Sensitive-data scanner now reports exposed archives and backups only in the site root and wp-content, not inside uploads/plugins/themes.
Exposed-file findings are scored by severity and confirmed more accurately to reduce false positives.
Strong-password enforcement can now target specific user roles (defaults to Administrators); removed the rarely-used password-reuse and role-promotion options.
Two-factor enforcement now defaults to Administrators, and the role pickers list the site’s actual roles, including custom ones.
REST API restriction now allows anonymous reads of public content for better theme and headless compatibility, while still blocking user enumeration.
Bundled PHP libraries are now namespace-isolated to avoid conflicts with other plugins that ship the same dependencies.
1.5.3
Fixed a fatal error when the hidden login 404 block rendered themes like Avada/WooCommerce.
1.5.2
Improved scanner compatibility with refreshed WordPress.org file baselines.
Improved activation validation for invalid email addresses and license keys.
1.5.1
Added an admin compatibility notice for security plugins that may overlap with SiteFort server hardening.
1.5.0
Improved scanner worker wakeup reliability on hosts that interrupt one-second loopback requests.
Improved scanner cloud queue utilization and final scan log hydration on managed hosting.
Added a secure tool to rename the default admin username with locking, transactions, multisite handling, and audit logging.
1.4.0
Improved scanner cloud upload reliability with streamed S3 batch uploads and safer fallback handling.
Prevented SiteFort runtime data files from delaying scan completion while preserving malicious hash detections.
1.3.0
Improved cloud wakeup handling so completed cloud scan jobs can securely resume site polling without requiring the admin console.
1.2.0
Fixed scan finding notification actions to open the scanner page instead of the dashboard.
Added concise contextual copy to SiteFort notification emails before scan, firewall, vulnerability, digest, and fallback event details.
Improved scanner findings empty states and vulnerability remediation card updates during active scans.
1.1.0
Improved scanner worker recovery and server-load interruption messaging.
Optimized setup wizard two-factor loading with a consolidated overview request.
Hardened command queue and login lockout cleanup to prevent stale database growth.
1.0.2
Bundled shared timestamp parsing into the admin shared asset to avoid a separate time chunk.
1.0.1
Hardened automated scan scheduling with scanner-owned cron intervals, boot-time reconciliation, site-time run alignment, and stale schedule cleanup.
Fixed audit log, dashboard, and firewall timestamps to use UTC event time consistently.
Fixed dashboard and report daily totals to respect the WordPress site timezone instead of the server or database timezone.
Added site-time display and CSV export fields for audit events while keeping UTC as the canonical timestamp.
Updated file logs to write ISO-8601 UTC timestamps and retain legacy UTC log parsing.
