorization Auth failed — wrong password login attempts.

Audit View — records of actions and events of users in your website backend.

  • Searching records by IP address.
  • Searching records by username.
  • Searching records by country.

List of records. Each record has the following columns:

  • Date — when the event happened.
  • User Log — who performed actions.
  • Event — what did he do.
  • Status — was he Passed or Banned.
  • IP — his IP address.
  • Country — what country that IP belongs to.
  • Details — some details if they are available.

Please, read more

If you wish to block some countries from visiting your website, please, use this instruction:

How to use Security Firewall

First go to your Security Dashboard. Choose “Site Security” in the “Services” menu. Then press the line “Black&White Lists” under the name of your website.

You can add records of different types to your black list or white list:

  • IP-Addresses (For example,
  • Subnets (For example,
  • Countries. Click the line “Add a country” to blacklist or whitelist all IP-addresses of the chosen countries.

The records can be added one by one or all at once using separators: comma, semicolon, space, tab or new line. After filling the field press the button “Whitelist” or “Blacklist”. All added records will be displayed in your list below. Please note, all changes will be applied in 5-10 minutes.

Please, read full instruction here

How to test Security Firewall?

  1. Open another browser or enter the incognito mode.
  2. Type address YOUR_WEBSITE/?security_test_ip=ANY_IP_FROM_BLACK_LIST
    2.1 Address is local address and it’s in blacklist constantly. So address YOUR_WEBSITE/?security_test_ip= will works everytime.
  3. Make sure that you saw page with the blocking message.
  4. FireWall works properly, if it is not, see item 4 of the list.

How does malware scanner work?

Malware scanner will check and compare with the original WP files and show you what files were changed, deleted or added. Malware scanner could be used to find an added code in WP files. On your Malware Security Log page, you will see the list of all scans that were performed for your website. The CleanTalk Cloud saves the list of the found files for you to know where to look them for.

How to start malware scanner?

At the moment malware scanner may be started one time per day and manually.
To start malware scanner go to the WordPress Admin Page —> Settings —> Security by CleanTalk —> “Malware Scanner” tab —> Perform Scan.
Give the Malware Scanner some time to check all necessary files on your website.

Is it free or paid?

The plugin is free. But the plugin uses CleanTalk cloud security service. You have to register an account and then you will receive a free trial to test. When the trial (on CleanTalk account) is finished, you can renew the subscription for 1 year or deactivate the Security by CleanTalk plugin.
If you haven’t got access key, the plugin will work and you will have logs only on the plugin settings page for last 20 requests.

What happens after the end of the trial period?

The plugin will fully perform its functions after the end of the trial period and will protect your website from brute force attacks and will keep Action Log in your WP Dashboard, but the number of entries in the log will be limited to the last 20 entries/24 hours. Also, you will receive a short daily security report to your email.

Premium version allows to storage all logs for 45 days in the CleanTalk Dashboard for further analysis.

Brute Force security for WordPress

Brute force attack is an exhaustive password search to get full access to an Administrator account. Passwords are not the hard part for hackers taking into account the quantity of sent password variants per second and the big amount of IP-addresses.

Brute force attack is one of the most security issues as an intruder gets full access to your website and can change your code. Consequences of these break-ins might be grievous, your website could be added to the [botnet] and it could participate in attacks to other websites, it could be used to keep hidden links or automatic redirection to a suspicious website. Consequences for your website reputation might be very grievous.

Why is the CleanTalk Security Plugin Added to the Must Use Section?

This is required for the Security FireWall to function properly. Plugins that are placed in this section are being launched first, so it is very important that the Security FireWall is launched before any plugins and hooks. Thus, hacker requests will be stopped before they can get access to any site code.


སྤྱི་ཟླ་གཉིས་པ། 19, 2024 1 reply
I had a big problem for months with code getting injected into my website was driving me crazy using the highest rated plugin, i had to fix this so tried the clean talk plugin and ℹ couldn’t believe but it cleaned it stopped it full time! it found strange file so i talked support the issue was fixed instantly absolutely brilliant support! I have to say you saved me a wordpress reinstall!! 12 out of 10 guys 👍
སྤྱི་ཟླ་གཉིས་པ། 19, 2024 1 reply
Love this plugin. CleanTalk has done it again. Originally started with the Anti Spam which is remarkable and when they came out with Security and Malware gave it a try and soon switched all of my sites to it.
སྤྱི་ཟླ་གཉིས་པ། 17, 2024 1 reply
Very happy with the timely response by the agent. I feel better knowing there's someone at the other end even on weekends. Great protection and stats.
སྤྱི་ཟླ་གཉིས་པ། 15, 2024 1 reply
Наверно, лучшая защита сайтов, так как другой не пользовался, но меня полностью устраивает. Техподдержка тоже на высоком уровне. Probably the best site protection, since I haven't used another one, but it suits me completely. Technical support is also at a high level.
སྤྱི་ཟླ་གཉིས་པ། 13, 2024 1 reply
Have been using CleanTalk for so many years now and it keeps protecting my sites perfectly. For sure it has my recommendation with full 5 stars.
Read all 298 reviews

Contributors & Developers

“Security & Malware scan by CleanTalk” is open source software. The following people have contributed to this plugin.


“Security & Malware scan by CleanTalk” has been translated into 4 locales. Thank you to the translators for their contributions.

Translate “Security & Malware scan by CleanTalk” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.


2.128.1 Feb 21 2024

  • Fix. Test connection. Do not check response code on testing connection.
  • Fix. Common. Redundant expression removed.

2.128 Feb 12 2024

  • New. Calling cloud user_data_update during dismissing review notice.
  • New. System plugins. Vulnerability alarms implemented.
  • Fix. Settings. Show stored IPs count in the summary block.
  • Upd. SecFW. Switch to direct update if updating is freezing.
  • Upd. Scan. Auto send suspicious files.

2.127 Jan 29 2024

  • New. File System Journal feature implemented.
  • New. CodeStyle. Use new hasPHPOpenTags() to skip files with no actual PHP code.
  • Fix. Settings. Changed the period in the message
  • Fix. Auth. Change text.
  • Fix. Settings. Refactoring settings page
  • Fix. Scanner file send. Fix processing statuses if user has files that were send for analysis on old scanner versions.
  • Fix. 2FA. Show role Subscriber, correction of user data verification
  • Fix. Settings. Getting API key errors display.
  • Fix. FS Watcher. Selecting snapshots fixed.
  • Fix. Settings. ListTable unused attribute data-before removed.
  • Fix. Scanner. Suspicious items display fixed.

2.126.1 Jan 24 2024

  • Fix. UploadChecker good result now skipped from logging.
  • Fix. Common. Database tables prefix usage implemented.

2.126 Jan 16 2024

  • New. Firewall update. All queue stages is logged now.
  • New. Scanner results. Now all the heuristic fired files being suspicious instead of critical.
  • New. Scanner. Sends suspicious files to cloud report.
  • New. Feature. CDN headers self check implemented.
  • New. UploadChecker. Checking archive in media uploader.
  • Mod. Code. UploadChecker.php extracted from WAF module.
  • Mod. Settings. Remove button “Delete” from Approved files accordion.
  • Mod. SQL. IP networks separated to v4/v6 tables to reduce database size.
  • Fix. Settings. Changed the period in the message.
  • Fix. Accordions. Red dot status fixed.
  • Fix. Code. mergeWithSavingNumericKeysRecursive() fixed.
  • Fix. Code. File sending. Fix DTO and results merging.
  • Fix. Code. SQL request for pages selector.
  • Fix. Lib. Localization global style.
  • Fix. Lib. Change headers logic for adaptive tales.

2.125 Dec 18 2023

  • New. Activator class implemented.
  • New. Deactivator class implemented.
  • Upd. Heuristic. Add math module.
  • Upd. Code. Common lib (heuristic) updated.
  • Fix. Scanner. Undefined data key fixed.
  • Fix. Scan. Added check for signatures count.
  • Fix. Settings. Getting Access Key message fixed.
  • Fix. SecFW. FW results priority fixed.
  • Fix. PHP 8.2 deprecated notice fixed (creation of dynamic property ::cookie_domain)
  • Fix. PHP 8.2 deprecated notice fixed (creation of dynamic property ::data__set_cookies)

2.124 Dec 05 2023

  • Fix. Table cells popup of hidden long text – CSS fixed.
  • Upd. Traffic control. TC logic updated.
  • Fix. FireWall. Statuses of the triggered networks displayed.
  • Upd. Scanner. Manual cure button implemented.

2.123 Nov 20 2023

  • Fix. Scanner. Files deletion. Comparison of site responses before and after actions added.
  • Fix. Heuristic. Command shell detection. Regex fixed.
  • Fix. Heuristic. Mathematics module fixed.
  • Fix. RenameLoginPage. Skip login renaming process for password-protected pages.
  • Fix. Integrations. Add Password-protected compatibility.
  • Fix. WafBlocker. Compatible with php8.
  • New. Scanner. Analysis bulk actions: deleting implemented.
  • Fix. Scan. Excluded invalid index.
  • Fix. Scan. Added retry for unstable connection.
  • Fix. SecFW. FireWall priority fixed.
  • Fix. Settings. Enqueue scanner-plugin.js script fixed.
  • Fix. Scan. Increasing amount dynamically.
  • Fix. Auth. Removed conflict with password protected pages.
  • Fix. Scan. Handling empty signature_found.
  • Upd. Settings. Additional headers IP getting option updated.
  • Mod. WAF blocker. New reason code “-10”. New description for blocking page.

2.122 Nov 08 2023

  • New. Scan. Hashes blacklists.
  • New. FireWall. New module added: WAF Blocker.
  • Update. Scan. Keep surroundings code of FMS weak in db.
  • Fix. SecFW. Updated the launch rule on wpms.
  • Fix. RenameLoginPage. Skip login renaming process for password-protected pages.
  • Fix. RenameLoginPage. Skip login renaming process for password-protected pages.
  • Fix. Heuristic. Command shell detection. Regex fixed.

2.121 Oct 25 2023

  • Update. Common. Getting ip from resource by option.
  • Update. Scanner. Hidden the listing backups and quarantine directories.
  • Update. Scanner. Added check line length and mark of unreadable.
  • Update. Scanner. Shell commands detection updated.
  • Fix. Notice. Show review banner only administrator.
  • Fix. Helpers. Data. Ignore unlink warnings.
  • Fix. Scanner. Delete row from analysis log.
  • Fix. Settings. Additional exclusions ruleset fixes.

2.120 Oct 09 2023

  • New. Scanner. Automatic send of critical files.
  • New. Scanner. Detecting shell commands into backticks implemented.
  • New. Scanner. Allow to send unknown files for analysis.
  • New. General. New readme and screenshots.
  • Update. Browser sign. Updated sign make logic, and count of remembered devices.
  • Update. Scanner. DANGER files moved to SUSPICIOUS accordion.
  • Update. Scanner. Improve view of suspicious code.
  • Fix. Scanner. Request an audit button fixed.
  • Fix. Scanner. Analysis log fixed.

2.119 Sep 25 2023

  • Fix. Scan. Improve directory filter.
  • New. Admin. Dashboard widget implemented.
  • Fix. Settings. Description about additional headers has been updated.
  • Mod. Heuristic package update. System function shell_exec() now gains “critical” severity.
  • Fix. FireWall. BruteForce protection fixed.
  • Fix. Scanner. Ot extensions support added.
  • Fix. Scanner results. Approved category updated.
  • Fix. System function shell_exec() now gains “critical” severity.
  • Fix. AMP integration
  • Fix. Security log. Security logs description fixed.
  • Fix. Scanner. Disapproving files fixed.
  • Fix. Scanner. Remove disapproving button for approved by CT.

2.118 Sep 11 2023

  • Upd: Scan. Added .ott files for scanning.
  • Fixed spbc_scanner__get_cure_log_data()
  • New. Settings. Drop state data to defaults and remove all the cron tasks on empty key entered.
  • Fix. Extended search for malware with SQL quotes (“).
  • Fix. From heuristic package. Entropy fix.
  • Fix to found superglobals in the code without semicolones
  • Empty key actions
  • Fixed Security Audit Banner, added this to Suspicious
  • Update. Firewall. Table save last 20 rows after send logs, instead of delete all.
  • Fix. Scanner. Unknown section fixed.

2.117 Aug 28 2023

  • New: Settings. Add ability to change admin email.
  • New: Heuristics. Detect super variables in the system commands.
  • New: Show different types of weakspots in severity order.
  • Upd: Scan. Find and show all malwares in Frontend Malware accordion.
  • Upd: Security. Improve security logs view.
  • Upd: Scan. Unset approved by ct status if no hash in list.
  • Upd: Scan. Added .otc files for scanning.

2.116 Aug 14 2023

  • New: WL. Added constants for custom description and FAQ link.
  • Fix: FW. Delete all lines after send fw logs.
  • Fix: WL. Support link in errors.
  • Fix: WL. Email 2FA fixed.
  • Fix: WL. Fixed block pages.
  • Fix: WL. There is no Templates if WL is active.

2.115 July 31 2023

  • New: Firewall. Protect login from brute force even if expired key.
  • New: Scanner. Added extensions to find malware.
  • Fix: Whitelabel. Added rules for check brand info.
  • Fix: Front Scanner. Fixed modal view suspicious code for drive by download malware.
  • Fix: General. Check response code on file delete.
  • Fix: Scanner. Bulk actions fixed and improved.
  • Fix: Scanner. Entropy analyse – Index invalid or out of range.
  • Ref: General. WP 6.3 compatibility. Fixed version checking before scanner run.
  • Ref: Rename login URl. For new instances default new login page rename.
  • Ref: Scanner. Accordeon fields custom length.

2.114 July 17 2023

  • New: Scanner. Added pop up with info how to fix file listening and unsafe permissions.
  • New: SecFW. Manage Firewall as option and refactored clear scanner logs button for admin access.
  • New: User can disable email notification on change login url.
  • Ref: General. HTTP lib refactoring.
  • Ref: Settings. Added spbc__get_exists_directories().
  • Fix: Scan. Fixed count outbound links.

2.113 July 03 2023

  • Ref: Update. Scanner. Remove green dot and fix typo.
  • Ref: Update. Scanner. Added bulk actions for frontend malware and fix tabs view.
  • New: Implemented a file recovery mechanism.
  • Ref: Refactoring spbc_settings__field__draw().
  • Fix: Scanner. Shuffle salts suggestion after curing fixed.
  • Ref: Update. Scan. Removed duplicate of status in quarantine tab.
  • New: Scanner. Entropy analysis added.

2.112 June 19 2023

  • New: Scanner. Heuristic and signatures scanner libraries implemented.
  • Fix: Code. Auto Tests fixed.
  • Fix: Code. Auto Tests fixed.
  • Fix: Code. Travis config fixed.
  • Ref: Refactoring spbc_field_scanner__prepare_data__files().
  • Fix: Common. Checking ajax requests improved.
  • Fix: Common. Checking ajax requests fixed.
  • New: Code. Release notice automation added.
  • New: Cure Log – Cure action implemented
  • New: Important Files Monitoring.
  • Fix: Dashboard. Replaced wp_timezone_string to spbc_wp_timezone_string.

2.111 June 5 2023

  • New: PDF report. Cure log support.
  • Fix: Fixed trial banner.
  • Fix: Scanner PDF report. PHP 8+ compatibility.
  • New: Cure log implementation. Cure log PDF updates.
  • Mod: Added new Security license status.
  • Fix: Code. Code style fixed.
  • Fix: Settings. Firewall tab moved to the first spot.
  • Fix: Traffic control. Do not log TC records if user is skipped by a role.
  • Fix: Cookies. Unset spbc_is_logged_in cookie on logout hook.
  • Fix: Security logs. Do not send already sent logs on events.
  • Fix: File deletion. Cancel if file is required in PHP ini.
  • Mod: Frontend approved pages.
  • Fix: File replacement with original fix.
  • Mod: Analysis. Handled files can be deleted from analysis log.

2.110 May 22 2023

  • Fix: Scanner. Making verdict fixed.
  • Mod: Improved security log
  • Fix: MscanFilesDTO. Make weak_spots signs unique.
  • Fix: Scanner. Approved files will be check again if they were modified.
  • Fix: Settings. List unknown files is active for the new installations.
  • Fix: Trial expired. Remove forbidden error message in dashboard if trial expired.
  • Fix: File analysis. Approved files shown as approved in abnalysis log.
  • New: Firewall. Ipv6 handler implemented.
  • Ref: Settings. spbc_seconds_to_human_time refactored and docs added.
  • New: Remote calls. update_pscan_statuses

2.109.1 May 15 2023

  • Fix. Scanner. Heuristic logic fixed.

2.109 May 11 2023

  • Fix. Scanner. Improved heuristic.
  • Fix. Code. Created checkingSpecialDecryptedToken().
  • Fix. Code. Created FunctionsDecryptorService.
  • Fix. Scanner. Modified SQL for SUSPICIOUS results.
  • Fix. Firewall. Skip records with foud status 99.
  • Update. Whitelabel. Replace brand data to spbc->data.
  • Update. Scan. Add frontend malware send method to scanner queue.
  • Fix. White label. Some custom brand entries fixed.
  • Fix. WL mode. Affiliate section settings disable if the WL mode is active.

2.108.1 Apr 27 2023

Fix-release. Fixed error during tries to resend approved files.

  • Fix. Pscan. Now sends files correctly in case if file approved_by_ct.

2.108 Apr 24 2023

Cloud Malware Scanner (CMwS) implemented. Now suspicious files that sent for analysis will be checked via Cloud logic.

  • New. Cloud Malware Scanner (CMwS) implemented.
  • Fix. Firewall logs. IPv6 records now adds correct to the local database on feedback.

2.107 Apr 10 2023

Ready to apply settings template from CleanTalk dashboard, uploading files WAF check improved and heuristic scanner fix for Windows systems.

  • New. Settings. Plugin is ready to set a preset plugin settings template from the CleanTalk dashboard.
  • Mod. WAF. Uploading files. Check files with signature analysis in addition to heuristic analysis.
  • Fix. Scanner. Heuristic analysis. Files counting now works correctly on Windows systems.

2.106.1 Mar 30 2023

Fix release. Traffic control and Brute-Force protection now work and correct handle with IPV6 addresses.

  • Fix. TC & BFP database handling fixed.

2.106 Mar 27 2023

Tested with WordPress up to: 6.2, traffic control timing options updated and some minor fixes applied.

  • Mod. Tested WordPress up to: 6.2.
  • Mod. Traffic control. Changed time selector options.
  • Fix. Do not glue spbc dialog rows on bad code/file content preview.
  • Fix. WAF. Upload checker details area fixed.
  • Fix. Reduce firewall priority calculation cycle.
  • Fix. HTTP lib. WP 6.2+ supporting implemented.
  • Fix. Do not skip files analysis if aggregated size is overlimited.
  • Fix. Do not show suspicious files if they have been sent for analysis.
  • Fix. Heuristic. Unsetting verdict removed.

2.105 Mar 14 2023

Traffic control IP table fixed, JS files now scans via scanner, service post meta hiding, fix of timezone appearances and some other minor improvements.

  • Mod. Post meta. Hide post meta fields to prevent their display.
  • Mod. Scanner. Add js files to scan.
  • Fix. Lot of changes in timezones layout.
  • Fix. BFP. Remove outdated BFP code.
  • Fix. Traffic control. Cleaning TC table fixed.
  • Fix. Scanner. FilesystemIterator return .. and . begins with php8.2
  • Fix. Suspicious files now appears correct.

2.104 Feb 28 2023

Improved code style, fixed some bugs, added new functionality.

  • Fix: Heuristic. Variables execution fixed.
  • Fix: Scanner. Slicing tokens fixed.
  • New: Added SPBCT_ALLOW_CURL_SINGLE for frontend analysis.
  • Mod: Sending logs. Files curing result now sends to the cloud correctly.
  • Fix: Do not clear cured files array.
  • Mod: Banner on trial end. Banner is not dismissible on the SPBC settings pages.
  • Fix: Scanner. Added handler for errors caused third-party plugins.
  • Fix: 2FA. Corrected work to find the user account.
  • Fix: Scan. Commented decodeData method in heuristic class, because it’s unstable.
  • Fix: Firewall. Extend Helper\IP logic for x_real_ip, for handle ipv6 if there is ipv4 with stubs.

2.103 Feb 13 2023

Improved code style, fixed some bugs, added new functionality

  • Fix: Heuristic. De-obfuscated strings concatenation fixed.
  • Fix: TC. Traffic control checking logic simplified.
  • Fix: Check php_uname or PHP_OS is available. Prevent fatal error and do not allow start scanner if so.
  • Ref: All is_windows checks moved to SpbctWp/State.
  • Fix: Apply changes to parent method except WP specific.
  • Upd: Firewall. Rename firewall block status.
  • Upd: Firewall. Added column “requests per n minutes”.
  • New: Scanner. Able to get a pdf version of scan log.
  • Mod: Added clearing of custom message from unallowed tags.
  • Fix: Fixed event_runtime.
  • Fix: Scanner. Scanner tab content layout fixed.
  • Fix: Scanner. Refresh scan info after scanning.

2.102 Jan 30 2023

Improved code style, fixed some bugs, added new functionality

  • Mod: Improved scan log.
  • Mod: Improved the mechanism for adding signatures to the database.
  • Fix: Scanner. Fixed final scan log array offset warning.
  • Fix: Collecting themes via themes_api instead of plugins_api.
  • Fix: Try to get firewall files hashes agagin before throw an error.
  • Fix: Scanner. Exclude approved files from send.
  • Fix: FW update. Now does not ignore networks with different statuses
  • Fix: Generate backups tab and link anyway.

2.101 Jan 16 2023

Improved code style, fixed some bugs, added new functionality

  • New: Logging of scanning stages
  • New: Settings. Brute force protection settings added.
  • New: Malware Scanner. Warn user on settings and admin bar if critical files or frontend malware found.
  • New: Malware Scanner. Warn user on settings and admin bar if critical files or frontend malware found.
  • Mod: Mscanner. Custom period autostart.
  • Mod: Red dot for malware scanner files list and admin bar
  • Mod: Log layout refactored.
  • Upd: Scanner. Added functionality of description for frontend results.
  • Upd: Settings. FW logs tab updated.
  • Ref: Log layout refactoring
  • Ref: Settings hints refactoring
  • Ref: “users online” name refactored to admins online
  • Fix: Scanner. Compelled refactoring from “Error Control Operators” to try-catch.
  • Fix: Admins online bar counter now count admin users only.
  • Fix: Autocure end condition fix.
  • Fix: Reverted previous fix, autocure result data moved to another condition.
  • Fix: Settings. Admin bar – extra attention marks removed.
  • Fix: Settings. Firewall tab – description updated.
  • Fix: Settings. Typo fixed.
  • Fix. Errors. Correction for resending to analysis error.
  • Fix. Query. WPMS stat.
  • Fix. Frontend query change.
  • Fix. SecFW. New statuses 99 implemented.
  • Fix. Code. Code style fixed.
  • Fix. Files listing. Display accessible files fixed.
  • Fix. Heuristic. Scanning process modified.

2.100 Dec 12 2022

Improved code style, fixed some bugs, added new functionality

  • New: Trusted text and affiliate settings.
  • New: Remote calls. Private records handler.
  • New: TC. New option added – exclude authorized user.
  • Mod: Frontend scanner. Getting content for scanning is asynchronous now.
  • Mod: Frontend scanner. Scan amount increased to 20.
  • Mod: Analysis log. Date format changed.
  • Mod: SFW. Checking hashes of uploaded files
  • Mod: Added anchors to navigate through the settings sections.
  • Fix: Variables. Cookies secure flag fixed.
  • Fix: Fixed Unsafe Permissions description
  • Fix: Login page. Warnings custom login url on php 8.
  • Fix: Zapier works with 2FA
  • Mod: Added a description to the analysis results

2.99 Nov 28 2022

Improved code style, fixed some bugs, added new functionality

  • Fix: WAF logs. Single quote escape during SQL write on WAF logs write.
  • Fix: WAF logs. Single quote escape enchance.
  • Ref: spbc_get_modules_by_type() – fixed getting Name
  • Ref: get_modules_hashes()
  • Mod: Admin page. Url is changed when switch tab, and added hotkey Ctrl+F5 for reload current tab.
  • Fix: HTTP lib. Response::runCallbacks method fixed.
  • Mod: Update. Frontend. Urls in text message render to links.

2.98 Nov 14 2022

Improved code style, fixed some bugs, added new functionality

  • Mod: the confirmation code length is 8 digits
  • Ref: Updated description for option SEND PHP LOG
  • Ref: Removed unused issueHandlers from psalm.xml
  • Ref: spbc_PHP_logs__detect_EOL_type()
  • Ref: Updated Website total files description
  • Ref: Removed HOST checking in spbc_scanner_page_view()
  • Fix: Frontend. Tooltip hide when mouseover
  • Fix: ScannerQueue. Class usage fixed.
  • Mod: Added description for file scan results

2.97 Oct 28 2022

Improved code style, fixed some bugs, added new functionality

  • Mod: Frontend scanner – exclude unmodified pages
  • Test: Compatibility tested up to WP 6.1
  • New: MScanFilesDTO class implemented.
  • Fix: Now correctly transfer number of core files and total count of files.
  • Fix: Scanner. Now run autocure even if has results of previous heuristic scan.
  • Fix: Surface scanner. Prevent type error if directory permission is restricted due surface scanning.
  • Fix: spbc_resend_failed_files_for_analysis. Text fixes.

2.96 Oct 17 2022

Improved code style, fixed some bugs, added new functionality

  • Fix: Improved code style, fixed some bugs
  • Fix. Use wp_send_json() instead die(json_encode(…))
  • Mod: Added bulk action for Deleting into Analysis log
  • Mod: Unsafe Permissions – Checking permission to access important files and folders
  • Fix: spbc_resend_failed_files_for_analysis()
  • Fix: RC. Update settings remote call fixed
  • Fix: Fixed SQL for critical files
  • Fix: Fixed key_changed after getting template

2.95 Oct 03 2022

Improved functionality of the tab with files sent for analysis, removed the ability to send unknown files for analysis, fixed some bugs.

  • Fix. spbc_scanner_page_view()
  • Fix. Frontend scan. WordPress postmeta table now selects correctly.
  • Fix. Scanner log bulk actions.
  • Fix. Critical files log.
  • Fix. spbc_scanner_file_check_analysis_status.
  • Fix. spbc_scanner_file_send_for_analysis__bulk.
  • Mod. Scanner actions. View “bad” code buttons renamed.
  • Mod: Removed the ability to send unknown files for analysis
  • Mod: Improved functionality of the tab with files sent for analysis

2.94 Sep 15 2022

Fixed some bugs, improved performance, improved scanner operation.

  • New. Frontend scanner. Approving malware implemented.
  • Fix: Changed captures on banners
  • Fix: List table. Actions separator displaying fixed.
  • Fix. spbc_firewall__check(). If module poppyz is active, force new WP
  • Ref: PSR-12 Standarts
  • Fix: Fixed the incompatibility of the banner system between antispam
  • Fix: Fixed the data that the function spbc_get_source_info_of returns
  • Fix: Fixed spbc_get_source_info_of return data
  • Fix: Fixed frontend_analysis method
  • Fix: Fixed Frontend->getPagesUri
  • Fix: Fixed Frontend::countUncheckedPages
  • Fix. Settings template. Reset setting fixed.

2.93 Sep 05 2022

Complete deactivation fixed, Frontend scanner improved, WPMS issues fixed and some minor issues fixed.

  • New: Backups. Delete when complete deactivation.
  • New. Frontend scanner. Re-scan the page during view bad code.
  • Fix: Scanner. Heuristic. Add a detected_at for heuristically spotted attachments.
  • Fix: Firewall. WPMS. Update on child blogs. Remote calls using its own blog URL.
  • Fix: Firewall. WPMS. Update on child blogs. ‘fw_stats’ option loads for each blog separately.
  • Fix: Scan logs. Hide last scan log on a new scan process.
  • Fix: Removed fw__append_standard_message and server_response_combine
  • Fix: Scanner. Sending results fixed.
  • Fix. Settings template. Reset setting fixed.

2.92 Aug 15 2022

SecFW updating fixed, scanner cure fixed and some minor issues fixed.

  • Mod: HTTP lib. Prepare URLs array in the setURL() method.
  • Mod: Security Firewall. Update. Download 20 files by one queue execution.
  • Upd: Common. Additional security headers added.
  • Fix. Scanner. Cure backups fixed.
  • Mod: Exclude files approved by the user from verification
  • Fix. Settings template. Reset setting fixed.

2.91.1 Jul 27 2022

Missed commits implemented. Minor issues fixed.

  • New: FW Update. Make dependence for retries related to files count.
  • Fix. API request. Do not retry request if error contain CleanTalk prepared server error.
  • Fix: Heuristic. Use files paths without root due scan.
  • Fix: Queue. Unset error in stage if stage has been retried successfully.
  • Fix: Error output. Fix wrong variable name.
  • Fix: SpbctWP\Scanner\ScannerQueue::controllerBackground(). Use correct transaction name.
  • Fix: Scanner. The file ‘Detected at’ property is set for every file.
  • Fix: Common\Sanitize cast integer filter to integer return type.

2.91 Jul 26 2022

Last scan logs now displaying always, a brand new feedback banner added , sending files for analysis interface improved, code quality improved and some minor issues fixed.

  • New. Scanner last result log now always visible in the scanner tab.
  • New. Sending files for analysis mechanism now works without page reloading.
  • New. Admin dashboard feedback banner.
  • Fix: Settings. Scanner tab. Notice layout fix.
  • Fix: spbc_resend_failed_files_for_analysis. Return if no files were sent to analysis.
  • Fix: API. Correct comparison of the option of api servers provided in retryRequestToFastestServers()
  • Fix: FW. Block pages styles fixed.
  • Fix. Custom login. Fix redirect while logout.
  • Fix: Quarantine and de-quarantine. Notice fixed.
  • Fix: Send for analysis. Notice fixed.
  • Fix: API. Logic in retrying request to the fastest API-server.
  • Fix: Constants. Links logs table name fixed.
  • Fix: Settings. Firewall tab. TC link now works correct.
  • Fix: 2FA. Do not clean security logs on the general login form submitting if 2FA is enabled.
  • Fix: 2FA. Now always sends 6 digits codes.
  • Imp: 2FA. Google 2FA description improved.

2.90 Jul 11 2022

Scan process duration displaying, admin banners updated, code quality improved and some minor issues fixed.

  • New. Scanner. Scan duration implemented.
  • Fix. Rewrite login-url. Does not create new WP_Rewrite if no custom login form is set in the plugin settings.
  • Fix. Scanner table actions messages. Improved messages style and logic.
  • Fix. TablesAnalyzer.php. Now reset to initial blog ID on WPMS.
  • Fix. SPBC_TBL_SCAN_FILES. Now uses base_prefix instead of prefix to prevent handling of unavailable blog scan result data on WPMS.
  • Refactoring Admin Banners
  • Fix. Admin banner. Security attention mark fixed.
  • Fix. Scanner results. Remove undeleted separator after sending files for analysis.
  • Fix. Scanner. Transferring stages names to the JS script fixed.
  • Fif. Settings. Description fixed – hyperlinks protocol changed.
  • Fix. Scanner. Signatures updating fixed.
  • Fix. SecFW. Sending logs fixed.
  • Fix. Scanner. Frontend scanning fixed.
  • Fix. Scanner. Some scan stages fixed – signatures scan, heuristic scan, auto cure – fixed.
  • Fix. Scanner. Scanned files count fixed.
  • Fix. HTTP. Prevent caching during website answer code checking.

2.89 Jun 27 2022

Additional data to the scanner’s report added, available remote posting of api key, code quality improved and some minor issues fixed.

  • New. Post api key remote call implemented.
  • New. API key length extended to 30 symbols.
  • New. Scanner. Additional data was added to the scanner report.
  • New. Waf new params
  • Fix. ScannerQueue.php. Now clear state->modules before new check.
  • Fix. Heuristic. Getting inline HTML for checking implemented.
  • Fix. Heuristic. Tokens max position fixed.
  • Fixed spbc->notice_show
  • Fix. Scanner. Sending results fixed.

2.88 Jun 14 2022

SecFW updating fixed and some minor issues fixed.

  • Fix. – spbc-scanner.php – ListTable.php Add application/json header for every die($output) to.
  • Fix. Firewall. Custom message will be wrapped on div tags instead of h2.
  • Fix: Fixed colspan attribute in table row on plugin settings page
  • Fix. IP.php. Private networks check fix.
  • Mod: Surface.php – resave full_hash if different
  • Fix. SecFW. Updating process fixed.
  • Fix. HTTP lib. No cache pattern fixed.
  • Fix. RemoteCalls. No cache parameter added.
  • Fix. HTTP lib. Useragent for WP HTTP API requests fixed.
  • Fix. Scanner. Heuristic. Includes. Empty include body.
  • Fix. TablesAnalyzer.php. Remove incorrect table prefix for searched DB schema.
  • Fix. TablesAnalyzer.php. Add collation search results check.
  • Fix: Scanner. Preventing files actions during scanning.
  • Fix. TablesAnalyzer.php. Rename possible collision with table names due collation check.

2.87.1 Jun 2 2022

  • Fix. – spbc-admin.php – spbc-backups.php – spbc-scanner.php Add application/json header for every die($output) to.
  • Fix. spbc-scanner.php-> spbc_scanner_file_send. Fix ‘unknown field checked’ while send for analysis.
  • Fix. ScannerQueue.php->controllerFront. Add application/json header to the output of stage result.

2.87 May 30 2022

  • Fix. API::method_service_get() and its result processing.
  • Fix. From test. Scanner. Heuristic. Strings. Chars conversion.
  • Fix. From test. Scanner. Heuristic. Includes.
  • Fix. From test. Updater to 2.86.1.
  • Fix. From test. Resend file for analysis only for the main site.
  • Fix. get_cms_hashes(). Delete ex-core files if there is a same undeleted CORE hashes received from remote file.
  • Fix. Updater. Add settings for custom block message to the firewall blocking screens.
  • Fix: convertSchemaToStandard() fixed
  • Fix: perform() fixed
  • Fix: State->error_add() fixed
  • Fix: getDataFromRemoteGZ() fixed
  • Fix: important_files_listing() fixed
  • Fix: spbc_settings__register() fixed
  • Fix: spbc_field_scanner__files_listing__get_data() fixed
  • Fix: spbc_field_scanner__files_listing__get_total() fixed
  • Fix. Move spbc_resend_failed_files_for_analysis() from notice_paid_till processing logic.
  • Fix. Scanner. Actions. View bad code from file.
  • Fix. Scanner. Heuristic. Speed up.
  • Fix. spbc_resend_failed_files_for_analysis. Variable name fix.
  • Fix. SQLSchema.php Changes reverted. If there is no “checked” column the updater can’t seek changes. Debug. UpdaterScripts.php. Debug removed.
  • Fix. get_modules_hashes(). SQL error fix.
  • Fix. Frontend.php->check(). Moved frontend scanner object creation to prevent collisions.
  • Fix. FrontendScan.php. Type of check added.
  • Fix. Switch heuristic analysis to 0 for 2.86 version.
  • Fix. HTTP. Request. Process unexpected errors.
  • Fix. Settings. Error output.
  • Fix. API::method_service_get() and its result processing #3.
  • Fix. API::method_service_get() and its result processing #2.
  • New. Firewall. Add custom block message to the blocking screens.
  • New. RemoteCalls. perform_service_get().
  • New. Add error type ‘service_customize’.
  • New. Implementation of API::method_service_get(): – in synchronize function; – in cron.
  • New. API::method_service_get() and its result processing.
  • New. Settings: – fw__custom_message; – fw__append_standard_message.
  • New. Add extra package logic.
  • New: Cherry pick from settings/
  • New: Settings. Collect PHP log description changed. It depends from ‘extra_package’ flag.
  • New. UpdaterScripts.php. Update to 2_87_0 – delete “checked” row. New. SQLSchema.php. Removed checked row from schema. Debug. Version updated temporarily.
  • New. Methods in Scanner\Heuristic\Tokens: – convertOffset; – reindex; – getTokenFromPosition; – glueAllTokens; – getIterationTokens.
  • New. Implementation of Scanner\Heuristic\TokenGroups.
  • New. Scanner\Heuristic\Token implementation of \Iterator, \ArrayAccess, \Countable interfaces.
  • New. Scanner\Heuristic\DataStructures\Token. Represents instance of token.
  • New. Scanner\Heuristic\TokenGroups. Class with static properties. This class gather all types of token we are using to parse, analyze and deobfuscate the code.
  • New. DataStructure\SplFixedArray::append().
  • New. spbc_check_files_sent_and_received(). Add check on timestamp if already sent in last 10 minutes. New. spbc_check_files_sent_and_received(). Errors handling
  • New. spbc_check_files_sent_and_received(). Check if count of sent and received files is equal. If not send differnce files again.
  • New. ScannerQueue.php. Changes to differ “checked” to “cheked_heuristic” and “checked_signatures”
  • New. Helper.php->isRegexp(). Now supports custom delimiters. Doc. Helper.php->isRegexp(). Docblock is set.
  • New. Helper.php->isRegexp(). Checks if signature is rexep, supports modifiers. Ref. Scanner. Regex checking moved to isRegexp. Ref. Firewall. Regex checking moved to isRegexp. Debug. spbc-admin.php. States commented.
  • Refactor. Scanner\Heuristic\Controller. Add getters.
  • Refactor. Scanner\Heuristic\Controller. Implementation of Token class.
  • Refactor. Scanner\Heuristic\Controller. Constructor and properties.
  • Refactor. Scanner\Heuristic\Controller. New way to iterate content.
  • Refactor. Scanner\Heuristic\CodeStyle. Minor fix.
  • Refactor. Scanner\Heuristic\Variables: – Improve search sequences; – Implementation of Token class.
  • Refactor. Scanner\Heuristic\Variables. Minor fix.
  • Refactor. Scanner\Heuristic\Variables. Improve search sequences.
  • Refactor. Scanner\Heuristic\Transformations: – Implement Token class; – Multiple error fixes.
  • Refactor. Scanner\Heuristic\Strings: – Implement Token class; – Multiple error fixes.
  • Refactor. Scanner\Heuristic\SQLs::processRequest(). Preventing from multiple addition same SQL-request.
  • Refactor. Scanner\Heuristic\SQLs:: Implement Token class.
  • Refactor. Scanner\Heuristic\Simplifier:: Implement Token class.
  • Refactor. Scanner\Heuristic\Includes::process(). Remove useless heading whitespace.
  • Refactor. Scanner\Heuristic\Includes: – Code beautify; – Constructor refactor; – Implement Token class.
  • Refactor. Scanner\Heuristic\HTML code beautifying.
  • Refactor. Scanner\Heuristic\Evaluations: – Update constructor; – New way to check evaluations; – New method isSafe(); – Implementation of Token class.
  • Refactor. Scanner\Heuristic\CodeStyle implementation of Token class.
  • Refactor. Scanner\Heuristic\Tokens implementation of Token class.
  • Refactor. Scanner\Heuristic\Tokens minor improvements. Cleaning up code.
  • Refactor. Scanner\Heuristic\Tokens delete useless methods for the token comparing.
  • Refactor. Scanner\Heuristic\Tokens: – update convertTokensToStandard() method; – delete setMaxKey() method; – delete newIteration() method.
  • Refactor. DataStructure\SplFixedArray::slice().
  • Refactor. DataStructure\SplFixedArray::reindex(): – reducing memory consumption; – opportunity to reindex from the given key.
  • Refactor. spbc_resend_failed_files_for_analysis(). Renaming function. Ref. spbc_resend_failed_files_for_analysis(). Custom delay added. Doc. spbc_resend_failed_files_for_analysis(). Docbloc and comments. Debug. spbc_resend_failed_files_for_analysis(). Debug removed.

2.86 May 18 2022

  • Fix. Scanner. Interface. Forbid user to check file analysis status for 10 minutes after sending.
  • Fix. spbc-settings.php Correct slash char “\” is set in description.
  • Fix. From test. Catching unknown error.
  • Fix. Spbc-settings. Preloader fix. New. spbc-settings_tab–scanner.js. Spinner while content uploading.
  • Fix. spbc-settings_tab–scanner.js Debug removed
  • Fix. spbc-admin.php. States rolled back.
  • Fix: API. Add application agent to API-request.
  • Fix: Updater. Update to 2.82.
  • Fix. spbc_scannerButtonViewBad_callback(). Line width fix. New. spbc-settings.php. New test local domain New. FrontendScan.php WeakSpots lines length validation
  • Fix: Scanner. Links. Scanning posts with large amount of comments.
  • Fix. spbc_scannerButtonViewBad_callback(). Frame height fix.
  • Fix. spbc_scannerButtonViewBad_callback() Weak spot string style set. Fix. spbc_scanner_page_view() Weak spot redline style set.
  • Fix. spbc_scannerButtonViewBad_callback() Bad code highlight fixes.
  • Fix. spbc_scannerButtonViewBad_callback() Trying to fix HTML layout when view bad code.
  • Fix: Firewall. Update. End of update. To often setting savings.
  • Fix: Firewall. Update. Pass remote call action to Queue.
  • New. spbc-settings_tab–scanner.js. Spinner inside loading window.
  • Refactor. spbc-scanner.php. Debug removed.
  • Refactor. FrontendScan.php. Common weakspot parts of front-checks moved to constructWeakSpotArray() Ref. FrontendScan.php. validateLineLenght is redundant. Ref. FrontendScan.php. Debug removed. Ref. spbc-settings_tab–scanner.min.js Minified JS upload.
  • Refactor. Debug. spbc_scanner_clear().
  • Refactor. Frontend.php. Some explanation add. Fix. FrontendScan.php. Weak_spot cutting fix.

2.85.1 May 12 2022

  • Fix: Checking the existence of a function wp_is_maintenance_mode
  • Fix. CleantalkSP\Common\SpbctWP\Request. Use ‘blocking’ option for async requests.
  • Fix. CleantalkSP\Common\SpbctWP\Request. Process exception passed from WordPress \Requests class.
  • Fix: CleantalkSP\Common\HTTP\Request. Timeout error while async request.
  • Fix: SpbctWP\Scanner\Heuristic\Variables::updateArray_newElement(). Empty variable slice.
  • Fix: DataStructures\ExtendedSplFixedArray::slice().
  • Fix: Scanner. Heuristic. Fatal error.
  • Fix: Scanner. Compatibility with PHP lower than 7.4.
  • Fix: Firewall. Brute-Force Protection module. Unexciting WP_Rewrite() object.
  • Fix: Scanner. Wrong progress percentage.
  • Refactor: CleantalkSP\SpbctWP\Scanner\Heuristic\Tokens::convertTokensToStandard().

2.85 Apr 28 2022

  • Fix: WordPress Multisite. Receive an access key in mode “Mutual account, Individual access key”.
  • Fix. Scanner. Heuristic. Unset tokens.
  • Fix: Firewall. Calculation of the results priority logic.
  • Fix: Heuristic. Includes processing error.
  • Fix: Complete deactivation. Deleting all plugin settings from *_options.
  • Fix: Security Firewall update.
  • Fix: Call to undefined method CleantalkSP\SpbctWP\Helpers\IP::ip__v6_reduce().
  • Fix: SpbctWP\HTTP\Request::appendParametersToURL().
  • Fix: DataStructures\ExtendedSplFixedArray::getColumn() and slice() methods.
  • Fix: Delete useless class import.
  • Fix: SpbctWP\HTTP\Request. Inheritance bug.
  • Fix: fixed reloading of scanner accordion.
  • Fix: Complete deactivation.
  • Fix: result_wp_api_modules – version not exists
  • Fix: fixed colspan for approve message.
  • Fix: spbc->plugins for the first start.
  • Mod: Beautifying class import.
  • New: Common\HTTP* wrapper for WordPress: SpbctWP\HTTP\Request.
  • New: Namespace Common\HTTP\ included classes: – Common\HTTP\Request; – Common\HTTP\Response.
  • New: SpbctWP\Helper::http__get_data_from_gz() and implementation.
  • New: DataStructure\ExtendedSplFixedArray class.
  • New: ExtendedSplFixedArray::unshift() method. Implementation of array_unshift for \SplFixedArray.
  • Ref: Implementation of DataStructures\ExtendedSplFixedArray to Heuristic* classes.
  • Ref: Implementation of new Helpers. Refactoring: PSR recommendation implementation.
  • Ref: Implementation of *\HTTP\Request. Refactoring: *\RemoteCalls class upgrade.
  • Ref: Implementation of *\HTTP\Request for API requests.
  • Ref: Splitting *\Helper class to the number of classes into name space \Helpers*.
  • Ref: Common\Helpers\HelperHTTP rename method append_parameters_to_URL to appendParametersToURL.
  • Ref: Common\Helper renaming methods.
  • Ref: SpbctWP\Helper renaming methods.
  • Ref: Implement ‘Truly moving IP* method from Common\Helper to Common\Helpers\HelperIP’.
  • Ref: Truly moving IP* method from Common\Helper to Common\Helpers\HelperIP.
  • Ref: Rename Common/Helpers/HelperHTTP::$headers to $http_headers.
  • Ref: Rename Common/Helpers/HelperHTTP::getHeaders() to getHTTPHeaders().

2.84 Apr 11 2022

  • Fix: Firewall. Update. DB request.
  • Fix: Delete useless ‘use’;
  • Fix: Adding isText filter.
  • Fix: Signatures. Input ‘NULL’ for empty values when updating signatures.
  • Fix: Scanner. Accordion. ‘Critical’ tab. Check for if signatures exists before output result.
  • Fix: Common\Helper::buffer__csv__get_map(). Use of validation class.
  • Fix: SpbctWP\ListTable. Translations.
  • Fix: WAF. File check. Return result.
  • Fix: Scanner tab. CSS.
  • Fix: Few small fixes.
  • Fix: Fixed typo
  • Fix: Scanner. SpbctWP\Scanner\ScannerQueue. Use ScannerQueue::$db instead $wpdb in signature_analysis and heuristic_analysis.
  • Fix: Scanner. Implementing variable amount of checked files in one pass for heuristic and signature analysis.
  • Fix: Scanner. Percents count.
  • Fix: Scanner. Display spinner for row actions with files.
  • Fix: Scanner. Output error for row actions with files.
  • Fix. 2FA. Code sending email fixed.
  • Fix. 2FA. 2fa logic fixed.
  • Mod: Sanitize, Escape, Validate classes.
  • Mod: Signatures. Using ‘mapped’ CSV file for signatures.
  • Mod: Signatures. Automatically parse CSV with map.
  • Mod: Update spbc_scanner_file_send() to use new DB structure.
  • Mod: spbcModal. CSS modify for error comment.
  • Mod: ListTable. Adding new bulk action ‘send for analysis’ and refactor bulk actions handlers.
  • Mod: Do not make a remote calls when maintenance mode is enabled.
  • Mod: Updated phpDOC
  • Mod: Added escaping html for translate
  • Mod: Created Escape:class for escaping data
  • Mod: Refactoring Validator and Sanitizer classes
  • Mod: Added modificators in regexp for WAF
  • Mod: Settings. Do not show the support button if the access key is not correct.
  • New: WAF. Additional params to filter with. Prepare DB structure.
  • New: Scanner. Category ‘Analysis log’.
  • New: spbc_scanner_get_files_by_category() adding support for the new category ‘analysis_log’.
  • New: Implement table action ‘check_analysis_status’.
  • New: spbc_scanner_file_check_analysis_status(). Checks analysis status of passed file(s). Could handle multiple files input.
  • New: Variables\Validator::isText() filter.
  • New: Common\API. Process data for API::method__security_mscan_status().
  • New: Common\API::method__security_mscan_status().
  • New: DB schema. Adding columns ‘analysis_status’ and ‘analysis_comment’ to ‘scan_results’ table.
  • New: AJAX error comment output.
  • New: spbc_scanner_file_send_for_analysis__bulk() and handle error from a very single file.
  • New: spbc_scanner_get_file_by_id().
  • Ref: Decomposition of a class CleantalkSP\Common\Helper.
  • Del: Unused file Validator.php.

2.83 Mar 28 2022

  • Fix: Scanner. Uploaded themes and plugins.
  • Fix: Set input parameter types for different functions using Security\Firewall\Result DTO.
  • Fix: Security\Firewall\Result. Set status after parent::constructor().
  • Fix: Delete debug.
  • Fix: Resolve CSS conflict with ‘WP Lightbox 2’ plugin.
  • Fix: Scanner. File viewers. JS. Plenty of fixes.
  • Fix: 2FA. Users profile. Script attaching.
  • Fix: Scanner. File viewers. CSS fixes.
  • Fix: Common\Helper::ip__v6_normalize(). hexdec() deprecated error.
  • Fix: Scanner. Frontend. File scan log.
  • Fix: UpdaterScripts. updateTo_2_82_0.
  • Fix: JavaScript. Table action.
  • Fix: Variables\ServerVariables. Filters.
  • Fix: Scanner. Heuristic. Strings. Deprecated notice.
  • Fix. Scanner. Debug exclusions removed.
  • Mod: Security\Firewall. Get changes from ‘refactoring-prioritize-AA’ branch.
  • Mod: Alter SQL scheme for table firewall_logs. New ‘signature_id’ column.
  • Mod: Alter SQL scheme for table scan_signatures. New ‘waf_action’ column.
  • Mod: Add new properties to Security\Firewall\Result: – signature_id; – waf_action;
  • Mod: Move numeric status handling from Security\Firewall\Result::__constructor() to SpbctWP\Firewall\FW::check().
  • Mod: Added new columns to scan results
  • Mod: Firewall. Consider a smaller network as a prioritized result.
  • Mod: Update jQueryUI to version 1.13.1.
  • Mod: Optimization. Set the autoload flag to false where is possible.
  • Mod: Registration. Error message.
  • Mod: Interface. Terminology. Change ‘API key’ to ‘access key’.
  • Mod: JS. Update minimized files.
  • Mod: Added to waf__suspicious_check() pattern as string.
  • Mod: Added to waf__exploit_check() pattern as string.
  • Mod: Added to waf__sql_check() pattern as string.
  • Mod: Added Validator::class and Sanitizer::class.
  • Mod: Authentication log. Do not send double log for a new device.
  • Mod: SpbctWP\ListTable. Don not pass arguments to frontend.
  • Mod: JavaScript. Pass modified arguments when doing AJAX.
  • Mod: Added xss check by regular expression
  • Mod: Added link output for shuffle salts when treatment is performed.
  • Mod: Added new methods to Validator and Sanitizer.
  • New: spbc_list_table__get_args_by_type(). Get arguments for ListTable.
  • New: spbc_list_table__get_args_by_type() implemented.
  • New: SpbctWP\ListTable. Process arguments in a new way.
  • New: ServerVariables. Filters.
  • New: SpbctWP\Firewall. Update update_log.
  • New: SpbctWP\Firewall\WAF. Add middle_action() method to log a suspicious signatures.
  • New: SpbctWP\Firewall\WAF. Update. Working with suspicious signatures.
  • New: Implement Security\Firewall\Result class.
  • New: Security\Firewall\Result class. Represents a contract between firewall components.
  • New: Templates\DTO class.
  • Refactoring: added method::hasSignature
  • Refactor: Security\Firewall. Adding missing statuses to priority list.
  • Refactor: Security\Firewall::prioritize().

2.82 Mar 14 2022

  • Mod: Settings. Change salts. Change layout.
  • Mod: Reset wp salts
  • Mod: Variables\ServerVariables is abstract.
  • Mod: Variables*. Move storing and recalling variables to ServerVariables class.
  • Mod: Templates\Singleton. Separate child instances.
  • Mod: Added link for shuffle salts when curing is done
  • Mod: Added updater script.
  • Mod: Added description for section RESET SALTS.
  • Fix: Scanner. JavaScript class. Percentages display.
  • Fix: Scanner tab. Output errors for actions with files.
  • Fix: Scanner. Cleaning from heuristic results #2.
  • Fix: WPMS. Error when blog creating.
  • Fix: Varibales\ServerVariables. Logic fix.
  • Fix: WordPress Multisite. Database error while adding a new blog.
  • Fix: WordPress Multisite. Monitoring.
  • Fix: WordPress Multisite. Settings. Database error.
  • Fix: WordPress Multisite. Banner. Setting link.
  • Fix: WordPress Multisite. Severe errors.
  • Fix: Added scripts
  • Fix: Remote Calls. Token calculation.
  • Fix: Scanner. Amount of scanned files.
  • Fix: preloader.gif for debug button
  • Fix: reset salts
  • Fix: Scanner. Cleaning from heuristic results.
  • Fix: Fixed notification about deprecated operation of the hexdec function.
  • Fix: update there_was_signature_treatment in Cure.php.
  • Fix: Changed animation time.

2.81.2 Mar 5 2022

  • Fix: Scanner. Increase timeout and reduce amount of files checked in one iteration.
  • Fix: Scanner. Increase execution time for scanner.
  • Mod: Scanner. Heuristic. Memory consumption decreased.
  • Fix: Scanner. Heuristic. Processing errors.
  • Fix: Scanner. Heuristic. SQL module. Error.
  • Mod: Scanner. Manual. Speed up.
  • Mod: Scanner. Manual. Error for the changed nonce.

2.81.1 Mar 3 2022

  • Fix: Scanner. Manual. Errors output.
  • Fix: Do not bother user with useless errors.
  • Fix: Scanner. Surface. Skip bad file paths.
  • Fix: PHP Errors in ScannerQueue.php.

2.81 Feb 28 2022

  • Fix. Code. Singleton trait fixed.
  • Fix. Updater. 2.73 updater script fixed.
  • Fix. Git. Gitignore updated.
  • Fix. Updater. Transaction flow fixed.
  • Fix: \Templates\Multiton::getInstance() Input parameters.
  • Fix: \Templates\Singleton::getInstance() Input parameters.
  • Fix: \Templates\Multiton::getInstance() Input parameters.
  • Fix: \Templates\Singleton::getInstance() Input parameters.
  • Fix: Variables* instance parameter scope.
  • Fix: Common\Transaction.
  • Fix: Updater transaction implementation. Deleting transaction when it’s completed.
  • Fix: Scanner. Skip trusted files.
  • Fix: spbc-common.js. spbc_sendAJAXRequest(). Revised.
  • Fix: Common\Transaction. Wrong order of input parameters.
  • Fix: Scanner. File system scanner. Return file parameters in the strict order.
  • Fix: Namespaces for ScannerQueue.php.
  • Fix: Scanner. Minor performance improvement.
  • Fix: Do no check online admins when feature is disabled.
  • Fix: Firewall. Update. SpbcWP\Firewall\FW::data_tables__delete()
  • Fix: SFW: maximum priority for trusted networks
  • Fix: Fixed spbc_fix_error_messages() for custom filters
  • Fix: Error while merging with branch ‘mod/scanner.scheduled.implementing-queue.SR’.
  • Fix: Addition to the branch merge ‘mod/scanner.scheduled.implementing-queue.SR’. JS minimized files.
  • Fix: Scanner. False positive on functions.
  • Fix: Modal window. Max width.
  • Fix: Modal window. Center the content.
  • Fix: From test. Settings templates.
  • Fix: From test. AJAX error output.
  • Fix: From test. Scanner. Scheduled scan.
  • Fix: From test. Scanner. Auto cure stage.
  • Fix: From test. Scanner. Skip stages considering settings.
  • Mod: spbc_scanner_file_download() implementation of validation filter ‘hash’.
  • Mod: spbc_scanner_file_*() validation for input parameters.
  • Mod: Variables\ServerVariables. New sanitizing filters.
  • Mod: spbc-common.js. spbc_sendAJAXRequest() new input parameters dataType and context.
  • Mod: Scanner. Operations with plugins and themes:
  • Mod: Scanner. Operations with plugins and themes:
  • Mod: Replacing AJAX hooks with new one ScannerQueue.
  • Mod: Sripts translations. spbcScaner.
  • Mod: Settings. Scanner tab. Remove useless and rename old scanner statuses;
  • Mod: Make return parameters of spbc_backup__files_with_signatures() standard.
  • Mod: Remove useless remote calls.
  • Mod: AJAX. Alter error message.
  • Mod: Settings. ‘Show files detected not earlier than’ renamed to ‘Do not show unknown files older than’.
  • New: Scanner. JS-class ‘spbcMalwareScanner’.
  • New: Scanner. JS-class ‘spbcMalwareScanner’ implementation.
  • New: SpbctWP\DB. New methods:
  • New: SpbctWP\Scanner\ScannerQueue class.
  • New: Common\Helper. Store functions call results.
  • Refactor: Common\DB.
  • Refactor: SpbctWP\DB
  • Del: Deleting old JS scanner plugin.
  • Del: Old functions from spbc-scanner.php and adding wrappers for ScannerQueue.

2.80.1 Feb 18 2022

  • Fix: Fixed Fatal error: Uncaught TypeError: preg_match(): Argument #2 (subject) must be of type string, array given in /security-malware-firewall/lib/CleantalkSP/SpbctWP/Helper.php
  • New: Variables\SuperVariables::sanitize – Runs sanitizing process for input parameter.
  • New: Variables\SuperVariables::validation – Runs validation for input parameter.
  • New: Variables\SuperVariables::get(). Implementation of validation and sanitizing.
  • Mod: spbc_scanner_file_*() validation for input parameters.
  • Mod: spbc_scanner_page_view() preparing SQL.
  • New: Variables\SuperVariables::get(). Implementation of validation and sanitizing.

2.80 Feb 14 2022

  • Fix: Scanner. Code style analysing.
  • Fix: Scanner. Heuristic. Iteration preparations for code style analysis and post scan processing.
  • Fix: Scanner. Heuristic. CodeStyle. Analysing line lengths.
  • Fix: Added ON DUPLICATE KEY UPDATE in spbc_scanner_get_remote_hashes()
  • Fix: Setting “Check plugins and themes while uploading” (waf__file_check__uploaded_plugins.
  • Fix: Firewall. WAF. Breaking the other uploaded files check.
  • Fix: Scanner. Getting signatures.
  • Fix: WAF. The uploaded files check. Spelling.
  • Fix: Scanner. Heuristic. Skip content without useful PHP code.
  • Fix: Change params names according software requirements.
  • Fix. Code. Getting key hook logic moved and simplify.
  • Fix: Adding and implementing hook ‘spbct_upgrader_package_url’.
  • Fix: WAF. The uploaded files check. Namespaces.
  • Fix: Common\Helper::http__multi_request_pure(). PHP 5.6 compatibility.
  • Fix: Fixed error about memory_limit
  • Fix: From test. Renaming cleantalkModal to spbcModal.
  • Mod: Settings. Dependency logic. spbcSettingsDependencies() now recursive and support more than 1 nested levels.
  • Mod: Scanner. Interface. Description for approved category.
  • Mod: Remote calls. Update. Return possibility to update without the specifying version and source.
  • Mod: Remote calls. Update. Add ‘cleantalk’ download_source parameter.
  • Mod: CleantalkSP\SpbctWP\Scanner\DirectoryScan::scan() return type modified.
  • Mod: WAF. The uploaded files check. Errors output added.
  • Mod: WAF. The uploaded files check. Remote calls updating.
  • Mod: Firewall Update. Moving stats defining before creating dir and direct update. Got GIT glitch here.
  • Mod: SpbctWP\Firewall\FW::update__write_to_db() now can write either local and remote files to DB.
  • Mod: SQLSchema. Table ‘scan_results’. Default values for ‘size’, ‘perms’, ‘mtime’.
  • Mod: Scanner. Do not put ‘wp-config.php’ in the Unknown category.
  • Mod: Scanner. CleantalkSP\SpbctWP\Scanner\HeuristicCodeStyle::gatherLinesNumAndLength() renamed to sortTokensWithDifferentTypes.
  • Mod: Firewall. WAF. Passing new setting ‘waf__file_check__uploaded_plugins’.
  • New: Scanner. Table. new JS spbc_reload_accordion().
  • New: Scanner. Table. Implementation of spbc_reload_accordion().
  • New: Scanner. Heuristic. CleantalkSP\SpbctWP\Scanner\Heuristic\HTML module.
  • New: Scanner. Heuristic. Implementation of CleantalkSP\SpbctWP\Scanner\Heuristic\HTML module.
  • New: spbcModal new put() and putError() methods and few other improvements.
  • New: spbcModal implementation for error output.
  • New: CleantalkSP\SpbctWP\Scanner\Controller::getSignatures() method.
  • New: CleantalkSP\SpbctWP\Scanner\Controller::getRootPath() method.
  • New: Signature for methods CleantalkSP\SpbctWP\Scanner\Controller::scanFileForHeuristic() and scanFileForSignatures().
  • New: Rename CleantalkSP\SpbctWP\Scanner\Helper::file__get_string_number_with_needle() to scanFileForHeuristic()
  • New: Setting “Check plugins and themes while uploading” (waf__file_check__uploaded_plugins.
  • New. Getting key hook.
  • New. Change email hook.
  • New: \CleantalkSP\Common\Helper::http__multi_request_pure().
  • New: \CleantalkSP\SpbctWP\Scanner\Controller::scanFile() – scan file both ways, with signatures and heuristic.
  • New: \CleantalkSP\SpbctWP\Scanner\Controller::mergeResults() – merge results from different scans by predefined priority.
  • New: \CleantalkSP\SpbctWP\Helper::http__request__rc_to_host__build_params() – compile URL parameters to self remote call.
  • New: CleantalkSP\SpbctWP\Scanner\Surface. Possibility to throttle returned parameters.
  • New: CleantalkSP\SpbctWP\RemoteCalls::action__scanner__check_file – Check file for signatures and heuristic.
  • New: CleantalkSP\SpbctWP\RemoteCalls::action__scanner__check_file__heuristic – Check file by heuristic.
  • New: CleantalkSP\SpbctWP\RemoteCalls::action__scanner__check_file__signature – Check file for signatures.
  • New: \CleantalkSP\SpbctWp\Scanner\DirectoryScan class.
  • New: \CleantalkSP\SpbctWp\Firewall\WAF::waf__file_check__modules_check() – call back to check uploaded modules.
  • New: Firewall. WAF. Implementation of checking uploaded modules.
  • New: Updater. Update script for 2.80.
  • New: Hook ‘spbct_upgrader_package_options’ in Upgrader.php.
  • New: Remote calls. Update. Using custom source and version to update the plugin.
  • New: Remote Calls. Updater. Adding package url URL check.
  • New: Remote Calls. Updater. Removing filter ‘spbct_upgrader_package_url’, using ‘site_transient_update_plugins’ instead.
  • New: Authorization. Custom error message.
  • New: Firewall Update. spbc_security_firewall_update_direct().
  • New: Firewall Update. Implement Direct update.
  • Refactor: Renaming cleantalk-modal.js to spbc-modal.js.
  • Refactor: Renaming cleantalkModal JS class to spbcModal.

2.79 Jan 31 2022

  • New: CleantalkSP\Common\API::methodSendLocalSettings().
  • New: Settings. Sending the settings when saving them.
  • New: Settings. Add a new hook ‘spbc_before_returning_settings’.
  • New: Settings. Sending settings to the cloud when saving settings.
  • New: CleantalkSP\Common\API::sendRequest(). Implement zero timeout, to make an async call.
  • New: Settings. The spbc__send_local_settings_to_api() wrapper function to send settings.
  • New: Scanner. Malware. Exclude file approved by CleanTalk from the ‘unknown’ category.
  • Mod: Scanner. Do not exclude wp-config.php from the malware scan.
  • Mod: Scanner. Sending results. Aggregate errors from all sending results methods.
  • Fix. Scanner. Errors on curing was expanded.
  • Fix. Scanner. Added hook to log scanning process.
  • Fix: Setting import/export. Exclude ‘2fa__roles’ and ‘2fa__enable’ from export.
  • Fix: Setting import/export. Warning about the excluding ‘2fa__roles’ and ‘2fa__enable’ from export.
  • Fix: From test. CleantalkSP\SpbctWP\Scanner\Controller::scanFileForSignatures() return value.

2.78.1 Jan 20 2022

  • Fix. Scanner. Curing infected files fixed.
  • Fix. Scanner. Signatures scan fixed.
  • Fix. Code. Re-minify js code.
  • Fix. Code. Constant fixed in \CleantalkSP\SpbctWP\RemoteCalls.php.
  • Fix. Scanner. Sending results stage fixed.
  • Fix. Scanner. Next auto start task fixed.
  • Fix. Scanner. Scanner by remote call fixed – removed async attr.
  • Fix: Security Firewall. An update directory moved to the WordPress upload directory.
  • Fix: Helper::http_request(). The ‘async’ preset modified. Timeout increased to 3 seconds.

2.78 Jan 17 2022

  • New: Tools. spbc_check_ascii() function. Checks if the given string is ASCII.
  • Mod: Scanner. Silently add non-UTF8 file names to database.
  • New: Settings. “Cross-Site Request Forgery Detection”.
  • New: Frontend scanner. Passing CSRF setting to scanner.
  • New: Frontend scanner. Implementation of CSRF detection.
  • New: Web Application Firewall. Preparing database structure.
  • New: Web Application Firewall. Refactoring checks.
  • New: Web Application Firewall. The new check type: Suspicious signatures.
  • New: Web Application Firewall. Prioritizing and logs update for suspicious signatures.
  • New: Web Application Firewall. Logs sending modification for suspicious signatures.
  • New: Scanner. CSRF. Preparing database structure.
  • New: Scanner. CSRF. Rebuilding it to use DOMXPath to find attributes instead of global search.
  • New: Scanner. CSRF. Implementing writing results to database.
  • New: Scanner. CSRF. Settings layout.
  • Mod: Scanner. Signatures. Memory consumption decreased.
  • Mod: Scanner. Signatures. File size limit implemented.
  • Mod: Scanner. Heuristic. Delete evaluation construct from Strings.php.
  • Fix: Added a ‘get’ parameter at the cron scan request in the function spbc_scanner__launch()
  • Fix: Spelling and Grammar.
  • Fix: Scanner. Silently add non-UTF8 file names to database.
  • Fix: Firewall. ip__get() wrong redundant argument deleted.
  • Fix: Scanner. Scheduled scanning. Sending results.
  • Fix: Scanner. Frontend. Reset results if settings were changed.
  • Fix: Web Application Firewall. Uploaded file check.

2.77 Dec 13 2021

  • New: Scanner\Heuristic\Variables methods
  • New: Scanner\Heuristic\CodeStyle implemented
  • New: Scanner\Heuristic\CodeStyle
  • New: Add new properties Scanner\Heuristic\Tokens for Scanner\Heuristic\CodeStyle
  • New: Scanner\Heuristic\Tokens property max_index
  • New: Duplicate method Scanner\Heuristic\Tokens::setCurrent() delete
  • New: Scanner\Heuristic\Tokens methods modified
  • New: Scanner\Heuristic\Tokens new methods and few modified
  • New: Scanner\Heuristic\Tokens
  • New: Scanner\Heuristic\Evaluations class implemented
  • New: Scanner\Heuristic\Evaluations
  • New: Scanner\Heuristic\Controller
  • New: Scanner\Heuristic\SQLs::getViaKeyWords()
  • New: Scanner\Heuristic\Includes class implemented.
  • New: Scanner. Heuristic. New class Scanner\Heuristic\SQLs
  • New: Scanner\Heuristic\Variables::isSetOfTokensHasBadVariables() implemented
  • New: Scanner\Heuristic\Tokens::searchBackward()
  • New: Scanner\Heuristic\Includes class implemented.
  • New: CleantalkSP\SpbctWP\Scanner\Controller::getIncludes() method implemented.
  • New: Scanner. Heuristic. New class
  • New: Implement Heuristic\Transformation class in Heuristic\Controller
  • New: \CleantalkSP\SpbctWP\Scanner\Heuristic::Transformations class.
  • Mod: Scanner\Heuristic\Includes. Pass a start and an end string of an include to results.
  • Refactored: Few classes refactored for using new methods from Heuristic\Tokens
  • Refactored: Scanner\Heuristic\SQLs
  • Fix: set Cookie namespace in updaterscripts.php.
  • Fix: Do not include approved files in the reports.
  • Fix: Scanner. Receiving hashes.
  • Fix: Signatures. Wrong line number detection.
  • Fix: Heuristic. Deleting “base64_*” from bad functions.
  • Fix: Scanner. Heuristic. Useless files attachment check.
  • Fix: Interface. “Send for analise action”. Notification message altered.
  • Fix: Heuristic. Temporary don’t analise not native bad variables in SQL-requests.
  • Fix: Heuristic. Deleting “unserialize” from bad functions.
  • Fix: Interface. Row actions.
  • Fix: Check website for errors after quarantine or delete file.
  • Fix: Users online. Don’t send AJAX requests when disabled.
  • Mod: Scanner\Heuristic\Includes. Pass a start and an end string of an include to results.
  • Fix: Heuristic. Deleting “unserialize” from bad functions.
  • Fix: Interface. Row actions.
  • Fix: Check website for errors after quarantine or delete file.
  • Fix: Users online. Don’t send AJAX requests when disabled.
  • Fix: set Cookie namespace in updaterscripts.php.
  • Fix: Do not include approved files in the reports.
  • Fix. Code. Missing return added.

2.76.2 Nov 24 2021

  • Fix: Scanner. Receiving hashes.
  • Fix. Admin bar. Admins online counter fixed.

2.76.1 Nov 22 2021

  • Fix:Wrong namespace in Heuristic modules.

2.76 Nov 22 2021

  • New: Settings. Added a “required” parameter to almost all settings types
  • New: Creating CleantalkSP\Updater class.
  • New: Creating CleantalkSP\UpdaterScripts class.
  • New: CleantalkSP\Updater. New methods.
  • New: CleantalkSP\UpdaterSripts. Adding update scripts from inc/spbc-updater.php
  • New: Trait Templates\Transaction. Trait performs transaction logic.
  • New: CleantalkSP\Updater\Updater are using the Transaction trait.
  • New: Layout. Scanner listing tips. Popup tip added to the scanner accordion.
  • New: Methods in Common\DB\SQLSchema.
  • New: SpbctWP\DB\TablesAnalyzer class. Using SQLScheme determines missing and existing tables.
  • New: SpbctWP\DB\TablesCreator class. Creating tables using SQLSchema.
  • New: SpbctWP\DB\ColumnsAnalyzer class.
  • New: SpbctWP\DB\ColumnsCreator class.
  • New: All tables creating request now handled by \CleantalkSP\SpbctWP\DB\TablesAnalyzer and \CleantalkSP\SpbctWP\DB\TablesCreator classes.
  • New: Setting.
  • New: API::security_mscan_logs().
  • New: Database. Table ‘scan_results’.
  • New: Scanner. Logic for ‘detected_at’ param implemented.
  • New: Updater. Updater script for 2.76 version.
  • New: Using new Heuristic\Controller for Heuristic analysis.
  • Mod: UpdaterScripts. All SQL-requests considering DB structure  removed.
  • Mod: Updater checking and restoring integrity of the database each update.
  • Mod: Deleting spbc-updater.php and all relations.
  • Mod: Delete spbc_activation__create_tables() function.
  • Mod: API. ‘security_mscan_logs’ method.
  • Mod: SQL-scheme for ‘scan_results’ table.
  • Fix: Scanner. Counting and downloading plugin and themes hashes.
  • Fix. Scanner. Outbound links count fixed.
  • Fix. Scanner. Last scan tile fixed after scanning.
  • Fix. Scanner. Warnings hides after scanning.
  • Fix: elementor skip #2.
  • Fix: Interface. Scanner tab. Always show the next auto scan time if scheduled.
  • Fix: Settings. Scheduled scan time filed is now required.
  • Fix: Typos.
  • Fix: check dir before read in dir_is_empty.
  • Fix: use of GoogleAuthenticator class.
  • Fix: Common\DB\SQLSchema.
  • Fix: SpbctWP\DB\SQLSchema refactored. All requests are transformed from strings to arrays.
  • Fix: Firewall update. Table names.
  • Fix: SQLShema. Moving and renaming sessions table.
  • Fix: SQLShema. Add index to ‘scan_frontend’ table.
  • Fix: SQLShema. Typo in ‘scan_results’ scheme.
  • Fix: Firewall update. Files delete.
  • Fix: Settings. ‘required’ setting param.
  • Fix: Scanner. Autostart time.
  • Fix: Settings. Saving settings.
  • Fix: Settings API. “Disabled” and “parent dependence” for the select type.
  • Fix: Updater::runUpdateScripts().
  • Fix: Notice in UpdaterScripts::updateTo_2_74_0()
  • Fix: Settings. Default value for ‘scanner__list_unknown__older_than’ setting.
  • Fix: Settings. Description for ‘unknown’ files.
  • Fix: Logout action wasn’t logging.
  • Fix: PHP 8 compatibility.
  • Refactor: Moving CleantalkSP\Common\SQLSchema to CleantalkSP\Common\DB\SQLSchema
  • Refactor: Moving CleantalkSP\SpbctWP\SQLSchema to CleantalkSP\SpbctWP\DB\SQLSchema.
  • Refactor: Add CleantalkSP\Common\DBSQLSchema::$schemaTablePrefix.
  • Refactor: CleantalkSP\Common\DB\SQLSchema.
  • Refactor: Class ScannerH moved from global namespace to namespace \CleantalkSP\SpbctWp\Scanner.
  • Refactor: Class SpbcCure moved from global namespace to namespace \CleantalkSP\SpbctWp\Cure.
  • Refactor: Class SpbcScannerLinks moved from global namespace to namespace \CleantalkSP\SpbctWp\Scanner\Links.
  • Refactor: Class SpbcScannerFrontend moved from global namespace to namespace \CleantalkSP\SpbctWp\Scanner\Frontend.
  • Refactor: Functions from SpbcScanner moved to SpbctWP\Scanner\Helper.
  • Refactor: Class SpbcScanner moved from global namespace to namespace \CleantalkSP\SpbctWp\Scanner\Surface.
  • Refactor: Scanner. Moving few methods
  • Refactor: Scanner.
  • Refactor: Heuristic class.
  • Delete: CleantalkSP\SpbctWP\SQLSchema.php

2.75 Nov 8 2021

  • New: Settings. “Scan for important directories listing (scanner__important_files_listing) disabled by default.
  • New: Updater script for 2.75.
  • New: Scanner. Backend scripts for the “Check listing” stage.
  • New: Scanner. Frontend scripts for the “Check listing” stage.
  • New: Remote calls. “scanner__check_listing”.
  • New: Updater. 2.75. New remote call and option “scanner_listing” added.
  • New: Settings. “Allowed domains”.
  • New: Updater script for 2.75.
  • New: Scanner. Frontend. “Allowed domains” implemented.
  • New: Scanner. Frontend. Exclusions for domains implemented.
  • New: SpbcScannerFrontend::resetCheckResult() method. Clears results of frontend scan.
  • New: Clears results of the frontend scan once the domains exclusions are changed.
  • New: Updater. Clear spbc_plugins and spbc_themes options.
  • New: Scanner. Handling empty spbc_plugins and spbc_themes options.
  • New: Remote Calls. Added spbc_plugins and spbc_themes to debug remote call.
  • Mod: Setting. Default value of scanner__frontend_analysis__domains_exclusions.
  • Mod: Scanner. Getting hashes for plugins and themes revised.
  • Code: Scanner.php. spbc_scanner_get_remote_hashes__plug(). Fixing notices.
  • Fix: Scanner. Counting and downloading plugin and themes hashes.
  • Fix: Conflict with Elementor plugin.
  • Fix: Empty firewall status.
  • Fix: Scanner. Listing check. Visual fix.
  • Fix: Scanner. Listing check. Removing debug.
  • Fix: Error in spbc_scanner_count_hashes_plug().
  • Fix: Logic error in spbc_scanner_count_hashes_plug().
  • Fix: require admin_bar.php

2.74 Oct 19 2021

  • New: Settings. Adding hidden option \”monitoring__users\” for \”Administrators online counter\”.
  • New: Update script for 2.74.
  • New: SpbctWP\Firewall::isException().
  • New: Security Firewall. Exception for Elementor and Elementor Pro form editing.
  • Mod: Queue. Accepted tries argument implemented.
  • Mod: Secuirty Firewall. Update. End of update have only one try.
  • Mod: Queue. Log an error from every try.
  • Mod: Security Firewall. Error handling added.
  • Mod: Security Firewall. Exclude for \’lc\’, \’loc\’, \’lh\’ high level domains.
  • Fix. ScannerH. Detecting T_EVAL for the evaluation removed.
  • Fix: Server::get_domain().
  • Fix: get_option( \’siteurl\’ ) replaced with get_option( \’home\’ ).
  • Fix: Settings. Typos.
  • Fix: Updater. Wrong function name \”spbc_update_to_2_73\” renamed to \”spbc_update_to_2_73_0\”.
  • Fix: Security Firewall. Error handling added.
  • Fix: WPMS. Error while creating blog.
  • Fix: Helper::getFilenameFromUrl is public now.
  • Mod: State::saveAll() save only real settings.
  • Fix: State. Public $error property.
  • Fix: SpbctWP\Firewall::isException().

2.73 Oct 7 2021

  • New: \CleantalkSP\Common\Helper::fs__removeAnything() method.
  • New: Remote call debug.
  • New: Debug error type.
  • New: Skip the heuristic check if script allocated to much memory.
  • New: Common/Helper::array_reindex(). Re-indexes numeric keys of an array without large memory consumption.
  • New: spbc_get_source_info_of( $file ).
  • New: Getting information about file before sending it for analysis.
  • New: Settings. “List unknown files” setting.
  • New: Cron. Refactored. Splitted into CleantalkSP/SpbcWP/Cron and CleantalkSP/Common/Cron
  • New: Cron. Transaction implemented.
  • New: Remote Call “cron_update_task”. Allows to update cron task remotely.
  • New: Setting. Added an update button to set the cron task to update Security Firewall.
  • Mod: \CleantalkSP\Common\Helper::fs__removeDirectoryRecursively().
  • Mod: Update script for 2.73.
  • Mod: Remote calls. Initializing don’t have unnecessary conditions.
  • Mod: spbc_test_connection() fix response.
  • Mod: SpbcScannerH uses Helper::array_reindex() instead array_values to re-index an array.
  • Mod: Renaming “WordPress” to “WordPress” in all files.
  • Mod: Malware Scanner is using POST HTTP-method to update instead of GET.
  • Mod: Remote Calls using any HTTP method instead of GET.
  • Mod: Security Firewall is using POST HTTP-method to update instead of GET.
  • Mod: Malware Scanner. Viewing of unknown files depends only from “List unknown files” now.
  • Mod: All HTTP-requests are using no-cache preset now.
  • Mod: Remote Calls using any HTTP method instead of GET #2.
  • Mod: Customize no_cache parameter.
  • Mod: Settings. Display debug tab on local websites.
  • Mod: Renaming “WordPress” to “WordPress” in all files #2.
  • Fix: Firewall update. Not existing FW table.
  • Fix: Firewall update. Can not to make FW dir.
  • Fix: Firewall update. Added the ignoring cache headers and parameter.
  • Fix: Firewall update. Added the ignoring cache headers and parameter #2.
  • Fix: spbc-admin.js. Typo in JavaScript function.
  • Fix: Security Firewall. Brute Force Protection and Traffic Control modules possible fatal errors.
  • Fix: Security Firewall. Brute Force Protection and Traffic Control modules possible fatal errors #2.
  • Fix: spbc_scanner_get_remote_hashes__approved() was updated due to the large amount of approved files.
  • Fix: Scanner. Updating hashes for new WordPress version.
  • Fix: Cron::updateTask().
  • Fix: Cron::compareSetOfTasks().
  • Fix: Cron. Start logic.
  • Fix: Cron. Adding possible missing params to tasks.
  • Fix: Scanner. spbc-scanner.php spbc_scanner_get_remote_hashes__approved(). Wrong imploding arguments.
  • Fix: Security Firewall. Update. Wrong constant name.
  • Fix: Scanner. spbc-scanner.php spbc_scanner_get_remote_hashes__approved(). Wrong imploding arguments. #2
  • Fix: Security Firewall. Update. spbc_security_firewall_update__prepare_upd_dir() doesn’t change permissions.
  • Fix: Helper::array_reindex() considers empty arrays.
  • Fix: Scanner. Signatures scan amount reduced to 20 due to large number of signatures.
  • Fix: Settings spelling error in the setting “Collect and send PHP logs”.
  • Fix: Settings. Option “Collect and send PHP logs” was always switched off for non-multisite websites.
  • Del: Useless param State->data->cron->running.

2.72.2 Aug 30 2021

  • Mod: Scanner. Removing exclusions from the scan results during prepare stage.
  • Mod: Firewall update. Splitting big SQL-request in a few.
  • Mod: Admin-bar. Style for list of online users.
  • Mod: Frontend Malware Scanner. domain added to exclusions.
  • Fix: Security log. IPv6 support.
  • Fix: Firewall. Maintenance mode when updated. No checks during maintenance.
  • Fix: Malware Scanner. Error while getting plugins and themes hashes.
  • Fix: Firewall update.
  • Fix: Malware Scanner. Cleaning from exclusions.

2.72.1 Aug 23 2021

  • Fix: Google Two-factor Authentication.

2.72 Aug 23 2021

  • New: spbc_wp_timezone_string() function.
  • New: Settings “WordPress Multisite Work Mode”, “Hoster API key”.
  • New: CleantalkSP\SpbctWP\State splitted in two CleantalkSP\Common\State and CleantalkSP\SpbctWP\State.
  • New: Plugin is using new State class with new flags.
  • New: WordPress Multisite support.
  • New: Update for 2.72.
  • New: Adding \CleantalkSP\Common\Queue and \CleantalkSP\SpbctWP\Queue classes.
  • New: \CleantalkSP\Common\Helper::http__multi_request().
  • New: \CleantalkSP\Common\Helper::getFilenameFromUrl().
  • New: Queue. Transaction system.
  • New: \CleantalkSP\Common\Queue->pid.
  • New: \CleantalkSP\Common\Queue->unstarted_stage.
  • New: \CleantalkSP\Common\Queue::refreshQueue().
  • New: \CleantalkSP\Common\Queue::hasUnstartedStages().
  • New: Settings. Deafult ‘disabled’ param for field setting type.
  • New: \CleantalkSP\SpbctWP\Helper::get_data_from_local_gz().
  • New: Helper::http__request() low speed time is 10 seconds.
  • Mod: Admin bar. Show the “attention” mark if there are errors or notices.
  • Mod: Layout. Using prefix “spbc-” for icon classes.
  • Mod: Admin bar. Showing online users logins.
  • Mod: Admin-bar.
  • Mod: Settings output.
  • Mod: spbc-settings.php using \CleantalkSP\Variables\Post class.
  • Mod: CleantalkSP\Common\Helper::ip__get() returning IPv6.
  • Mod: Run update actions for every blog on the network.
  • Mod: Deleting useless file attachment.
  • Mod: Replacing State::save*() methods to State::save().
  • Mod: Some initilaziang stuff from security-malware-firewall.php moved to CleantalkSP\SpbctWP\State.
  • Mod: Scanner. Accordion layout.
  • Mod: Scanner. Don’t show files from wp-content\cache in unknown  category.
  • Mod: Firewall update. Don’t handle errors anymore in remote call.
  • Mod: \CleantalkSP\Common\Queue::isQueueFinished().
  • Mod: \CleantalkSP\Common\Queue::isQueueInProgress();
  • Mod: Firewall update. Complex improvements.
  • Mod: Firewall update. Error handling.
  • Mod: Deleting delay when calling spbc_security_firewall_update__init().
  • Mod: Rename State->fw_stats[‘last_start’] to State->fw_stats[‘updating_last_start’].
  • Fix: Setting allows to prevent collecting of authors logins.
  • Fix. Admin bar. Show admin bar without api key.
  • Fix: Scanner. Approve/disapprove bulk actions with “unknown” files.
  • Fix: Google 2FA. Conflicting namespaces. GoogleAuthenticator class using autoload now.
  • Fix: IPv6 for security log.
  • Fix: \CleantalkSP\Common\Helper::buffer__parse__csv().
  • Fix: \CleantalkSP\SpbctWP\Queue.
  • Fix: Firewall update.
  • Fix: PHP warning with mt_rand().
  • Fix: Helper::http__request() timeout is 15 seconds.
  • Fix: Firewall update. Deleting files after processing.
  • Fix: Scnner. Heuristic. Reducing maximum file size to check to 512 KB.
  • Fix: Firewall update. Separate folder for each blog.
  • Fix: Settings. Multisite Work Mode. Disabled Hoster API key.
  • Fix: Debug tab. Connections to servers.

2.71 Jul 22 2021

  • Tested up to WordPress 5.8.
  • New: Setting allows to prevent collecting of authors logins.
  • Fix. SecFW. Getting update period from dns fixed.
  • Fix. Code. Wrong namespace fixed.
  • Fix. RC versions of WP supported.
  • Fix: dns_get_record() possible errors blocked.
  • Fix: IP-detection for Cloudflare CDN.
  • Fix: Set cookies on dashboard pages even if the setting is off.

2.70 Jul 7 2021

  • New: New option for “Set cookies” – “Alternative mechanism”.
  • New: “Alternative cookies handler type” setting without interface.
  • New: Settings API improvements and fixes.
  • New: Defining table constant for session.
  • New: Attaching spbc-cookie.js script for public pages.
  • New: Cookie handler for frontend.
  • New: CleantalkSP\SpbctWP\RestController class.
  • New: CleantalkSP\SpbctWP\Variables\AltSessions class.
  • New: CleantalkSP\SpbctWP\Variables\Cookie class.
  • New: Security Firewall. FW class. IPv6 support.
  • New: Helper::ip__get() application.
  • New: Helper updated to 3.7 version. New ip__* functions added.
  • New: Security Firewall. SQL-schema for IPv6 support.
  • Mod: Admin-bar. Deleting “Dashboard” link.
  • Mod: Every cookie operation on backend go via SpbctWP\Variables\Cookie.
  • Mod: Settings templates. Modal window. Added description.
  • Mod: Allow Security Firewall for secondary blogs on WordPress Multisite.
  • Mod: Gray synchronize button.
  • Mod: Every cookie operations on frontend go via SpbctWP\Variables\Cookie.
  • Upd: Malware scanner. Heuristic analysis improved. #2
  • Upd: Malware scanner. Heuristic analysis improved.
  • Upd: Common\Helper to version 3.6.
  • Fix: Malware Scanner. Signature module error.
  • Fix: Malware Scanner. Heuristic module error.
  • Fix: Malware Scanner. Notification about the errors.
  • Fix: Malware Scanner. Heuristic scanner.
  • Fix: Banner about empty key is now dismissible.
  • Fix: Security Firewall. FIREWALL_IS_ALREADY_UPDATING error deleted.
  • Fix: Security Firewall. Test IP is prior if given.
  • Fix: Ipv4 handling.
  • Fix: Alternative sessions. SQL-schema.
  • Fix: Security Firewall. SQL-schema for IPv6 support.

2.69 Jun 17 2021

  • New: Requires PHP 5.6.
  • Fix: Admin bar. Conflict with previous version of Anti-spam by Cleantalk.
  • Fix: Scanner. Error with get_hashes__approved_files() naming.
  • Fix: Admin-bar. Counter output.
  • Fix: Catch an exceptions in scanner.
  • Fix: Admin bar. Rapid fix.
  • Fix: Admin bar style. Install link is no longer highlighted.
  • Fix: Security Firewall update.
  • New: More quality icons.
  • Fix: Admin bar style. Style for anti-spam icon.
  • Fix: New admin bar style. Sorting by alphabet.
  • Fix: Firewall. Update. Filtering bad data.
  • Mod: Scanner. Interface. Show scanning results only if the scan was completed without errors.
  • Mod: Scanner. Interface. Show unknown category only if signature and heuristic analysis are enabled.

2.68 Jun 4 2021

  • New: Update. spbc_update__run_sql_for_every_blog().
  • New: Sending GMT datetime for each event.
  • New: CleantalkSP\Common\Counter class.
  • New: CleantalkSP\SpbctWP\FirewallCounter class.
  • New: CleantalkSP\SpbctWP\SecurityCounter class.
  • New: Using new Counter class. To count event.
  • New: New admin bar style.
  • Mod: Scanner. Showing files without source as “Unknown” files.
  • Mod: add ‘relative’ parameter in admin_url() for getting ajaxurl.
  • Fix: Common/Helper::http__get_headers() fixed.
  • Fix: MU plugin fixed.
  • Fix: “Fix: Common/Helper::http__get_headers() fixed.”
  • Fix: Scanner. Showing files without source as “Unknown” files.
  • Fix: Sending GMT datetime for each event. SQL Schema updated.
  • Fix: Sending GMT datetime for each event.
  • Fix: Increasing interval between updating ‘Online user counter’.
  • Fix: New admin bar style.
  • Fix: Scanner. Adding exception for ‘wp-config.php’.
  • Fix: Adding user token to link ‘View all scan results for this website’.
  • Fix: Scanner. Checking response from website.
  • Fix: spbc_humanize_output() spelling.

2.67.2 May 21 2021

  • Fix: Firewall. Update.
  • Fix: Firewall. Update. Error “WRONG_UPDATE_ID”.
  • Fix: Firewall update. “FW UPDATE INIT: KEY_EMPTY” error.

2.67.1 May 20 2021

  • Fix: Firewall. Update.
  • Fix: Firewall. Update. Skipping even-numbered files.
  • Fix: Firewall. Update. “FW UPDATE INIT: KEY_EMPTY”, “FW UPDATE INIT: KEY_IS_NOT_VALID” errors.

2.67 May 18 2021

  • New: Scanner. Adding inappropriate includes to the scan.
  • Mod: Few improvements to Firewall update.
  • Mod: Firewall. Update. Make current flow update actions if remote call is failing.
  • Mod: Firewall. Update. Using ‘delay’ parameter in RC  instead of using direct sleep();
  • Mod: Scanner. Performance of ‘counting files’ stage improved.
  • Fix: spbc_is_plugin_active().
  • Fix: Security Firewall. MailPoet cron requests skip.
  • Fix: Firewall. Update.
  • Fix: Firewall. Update. Minor fix.
  • Fix: 2FA and Change Login Page URL conflict.

2.66.3 Apr 29 2021

  • Revert: Upd: ScannerH. chr() included expressions supported #2.

2.66.2 Apr 29 2021

  • Revert: Upd: ScannerH. chr() included expressions supported.
  • New: Update script for 2.66.2.

2.66.1 Apr 29 2021

  • New: A dev and a fix version suffix support.
  • New: A dev and a fix version suffix support for update scripts.
  • Mod: Remote calls. update_settings call. Now handles array setting type.
  • Upd: ScannerH. chr() included expressions supported.
  • Fix: Security Firewall update.
  • Fix: Scanner. Signatures analise fixed.

2.66 Apr 22 2021

  • New: The Security Firewall update system revised.
  • New: The plugin update system revised.
  • New: Remote calls. ‘debug’ and ‘update_security_firewall__worker’.
  • New: \CleantalkSP\SpbctWP\RemoteCalls modified to work with \CleantalkSP\Common\RemoteCalls.
  • New: \CleantalkSP\Common\RemoteCalls class. Contains base logic. CMS independent.
  • New: \CleantalkSP\Common\DB::isTableExists(). Checks if the table exists.
  • New: Update script for 2.66.
  • New: \CleantalkSP\Common\SQLSchema contains get methods.
  • New: \CleantalkSP\SpbctWP\SQLSchema contains SQL-requests.
  • New: \CleantalkSP\Common\DNS class. Allows to get with DNS records and theirs different parameters.
  • Mod: Adminbar minimized.
  • Mod: security-malware-firewall.php using new SQLSchema class.
  • Mod: security-malware-firewall.php using new RemoteCalls class.
  • Mod: CleantalkSP\SpbctWP\Upgrader class. Added ‘install’ and ‘install_strings’ methods.
  • Mod: \CleantalkSP\SpbctWP\Helper::http__request__rc_to_host__test() splitted in two http__request__rc_to_host() and http__request__rc_to_host__test().
  • Mod: replaced the wp_die function with die when issuing the lock page.
  • Mod: No alert when AJAX error happening.
  • Fix: The Security Firewall update.
  • Fix: The Security Firewall update. Additional errors.
  • Fix: \CleantalkSP\SpbctWP\State. Getting data from database.
  • Fix: Firewall. Update. Delete data from temporary tables if it’s not there.
  • Fix: Fixed the email recipient when enabling 2FA. Now the recipient of the message is the current user.
  • Fix: FW. Notices disabled on blocking pages.
  • Fix: Whitelist IP when login in.
  • Fix: API class.

2.65 Apr 8 2021

  • New: Admin bar. Firewall counter.
  • New: Admin bar. Login attempts counter.
  • New: Admin bar with dynamic online users counter.
  • New: Setting to disable admin bar.
  • New: \CleantalkSP\Monitoring\User class.
  • New: Bulk actions for all files. Supports only ‘approve’ and ‘disapporve’ actions for now.
  • New: SecFW. Admin IP will be whitelisted automatically.
  • New: Settings. Description for the settings sections implemented.
  • New: spbc_update(). Outputs update result stage for every stage.
  • New: spbc_update__outputResult() function. Outputs update result.
  • Upd: Settings. Firewall section description added.
  • Mod: Admin bar. Login attempts counter.
  • Mod: Settings layout for admin bar changed.
  • Mod: Bulk actions layout.
  • Mod: SpbctWP\RemoteCalls::perform() “die” only if something was returned. Every remote call should implement an output and a script stop.
  • Fix: Admin bar. Settings description.
  • Fix: Link from admin bar to scanner and support.
  • Fix: Link from admin bar to dashboard.
  • Fix: 2FA. Fixes and improvements #2.
  • Fix: 2FA. Fixes and improvements.
  • Fix: 2FA. Confirmation code form layout.
  • Fix: spbc_update(). Lib attachments.
  • Fix: SpbctWP\Upgrader, SpbctWP\UpgraderSkin, SpbctWP\UpgraderSkin_Deprecated classes using correct namespaces now.
  • Fix: Exception the FW check for queries with ‘/favicon.ico’ string.
  • Fix: Do not consider 501 as correct HTTP response code when getting FW data files.
  • Fix: 2FA settings names.
  • Fix: 2FA current user email selected by default.

2.64 Mar 25 2021

  • New: \CleantalkSP\SpbctWP\Cron::getTask(). Get requested task data from option.
  • New: 2FA. G2FA logging in implemented.
  • New: Services Templates. Functionality implemented.
  • Udp: API. API class updated.
  • Fix: Remote Calls. Wrapper http__request__rc_to_host() don’t get an array as expected.
  • Fix: Description for setting “Redirect URL”.
  • Fix: Scanner. Automatic start time.
  • Fix: Security Firewall. Update.
  • Fix: Rename Login Page. ‘/’ is available in paths.
  • Fix: Rename Login Page. Redirecting to the main page of website by default.
  • Fix: Rename Login Page. WPMS websites as subdirectories conflict is fixed.

2.63 Mar 4 2021

  • New: Setting “Disable REST API for non-authenticated users”.
  • New: Settings for “Change address to login script”.
  • New:: Variables\Server::isSSL().
  • New:: Variables\Server::getHomeURL().
  • Mod: Settings CSS class for middle text field.
  • Mod: Firewall. Update. Additional error handling.
  • Code: Clentalk\Helper::ip__resolve__cleantalks(). Minor Fix.
  • Fix: IP detection.
  • Fix: Frontend Scanner. check__for_anything() method.
  • Fix: Firewall. Update. Showing real entries count in the base.
  • Fix: SpbctWp\HelperTest::http__request__rc_to_host(). Check response.
  • Fix: Variables\Server. Small fixes.
  • Fix: BFP and 2FA. Properly handles login URL.
  • Fix: New login URL. The cycle of redirects.
  • Fix: Rename login URL. Compatibility with Brute Force Protection Firewall module.
  • Fix: “Let them know about protection” feature.
  • Fix: Firewall. Modules SQL-requests.
  • Fix: DB error while updating signatures.
  • Fix: Web Application Firewall. Patterns recognition fix.
  • Fix: Frontend Scanner. Adding ‘’ to exceptions.
  • Fix: Signatures receiving.
  • Fix: Scanner. Increased timeout for counting files.
  • Fix: Logging admin actions. PHP Notice.
  • Fix: Variable’s name typo fixed.
  • Fix: 2FA. Code verification on 2fa enabling fixed.
  • Fix: Checking admin-side before deleting\quarantining fixed.
  • Fix: Banner for login page fixed.
  • Fix: Firewall. Getting FW stats for WPMU from the main blog options.

2.62 Feb 2 2021

  • New: Disable XMLRPC setting.
  • New: Retry API-request if fails. To the fastest API-server.
  • New: spbc_bfp_blocked table.
  • New: Helper::cidr__validate(). Validates CIDR.
  • New: Hidden settings type.
  • New: Index for spbc_traffic_control_logs table: log_type and interval start.
  • New: Cookie::get() by default urldecode all input.
  • Mod: Firewall Brute Force Protection module. Fixes and improvements.
  • Mod: Helper::ip__mask_match() check incoming parameters.
  • Mod: Cron. Do not runs when it already runs.
  • Mod: Cron::saveTasks() now is static.
  • Mod: Cron. Fixes.
  • Mod: BFP settings.
  • Mod: Firewall. All modules. Additional parameter to prevent caching queries.
  • Mod: Scanner. Heuristic analysis. Significantly improvements.
  • Mod: “Disable XMLRPC” setting description.
  • Fix: FW Class.
  • Fix: Common\Helper class.
  • Fix: Heuristic scanner false positives.
  • Fix: Heuristic scanner. PHP Errors.
  • Fix: Cron. Minor error.
  • Fix: Helper::ip__get().
  • Fix: Heuristic scanner. PHP Errors.
  • Fix: Additional check when quarantine and deleting files.
  • Fix: Helper::ip__get() improved performance.
  • Fix: check for result in api call.
  • Fix: Cron issue.
  • Fix: Issue with IP detection.
  • Fix: CleantalkSP\Common\API::send_request(). Warnings on PHP under 7.1.
  • Fix: Misspelling in description for “Disable XMLRPC” option.
  • Fix: Brute Force Protection. Unconditional clear of BFP data used for blocking, fires at login page.
  • Fix: Typo in code.
  • Fix: Errors in IP detection.
  • Fix: SQL-query for spbc_bfp_blocked table.
  • Fix: Complete deactivation queries.
  • Fix: Updater script to 2.62.
  • Fix: Activation SQL request.
  • Fix: Errors.
  • Fix: Signatures table name.
  • Fix: Notice in SpbcScannerH.php.

2.61 Jan 25 2021

  • Fix: Security Firewall. Blocking IPs from personal lists.
  • Fix: Scanner. Heuristic. False positives.
  • Fix: Scanner. Heuristic. PHP Errors.
  • Mod: Don’t run scheduled tasks when remote call is performing.
  • Mod: Mark as infected only critical files.
  • Mod: Bruteforce protection improvements.
  • Mod: Cron class. Minor improvements and fixes.
  • Mod: Improved IP detection.
  • Mod: Scanner. Quarantine file. Website check.
  • Mod: Scanner. Heuristic. Search malware in compressed and encoded data.
  • Minor fixes.

2.60 Dec 22 2020

  • New: Security Firewall update. Fully via remote calls.
  • Fix: Malware Scanner. Manual start time.
  • Fix: Scanner. Quarantine file. Fixed the website check.
  • Fix: Scanner. Rescan with heuristic analysis after the curing.
  • Fix: Scanner. Additional error handling while curing.
  • Fix: WPMS. Update firewall on WPMS for secondary blogs.
  • Fix: WPMS. Getting key on secondary blogs on WPMS.
  • Fix: WPMS. Protection status on daughter blogs with admin key.
  • Fix: Firewall. WAF. File check in upload interface.
  • Fix: Firewall update.
  • Fix: Firewall. Deleting data tables for secondary blogs on WPMS.
  • Fix: Updater script. From 2.57 and higher.
  • Fix: Plugin conflicts.
  • Minor fixes.

2.59.1 Dec 8 2020

  • Fix: Firewall.

2.59 Dec 7 2020

  • New: Security Firewall. Notification about the updating with percentages.
  • Mod: Security Firewall. No more delay before the Security Firewall update.
  • New: Security Firewall updating with temporary tables. No more passed bots while updating local base.
  • Mod: Scanner. Remove wp-config.php from exceptions.
  • Fix: Modal window with GDPR compliance text.
  • Fix: Automatic upgrader.
  • Fix: Spelling in settings.

2.58.1 Nov 26 2020

  • Fix: Synchronize button.
  • Fix: Using API key on WordPress Multisite.

2.58 Nov 25 2020

  • New: Synchronize via AJAX when saving settings.
  • New: Full text tooltips. For long data in tables.
  • New: Reload the accordion with the scan result after scan without reloading the whole page.
  • New: Security Firewall log additional parameters.
  • Mod: Malware Scanner. Logging actions with files. Adding date to the scanner log.
  • Fix: Synchronization on the daughter blogs.
  • Fix: Possible PHP Notice when settings saved.
  • Fix: Saving settings on WordPress Multisite (WPMS).
  • Fix: Curing the file. Leaving the comment in file after the cure.
  • Fix: ‘bad params’ error while sending scan results.
  • Minor fixes and improvements.

2.57.3 Nov 20 2020

  • Fix: Error on PHP lower 5.5.
  • Fix: Set warning status for report only if critical found.
  • Fix: Firewall update.

2.57.2 Nov 12 2020

  • Fix: FW table direct access fixed.
  • Fix: Personal and Countries tables creation fixed.
  • Fix: Error on PHP lower 5.5.
  • Fix: Security firewall query.

2.57.1 Nov 5 2020

  • Fix: Security firewall false positives.

2.57 Nov 2 2020

  • New: Log for malware scanner.
  • Mod: New structure for Firewall tables. Less space consumption on WPMS.
  • Fix: Security firewall. Operating with IPs on 32 bit systems.
  • Fix: Firewall updating. Error handling.
  • Fix: Prevent firewall from multiple update at a time.
  • Fix: Firewall update.

2.56 Oct 15 2020

  • New: Popup tips for actions with files.
  • Fix: FW update. Error output.
  • Fix: Antispam key usage.
  • Fix: “Deprecated” notice.

2.55 Oct 01 2020

  • Fix: spbc_scanner_get_remote_hashes__plug() spelling.
  • Fix: Handling errors in FW update.
  • Fix: Approved files do not depends from the path.
  • Fix: Community approved files marks as ‘OK’.
  • New: State::error_toggle method.
  • New: Cron flag.
  • Mod: Firewall update. Store errors even if in remote calls.
  • Fix: reset update sec fw last call on settings save.
  • Mod: spbc_log() writing all passed messages.
  • Fix: State::error_toggle().
  • New: Remote call “check_website”.
  • Mod: Firewall update system.
  • Mod: spbc_log() improved.
  • Mod: FireWall_database::query() returns original result.
  • Mod: RemoteCalls no exception for cooldown.
  • Mod: Firewall updating revised.
  • Fix: Error about wrong api key fixed.
  • Fix: FireWall updating error fixed.
  • Fix: Remote calls will be fixed while updating the plugin.
  • Fix: Undefined variable fixed.
  • Fix: BFP – unnecessary message removed.
  • Fix: WAF checking output fixed.
  • Upd: Error codes reverted into readable strings.
  • New: Remote calls. New test parameter.
  • Fix: Deleting cron error for firewall update when update is over.
  • Fix: Firewall local exclusions moved to separate function.
  • Fix: Moving to the quarantine fixed.
  • Fix: FW updating (exclusions) fixed.
  • Fix: WAF files checking for non-admin users fixed.

2.54 Sep 03 2020

  • Fix: Error output for the approve file action.
  • Fix: Separate update firewall in two calls to avoid duplicates.
  • Fix: Send PHP logs. Stop collecting logs if execution time more 25 seconds.
  • Fix: Approving files. SQL query.
  • Fix: CSV parsing. Trim data before parsing.
  • Fix: Heuristic. Converting chr(“NN”) to a character.
  • New: Helper::buffer__parse__nsv() – parse newline-separated values.
  • Fix: Scanner directories exceptions. Using \n instead \r\n to separate it.
  • Fix: Approved category SQL query.
  • Fix: FW update. The internal array pointer handling.
  • Fix: Using dns_get_record function with @.
  • Fix: Possible zero default time period value.
  • Fix: Error handling in SpbcScanner::get_hashes__plug().

2.53 Aug 13 2020

  • Fix: Condition for FireWall working changed.
  • Fix: 2fa option fixed.
  • Fix: Some cookies installation fixed.
  • New: Universal method to cookies setting up implemented.
  • Fix: WP 5.5 JS errors fixed.
  • Fix: Rebuild url for SecFW updating process.
  • Fix: Async request timeout increased.
  • Fix: TC block period fixed.
  • Fix: TC limit fixed.
  • Upd: Display plugin version on the statistics tab.
  • Fix: Display correct links count in table.
  • Fix: Scanner exceptions.
  • Readme: MU-plugin description added to FAQ.
  • New: Exception for directories in scanner.

2.52 Jul 23 2020

  • Upd: WP 5.5 compatibility updated.
  • Fix: BFP results uotput fixed.
  • Upd: Decoding paths updated.
  • Upd: passed_ip notice fixed.
  • Fix: Set previous status and severity when restoring file.
  • Fix: Sucury headers.

2.51 Jun 30 2020

  • New: New option to set autoscan manual time.
  • Fix: FirewallData and send logs updating mechanism.
  • Fix: PHP notices fixed.
  • Fix: Creating tables fixed.
  • Fix: Debug output fixed.

2.50 Jun 10 2020

  • Fix: PHP logs collect issues.
  • Fix: Frontend scanner display line.
  • Fix: Display error on disabled keys.

2.49.1 Jun 01 2020

  • Fix: Outbound links – detect regular expression fixed.
  • Fix: Outbound links – edit post action fixed.
  • Fix: Typo fixed.
  • Fix: Notice fixed.
  • Fix: Frontend scanner. Exceptions processing.

2.49 May 27 2020

  • Fix: Checking website availability before deleting any files.
  • New: Hints about scanner actions added.
  • Mod: FireWall structure modified.
  • Upd: BruteForce protection updated.
  • Mod: Reducing logs reading depth.
  • Fix: Bulk action ‘Send’ name fixed.
  • Mod: Signatures. Accept regular expressions with # delimiter.
  • Fix: The Firewall updating. Wrong mask calculating.
  • Fix: Frontend scanner. Do not track subdomains.

2.48 May 14 2020

  • Fix: Cure by regex fixed.
  • Fix: Check regex signatures by the frontend scanner.
  • Fix: Unslash signatures coming from API.
  • Fix: Signatures scanning fixed.
  • Fix: Detecting regular expression fixed.
  • Fix: Login notification form layout fixed.
  • Fix: Checking account status for all blogs when updates to 2.48.
  • Fix: Frontend scanner line detection fix for drive by download malware.
  • Fix: Exceptions for the frontend malware scanner.
  • Upd: SecFW query updated.
  • New: Frontend scanner capable to use regular expressions in malware signatures.
  • New: Possibility to use regular expressions in signatures cure.
  • New: Possibility to use regular expressions in signatures scan.
  • Fix: Trait usage fixed.
  • Fix: Frontend scanner view and view bad code actions.

2.47.1 April 30 2020

  • Fix: Notices fixed.
  • Fix: Cure fixed.
  • Fix: FrontEnd scanner fixed – checking DOMDocument class.
  • Revert: Partitioning for count files reverted.
  • New: Using regular expression signatures to search.
  • Fix: Firewall. Fatal error
  • Fix: ScannerFrontend_scanContent could work without URL exceptions.
  • Mod: AJAX requests. Sending random value to disable caching on backend.
  • Mod: Increase timeout for all API methods from 5 to 12 seconds.
  • Fix: Quarantine error text fixed.
  • Fix: PHP error checking fixed.

2.47 April 16 2020

  • Fix: FrontEnd scanner fixed.
  • Fix: Signature scanning.
  • Fix: API notices fixed.
  • Fix: Scanner sending results fixed.
  • Fix: Frontend scanner.
  • Fix: Scanner descriptors count fixed.
  • Fix: Scanner exclusion fixed.
  • Fix: API key notices fixed.
  • Mod: Adding database error handling on firewall updates.
  • New: Autoloader added.
  • Fix: Scanner several fixes.
  • New: Frontend scanner with signatures.
  • Fix: Showing edit post link after switching table.
  • Upd: Update lib classes.
  • New: Partitioning for the scanner implemented.
  • Fix: 2FA confirmation email fixed.
  • New: Add edit post link for outbound links.
  • Fix: Delete the signatures update error if action is succeed.
  • Fix: URL path for images under HTTPS protocol.
  • Code: Delete unused.
  • Fix: Variables class implemented.

2.46.2 April 09 2020

  • Fix: Sanitizing settings.

2.46.1 April 07 2020

  • Security: Possible XSS vulnerability.
  • New: Add edit post link for outbound links.

2.46 March 30 2020

  • New: Complex strings deobfuscating.
  • New: Setting “Additional headers on public pages” X-Content-Type-Options, X-XSS-Protection.
  • New: Scanner action. Comparing modified file with original.
  • Mod: Clear errors when renew banner is shown.
  • Mod: Search for “assert” function by heuristic scanner.
  • Mod: Exclude the require/include instructions file check for existence if code already check it via “file_exists” function.
  • Mod: Disable 2 factor authorization by default.
  • Security: Fix DDoS venerability.
  • Security: Prevent possible execution for backuped file.
  • Fix: View file action for quarantine category.
  • Fix: Spelling.
  • Fix: Possible error while signatures updating.
  • Fix: Exception for class members with functions similar to bad constructs.
  • Fix: Displaying path of the backuped file.
  • Fix: Backup files only with signatures with curing instructions.
  • Fix: Signature scan.
  • Fix: Search PHP errors on page.
  • Fix: Frontend scanner.

2.45 March 20 2020

  • Fix: Firewall priority.
  • Fix: Security Firewall update.
  • New: Synchronize button.
  • New: Cloud web application firewall signatures.

2.44 March 03 2020

  • Fix: Auto-update for some banner notifications.
  • Fix: SecurityFireWall issues with large data updating.
  • New: View code in Frontend Malware.
  • Fix: Update class namespaces.
  • Fix: Deleting posts meta when complete deactivation is enabled.

2.43 February 06 2020

  • Fix: PHP 7.4 issues.
  • Fix: Traffic control for WPMS.
  • New: Remote hashes for approved files.
  • Fix: Minor fixes.

2.42.1 January 21 2020

  • Fix: WAF for subsites fixed.

2.42 January 21 2020

  • Fix: WAF for subsites fixed.
  • Fix: Settings title fixed (Website mirrors -> Links Scanner Exclusions).
  • Fix: Backups tab fixed.
  • Upd: Lib class SpbcCure updated.
  • New: Checking email receiving possibility for activation 2FA.
  • Fix: Statistics tab updated.

2.41 December 25 2019

  • Fix: Settings layout.
  • Fix: Issue with Traffic Control.
  • New: Setting for Traffic Control “Block Time”.

2.40 December 5 2019

  • Fix: Cron issues with Security FireWall.
  • Fix: Cron issues with WP < 4.8.0.
  • Fix: Some server improvements.
  • Upd: Add info/help text to settings page.

2.39 November 06 2019

  • Upd: Auth log – secure cookies mechanism implemented instead of sessions.
  • Fix: Minor improvements and bug fixes.

2.38 October 24 2019

  • Mod: Security Firewall.
  • Mod: Renouncing http wrappers.
  • Fix: Multisite setting and options fixed.
  • Fix: PHP Sessions.
  • Fix: Typos and mistakes fixed.

2.37.2 October 7 2019

  • Fix: PHP Error.

2.37.1 October 4 2019

  • Fix: WRONG_MIME_FORMAT error.

2.37 October 4 2019

  • New: Stop using file_get_content for scanner.
  • Fix: Security malware scanner fix.
  • Require: PHP above 5.4.0.

2.36 September 5 2019

  • Security and logging improved.
  • Fix: Scheduled frontend scanner.
  • Fix: Do not send only modified files.
  • Mod: Row actions. New way of light up.
  • New: Adjustable block timer.

2.35.1 August 28 2019

  • Fix: JS String prototype modification.
  • Fix: Error using gzopen on some systems.
  • Fix: API key validation.

2.35 August 8 2019

  • Fix: Minor fixes.
  • Fix: PHP logs sending.
  • Fix: JS error while scanning.
  • Fix: Two-factor authorization.
  • Fix: Interface minor fixes.
  • Fix: Approved category is back.
  • New: Option allowing to use built in WordPress HTTP API.
  • New: Two-factor authorization when using new device.
  • New: Monitoring themes and plugins versions.
  • New: Warning about outdated plugins.
  • New: Do not scan outdated files.

2.34 July 25 2019

  • Fix: Two-factor authentication.
  • Fix: Settings JavaScript attachment.
  • Fix: PHP Notices.
  • Fix: API class.
  • Fix: Front-end scanner.
  • New: Set two-factor authentication for specific users groups.
  • New: Option to forbid show site in iframes.

2.33 July 4 2019

  • Mod: Security scanner improved.
  • Fix: DB error when scanning while deactivation.
  • New: Amount of sent PHP logs in statistics.
  • New: Frontend scanner.

2.32.2 June 11 2019

  • Fix: Spelling.
  • Fix: JavaScript error in plugin settings.
  • Fix: Two-factor authentication for names with spaces.
  • New: CSS and JS minified.

2.32.1 May 27 2019

  • New: Start scan link in plugin list.
  • Fix: Quarantine category output database error.
  • Fix: spbc_scanner_count_files__by_status(). Bad query.
  • New: Possibility to check server connection, if any CONNECTION_ERROR exists.
  • Mod: User-agent standartized.

2.32 May 22 2019

  • Mod: Use extended way to determ website IP. Put it in whitelist.
  • Fix: IP detection.
  • Fix: Scanner library initialization.
  • Fix: Amount of scanned files after scan.
  • Fix: Displaying “unknown” category.
  • Fix: “View bad code” action.
  • Fix: Cron scanning.

2.31.2 May 1 2019

  • Fix: Heuristic. Maximum file size to check 512 KB.
  • Fix: Fatal error during links scanning.
  • Mod: Updating signatures when saving settings.
  • Add: New SQL-injection.

2.31.1 April 29 2019

  • Fix: Traffic Control.
  • Fix: IP detection.
  • Fix: Sanitizing key.
  • Fix: Error handling.

2.31 April 24 2019

  • New: Web Application Firewall. Exploit check.
  • Mod: Don’t stop scan if a lot of file are found.
  • Mod: Error handilng rewised. Storing in new spbc_errors option.
  • Mod: Error output rewised.
  • Mod: New way of recieving signatures.
  • Fix: Heuristic scanning nonexistent files.
  • Fix: Settings decription.
  • Fix: Heuristic and signature scan.
  • Fix: Scanner scheduled scanning.
  • Fix: Limit of log amonunt set to 3500 entries.

2.30.1 March 20 2019

  • Fix: Error when scanning.
  • Mod: Translations.

2.30 March 14 2019

  • New: Backups.
  • New: Long description for settings.
  • New: Sending data about missed plugins\themes versions.
  • Mod: PHP logs. Reducing amount of reading data.
  • Mod: Personal firewall lists is prioritized before regular.
  • Fix: 2fa. Using user login instead urlencoded display_name.
  • Fix: FW blocking remote_calls for SPBCT or APBCT plugins.
  • Fix: IP detection.
  • Fix: Autocuring.
  • Fix: Link to dashboard.
  • Fix: Firewall errors.

2.29 February 14 2019

  • Fix: PHP logs. Collecting “parse” errors now.
  • Fix: Do not scan forbidden files. Fixing ‘unknown files array values bad’ error.
  • Fix: Show file only once in scan result.
  • Fix: Sending role when 2fa_authentificate event.
  • Adjustment: 2fa key lifetime increased to 10 minutes.
  • New: IP detection improved.
  • New: PHP logs collecting revised.

2.28 January 28 2019

  • Fix: WPMS deactivation. Error when deactivating plugin.
  • Fix: PHP logs sending: EMPTY_LOGS errors.
  • Fix: Admin block on public pages by Traffic Control.
  • New: Two factor athorization function.
  • Fix: Spelling.
  • Add: Web Application Firewall file check now supports multiple file uploading.

2.27 January 11 2019

  • Fix: Correct IP mask detection.
  • Fix: Website’s address added to exclusion.
  • Fix: Settings page. Unworking JS.
  • Fix: PHP notice for backend logs function.
  • Fix: MU-plugin fix.
  • Add: New error type “PHP logs”.

2.26 December 21 2018

  • Fix: Malware scanner error while scanning incorrect symbols.
  • Fix: Exclusion for SERVER_ADDR IP to protect from DDoS.
  • Fix: WPMS: Disabling complete deactivation and send php logs for secondary blogs.
  • New: WPMS: Enabling security scanner on WPMS for main blog.
  • Fix: WPMS: Setting page on secondary blogs.
  • Fix: Empty JS error in plugin settings.
  • Fix: MU-Plugin installation.
  • New: Plugin activation and deactivation hooks rebuilt.

2.25.1 December 14 2018

  • Fix: Collecting PHP logs.

2.25 December 13 2018

  • New: Collecting PHP logs.
  • Fix: Fatal error for PHP 5.3 or lower.
  • Fix: Security scanner categories.

2.24 December 3 2018

  • New: Security scanner action “Replace with original” now works for plguin’s files.
  • New: Auto curing for known malware option.
  • Layout: View related email with account on settings page.

2.23 November 15 2018

  • Fix: Blocking uploading archives.
  • Fix: Traffic Control ignores logged in users.
  • Mod: Settings page rebuilt.
  • Few minor improvements for security and malware scanner.
  • Few minor fixes.

2.22 October 25 2018

  • Fix: Large cron fix.
  • Add: Signature Analysis.
  • Layout: Scanner tab: Added next scan time. Less categories.
  • Plenty of minor improvements.
  • Security functions improved.
  • Spelling.

2.21 October 11 2018

  • Add: Firewall: Title and Test Title on the security firewall die page.
  • Layout: Minor fixes.
  • Fix: Web Application FireWall: Check uploaded files.
  • Fix: Firewall: False positives alarms of DDoS preventions system.
  • Fix: Firewall: Call of missing mime_content_type() function.

2.20 September 28 2018

  • Mod: Malware Scanner: Scan file before send it for analysis.
  • Mod: Malware Scanner: Check if the scanner’s table exists before scan.
  • Mod: Malware Scanner: Detect “.name”-like folders and files.
  • Mod: Settings: Showing triggered pattern for WAF. (Only for the file upload check)
  • Mod: Notification about blocked file added to upload.php page.
  • Security functions improved.
  • Minor fixes.

2.19 September 13 2018

  • Fix: Security FireWall update Improved.
  • Mod: Auto update function improved.
  • Minor fixes.

2.18.1 August 31 2018

  • Fix: Closing auto-update banner.
  • Fix: Vaultpress bad code detection.

2.18 August 30 2018

  • Fix: Infinite scanner work on PHP 7.
  • Fix: Link to auto-update function description.
  • Fix: Blocking the error message on Authorization page.
  • Fix: Security FireWall update.
  • Fix: Default setting “XSS check” in Web Application FireWall.
  • Fix: Malware Scanner: reduced false positives.
  • Fix: Complete deactivation option.
  • Mod: Detection of FireWall false positives connected with CDN cache.

2.17 August 22 2018

  • Fix: “Replace with original file” now deletes entry in log.
  • Mod: Added hints to some table columns.
  • Mod: New Outbound links scanner.
  • Mod: More efficient notification at login page.
  • Mod: More detailed log in Security Firewall.
  • Minor error fixes.

2.16 August 8 2018

  • Fix: Blocking images from loading.
  • Fix: Modal window for “View bad code” action.
  • Fix: PHP warning on login page.
  • Mod: Disabling Traffic Control for logged in users.
  • Mod: Remove ‘Send for analysis’ action from Approved category.
  • Mod: Execution order raised.

2.15.1 July 27 2018

  • Fix: Web Application Firewall: False positives.

2.15 July 26 2018

  • Add: Must-Use plugin. Installation. Deinstallation.
  • Add: Web Application Firewall.
  • Add: XSS-atack detection module for WAF.
  • Add: SQL-injections detection module for WAF.
  • Add: Uploaded file checker module for WAF.
  • Add: Reason of blocking on the block page.
  • Improvement: Heuristic analysis + errors fix.
  • Improvement: Firewall immediate update for remote calls.
  • Fix: Issue with short php tags “<?”.
  • Fix: Security issues.
  • Fix: Firewall update log functions.

2.14.1 July 17 2018

  • IP detection fixed and improved.

2.14 July 9 2018

  • Mod: Using plugins and themes hashes (better detection).
  • Mod: “Compromised” category is renamed to “Modified”.
  • Mod: Heuristic is switched on by default.
  • Fix: Spelling.
  • Fix: Cloud Flare IP detection.

2.13 June 28 2018

  • Added: Approved category.
  • Added: Async Security Firewall update.
  • Fix: WPMS: Empty Traffic Control log.
  • Fix: IPv6 normalization in x-forwarded-for and x-real-ip headers.
  • Plenty of minor fixes.

2.12 June 4 2018

  • Add: Malware Scanner: Quarantine function.
  • Add: Malware Scanner: Action’s warnings.
  • Add: Links Scanner: Cloud integration.
  • Minor bug fixes.

2.11 May 28 2018

  • Fix: Scanner: Dir exceptions.
  • Fix: Scanner: File actions.
  • Fix: Scanner: Layout.
  • Mod: Scanner: Mandatory check for files.
  • Add: GDPR compliance.

2.10.1 May 17 2018

  • Fix: Error for old PHP versions.

2.10 May 16 2018

  • New: Links scanner checks links for spam activity.
  • New: Resigned settings tabs.
  • Fix: Scanner memory usage significantly decreased.
  • Fix: Update system.
  • Minor fixes.

2.9 April 24 2018

  • Mod: SQL-injection search.
  • Fix: IP detection. PHP Warning.
  • Fix: Empty username in security log.
  • Fix: Possible SSL error.

2.8.3 April 6 2018

  • Fix: IP detection and PHP Warnings.

2.8.2 April 6 2018

  • Fix: Bad IP addresses in security log.

2.8.1 April 5 2018

  • Fix: For servers without Apache.
  • Fix: Links scanner. Scanning always will be performed completely.

2.8 April 4 2018

  • Fix: Spelling and layout.
  • Fix: False allow_url_fopen error.
  • Modification: IPv6 Support.
  • Modification: Trusted networks support.
  • Modification: Links scanner accelerated.
  • Minor error fixes.

2.7 March 22 2018

  • Fix: Few PHP Notices.
  • Fix: Spelling and layout.
  • Fix: Decreased amount of false positives in Malware Scanner. Security scanner improved.
  • Fix: WPMS – errors messages in settings on secondary website.
  • Minor error fixes.

2.6.2 March 12 2018

  • Fix: Cron loop.

2.6.1 March 8 2018

  • Fix: PHP Notices.

2.6 March 7 2018

  • New: Autoupdate functionality.
  • New: Advanced error reporting system.
  • Scanner: Scanning with allow_url_fopen disabled.
  • Scanner: Precision improved.
  • Scanner: Complete scanning in background mode.
  • FireWall: Improved IP detection.
  • Improvings: Security and reliability.
  • Minor fixes.

2.5 February 19 2018

  • New: Heuristic scan.
  • New: Plugins and themes scan.
  • Scanning quality improved.
  • Layout fixes and improvements.
  • Minor fixes.

2.4 February 6 2018

  • Minor fixes.
  • Outbound links scanner.
  • Security scanner improvements.

2.3 January 16 2018

  • Fix: Spelling.
  • Fix: Decreased CPU load for some cases.
  • Fix: Security scanner status.
  • Interface: Showing more info on Traffic Control tab, added links to control IP-addresses.

2.2.1 December 26 2017

  • Fix: Security FireWall IP detection improved.

2.2 December 20 2017

  • Improvements: Security scanner.
  • Fix: Issue with periodically scan.
  • Minor error fixes.

2.1 December 13 2017

  • Errors detection improved.
  • Security functions improved.
  • Cron updated.
  • Minor error fixes.

2.0.1 December 5 2017

  • Minor error fixes.
  • Layout fixes.
  • Improved security scanner logic.

2.0 December 4 2017

  • Added Malware Scanner.
  • Error fixes.
  • Improved update logic.

1.29.1 November 27 2017

  • Error fix.

1.29 November 23 2017

  • Security improvements.
  • Error fixes.

1.28 November 8 2017

  • Security firewall fixes.

1.27 November 3 2017

  • Improved security logs displaying.
  • Fixed issue with DB errors.
  • Many other small fixes and improvements.

1.26 October 16 2017

  • Fixed issue with high CPU load.
  • Some small fixes for WPMS.
  • Security functionality improved.

1.25 October 2 2017

  • Recognizing real IP when using Cloudflare CDN.
  • Admin notices and displaying fixes for WPMS.
  • Minor fixes.

1.24 September 20 2017

  • Fix for Security Firewall under Worpdress Multisite with inherited access key.
  • Traffic Control log is now been updated automatically.
  • Minor fixes.

1.23 September 15 2017

  • Security Firewall updated.
  • Fixed an issue with FireWall whitelist.
  • Fixes for WPMS.

1.22 August 31 2017

  • Major fix for WordPress Miltisite functionality.
  • Improved security functionality.
  • Minor fixes.

1.21.1 August 24 2017

  • Last actions to view 20.

1.21 August 24 2017

  • Added “Set cookies” setting.
  • Added Traffic Control feature.
  • Optimization.
  • Fixes for the cron jobs.

1.20.2 July 7 2017

  • Fix the daily report sending function.

1.20.1 July 5 2017

  • Minor fixes.

1.20 July 3 2017

  • Fixes for cron system.
  • Some small fixes.
  • Stability and security were improved.

1.19 June 15 2017

  • Added the secured tasks running system (cron) instead of using wp_cron.

1.18 June 7 2017

  • Security settings have been redesigned.

1.17 May 24 2017

  • Improved security functions.
  • Sending protected URL and other info to the cloud.

1.16 May 16 2017

  • Small security fixes.
  • Blocking page cache issues fix.

1.15 April 24 2017

  • Small security fixes.
  • Translation fix.

1.14 April 13 2017

  • Major fix for Security FireWall.
  • Translation fix.
  • Changes for settings screen (Support button added).
  • Improved performance.

1.13 April 5 2017

  • Fix for ‘Let them know about security protection’ option.
  • Minor fixes to improve security logic.
  • Added ‘Complete deactivation’ option.

1.12 March 30 2017

  • Major fix for security firewall.
  • Small fixes for settings page.
  • Fixed WPDB Warnings for new users.
  • ‘Complete deactivation’ option was added.

1.11.1 March 24 2017

  • Fixed issue with database prefix.
  • Small fixes to improve security logic.

1.11 March 23 2017

  • Security has been improved. Added email notifications to account owner about superuser login to WordPress backend.
  • Brute force protection logic has been updated.

1.10.1 March 17 2017

  • Fixed issue with exit() statement.

1.10 March 17 2017

  • Improved anti brute force protection. An anti brute force notice has been added on sign in form.
  • Fixed logic to process remote calls.
  • Small fixes to improve security logic.

1.9.6 March 14 2017

  • Fixed anti brute force logic to avoid issue with emails scanning.
  • Small fixes to improve security logic.

1.9.5 March 7 2017

  • Database fix (support DB prefix with digits).
  • Fix for admin notices.
  • Small fixes to improve security logic.

1.9.4 March 2 2017

  • Small fixes (WPMS settings logic, FireWall).
  • Added option for notification on login page.
  • Small fixes to improve security logic.

1.9.3 February 28 2017

  • Packets SQL requests for FireWall updates.
  • Small fixes (User token gaining)
  • Notification changes

1.9.2 February 16 2017

  • Bug fixes.
  • Automatic FireWall update time increased to 1 day.

1.9.1 February 8 2017

  • Minor bug fixes.

1.9 January 26 2017

  • Added new feature Security FireWall.
  • Common optimization.
  • Minor bug fixes.

1.8.2 January 16 2017

  • Cron hooks fix

1.8.1 December 29 2016

  • Translation fix

1.8 December 23 2016

  • Fixes for settings page.
  • Showing last logs sending time in settings.

1.7.2 December 19 2016

  • Fixed issue with logging for brute-force attacks.

1.7.1 December 13 2016

  • Fix for translation system.
  • Added Russian language support.
  • Minor fixes.

1.7 December 12 2016

  • Added support for WPMS.
  • Personal log possibility for each website.
  • Translation system attached.
  • Varnish extension compatibility.

1.6.1 November 29 2016

  • Fixed error for some PHP versions.

1.6 November 29 2016

  • Cloud service API key.
  • Cloud service dashboard.
  • Logs are stored in Cloud.
  • Protection status.
  • Code optimization.

1.5.2 November 16 2016

  • Fixed conflict with CleanTalk Anti-spam plugin.

1.5.1 November 14 2016

  • Fixed and improve log.
  • Fixed database error.
  • Changed update logic.

1.5 November 13 2016

  • Logging viewed admin’s page.
  • Counting viewed time.

1.4.3 November 2 2016

  • Fixed issue with Security report. On some hostings the report couldn’t be send by WP Cron because of PHP Fatal error with spbc_report_country_part().

1.4.2 October 20 2016

  • Improved the Security log. The new version includes brute force attacks to find WordPress accounts.
  • Applied changes to localize the plugin via Translating
  • Minor backend fixes.

1.3.1 September 29 2016

  • Fixed issue with PHP 5.2 and Security reports.
  • Fixed issue with WordPress notice after plugin activation.

1.3 September 20 2016

  • Added a log of last 20 events (login, logout, auth failed and etc.) in WordPress backend to the plugin settings.
  • Added WP cron call for every auth_failed event. This fix has been made to avoid issue with missed Daily security reports on low visited web sites.

1.2.3 September 14 2016

  • Added a country name in the Daily report for each IP address in the list of Brute-Force attacks.
  • Minor changes with WP Cron integration.

1.2.1 September 5 2016

  • Fixed issue with Daily security report. Previous version (1.2) didn’t send the report.

1.2 September 2 2016

  • Added Daily security report. The report includes list of Brute-force attacks or failed logins and list of successful logins.

1.1.1 August 29 2016

  • Removed some statement to debug the plugin.

1.1 August 29 2016

  • Added 10 seconds delay for a failed attempt if more then 5 failed attempts have been made for past 1 hour.

1.0.1 August 24 2016

  • Minor fix.

1.0 August 19 2016

  • First release with anti brute force hacks protection.