May 18th 2021
Added: Ability to remotely force an upload of all firewall and activity logs.
Added: Ability to create firewall rules which can ignore the whitelist.
Changed: Some references from WebARX to Patchstack.
Changed: Removed unused logged data from blocked requests. This means less data will be logged in the WordPress database and that uploads to our API will be faster.
March 16th 2021
Fixed: A bug in regards to the login page rename feature.
March 12th 2021
Fixed: Fatal error on PHP 8 installations.
Updated: The WordPress "tested up to" value to 5.7.
March 10th 2021
Fixed: User role whitelist issue on multisite environments.
Fixed: Remote setting saving issue.
Changed: Interface has been changed to match the new Patchstack colors.
August 7th 2020
Fixed: Undefined variable error that might show up in certain scenarios.
July 6th 2020
Changed: Made a small performance improvement to code that runs on all requests.
Fixed: Issue related to custom LOG and REDIRECT firewall rules.
Fixed: Issue where IP whitelisting/unblocking did not work on the login settings page.
Removed: Backup feature.
The GeoIP database has also been updated.
May 1st 2020
Added: Ping that will send a ping to our API every so often to determine the state of the plugin and firewall.
Added: Message indicating that the backup feature will be remove on June 1st, 2020.
Fixed: Some errors that would occur on older PHP versions.
Fixed: The cache-control header has been added to the firewall error page to make sure that caching plugins and servers do not cache the error page. (Cache-Control: no-store)
Fixed: Issue where disabling the firewall would not actually turn off the firewall.
The GeoIP database has also been updated.
March 11th 2020
Added: Auto-update feature to automatically update WordPress core, plugins, themes or vulnerable software. The auto-update is executed next time WordPress searches for updates behind the scenes.
Fixed: Error in PHP 7.4
Fixed: Software data is synchronized more often with our API.
Fixed: 1 year cookie expiration was actually only a 1 month expiration.
Fixed: Many improvements to the upgrade handlers.
January 8th 2020
Fixed: Prioritize the Cloudflare IP header and use it when it's available.
Fixed: Software information will be synchronized more often.
Fixed: The IP addresses on the custom IP block list will now be trimmed to get rid of any unexpected charaters.
Changed: Slightly optimized the performance of the firewall.
December 2nd 2019
Fixed: The option to disable plugin/theme edit will no longer write to (or create) the wp-config.php file which could potentially cause fatal errors.
Fixed: Country blocking feature will no longer block Patchstack if USA is blocked as country.
November 19th 2019
Fixed: Fatal error in plugin update checker library.
Added: Country blocking functionality. You can find this on the firewall settings page. It also has an option to inverse block, which means the selected countries will only be able to visit your site.
Fixed: Minor optimization to the firewall engine.
Fixed: Rare condition in whitelist rules handling that would throw an error.
Fixed: Error with PHP 7.3 in the plugin update checker library.
Fixed: Changed the update checker library to run on any type of admin page so it will more often look for updates.
Fixed: Issue where turning "Disallow Theme Edit" off would not properly turn it off in the wp-config.php file.
October 17th 2019
Fixed: Improved performance and reduced memory usage of the firewall.
Fixed: Added more exception handling to the backup code to prevent fatal errors from happening.
October 10th 2019
Fixed: SQL error under a specific condition in the function that uploads activity logs.
October 8th 2019
Fixed: Fatal error in backup function that (attempts to) delete old backup files.
October 7th 2019
Fixed: Fatal SQL error in the activity logs synchronization function to the portal.
October 3rd 2019
Fixed: Fatal error when you have custom firewall rules configured.
Fixed: Fatal error when reCAPTCHA or 2FA is enabled.
Added: Ability to turn off the readme.html deletion feature.
Added: Opt-in to log failed logins. The default will be turned off because usually it's of no value to you and us and it consumes 80-90% of the logs.
Added: Ability to view a list of banned IP addresses by the firewall and unban them remotely. (this feature will be added to the portal)
Added: Hardening feature to turn off the WP REST API (wp-json). This is disabled by default due to some people making use of it.
Added: The ability to specify patterns that will be checked against registration email addresses. If a match is found, the registration will be declined.
Added: Option to hide the Patchstack widget on the dashboard.
Fixed: Firewall block reason not showing properly in the firewall logs table.
Fixed: Issue where the login page rename feature didn't work in certain scenarios.
Fixed: Reduced the number of SQL queries executed when certain actions are executed in the plugin.
Fixed: Clicking the logon hours checkbox would check/uncheck a different checkbox.
Fixed: When you deactivate the plugin, it will no longer remove any settings or data. It will now only remove all settings and data when you uninstall the plugin.
Fixed: Fatal PHP error in software synchronization function when a theme is reporting invalid data.
Fixed: Several issues related to the .htaccess file writing: removed RewriteBase from our rules and added support for multisite.
Changed: Removed the need for writing to certain files in the data folder which also reduces the number of IO operations.
Changed: Refactored the entire plugin to better support multisite environments, optimize performance, fix several bugs and remove/fix redundant code.
Changed: Links to third-party sites in paragraphs of the Patchstack plugin will now open in a new tab.
Changed: Slightly optimized certain aspects of the backup functionality.
Removed: Several useless options that did not make a significant security impact on the site.
Removed: .htaccess backup/restore functionality.
August 28th 2019 & August 29th 2019
Fixed: Issue on lower PHP versions where the firewall script would cause a memory exhaustion error.
Version 1.4.5 & 1.4.6
Added: Option on firewall page to override which IP header to use from the $_SERVER array when we grab the IP address of the visitor.
Fixed: Firewall authentication check has been improved to reduce the number of false positives of when you are logged in but still blocked by the firewall.
Fixed: Text for 2FA not displaying on the user profile page.
Fixed: PHP error "Can't use function return value in write context" on lower PHP versions that we officially don't support.
Fixed: .htaccess file handler will no longer mess up any comments made by yourself or other plugins. Additionally it will now only alter the file if there's actually a change.
Fixed: Multisite sites overview table header being displayed under the table.
Fixed: The whitelist textarea option will no longer be deleted if you deactivate the plugin.
Fixed: Issue when activating sites on multisite environment.
Changed: Backup feature is now available on multisite. We still recommend to use a dedicated backup service by your host since they do not impact your sites performance and are much faster.
Changed: The scheduled task function to assign a unique time of the day to your site of when to run the Patchstack scheduled tasks. This will reduce load on both your site and our servers.
Changed: Blocked comment spam attempts are no longer stored on the portal, but will still show on the logs page of your site.
Removed: The need of mu-plugins folder and the firewall.php file inside this folder.
August 8th 2019
Fixed: IP proxy issue on certain hosts.
August 5th 2019
Added: Multisite network functionality.
Added: Strict-Transport-Security security security header.
Fixed: Issue related to the hardening tab on the portal.
Fixed: Several issues related to backups.
Fixed: Several PHP errors.
Removed: License expiring message.
May 27th 2019
Added: Button to disable the backup feature.
Added: Textbox to specify maximum number of backup copies to keep in Google Drive.
Added: Better errors when a file cannot be written to.
Fixed: reCAPTCHA undefined variable error under certain conditions.
Fixed: Several backup related issues.
Fixed: Software synchronization between the WordPress site and our API has been optimized.
Fixed: The way the security headers are set in order to avoid certain PHP header errors.
April 29th 2019
Added: Backup feature to backup your files and database to Google Drive. You can find this feature under the "Backup" tab on the Patchstack plugin settings on your site.
April 10th 2019
Added: XML-RPC block option has been added and is enabled by default. If you would like to turn it back on, you can find the option on the "Hardening" tab.
Fixed: Bluehost IP address issue where the proxy IP address would get logged instead of the actual visitors IP address. This caused conflicts with the firewall banning feature.
April 5th 2019
Fixed: Several PHP errors that would show up under certain conditions.
March 12th 2019
Added: Functionality for old whitelisting structure has been re-added.
Fixed: Invisible reCAPTCHA error on login.
Fixed: Several errors related to the firewall regarding parsing the firewall rules.
Fixed: Issue where the session would be killed if you moderated or posted comments.
Removed: Referral input fields since it's no longer used.
February 19th 2019
Added: Ability to match firewall rules against IP addresses.
Added: Implementation of new enhanced firewall logic (which can be managed in the portal)
Changed: Patchstack is no longer shown as a menu option but now shown under the "Settings" menu as "Security".
Fixed: Bug that killed your session if you managed comments through wp-admin.
Fixed: Cookie notice would show briefly on the site with certain caching plugins.
Fixed: build_log_db PHP error.
Fixed: Undefined variable error.
Fixed: Security headers issue with the X-XSS-Protection header.
January 16th 2019
Added: Functionality so the plugin settings can be remotely adjusted through the portal.
Fixed: Version 1.3.3 skipped due to minor bug that had to be fixed.
October 18th 2018
Changed: Frequency of some scheduled tasks to reduce server load on both your site and our API.
Changed: Refactoring of some code.
Fixed: Force synchronization with the portal when the plugin is activated under certain conditions.
September 26th 2018
Fixed: DISALLOW_FILE_EDIT PHP notice error.
Fixed: Blocked requests will now properly return a 403 forbidden error.
Fixed: Unauthenticated users doing actions on posts will not be logged.
Fixed: Cookie notice will no longer be affected by caching plugins.
Fixed: Show error on wp-login.php if login rename feature is enabled.
Fixed: If IP address header contains multiple IP addresses, use the first IP in the list.
Fixed: Fatal PHP error: nesting level too deep.
Fixed: Removed policy word from the cookie notice.
Fixed: Load reCAPTCHA script only if it is actually enabled.
Fixed: Fatal error when the plugin is activated on the multisite environment.
August 29th 2018
Added: Activity logs.
Added: Ability to specify logon hours. For example 09:00-19:00 or 18:00-06:00 (uses server time).
Added: User-based 2FA (works with Authy and Google Authenticator)
Added: Option to make use of invisible reCAPTCHA.
Added: Ability to see which IP addresses are currently blocked from logging in.
Added: Ability to unblock blocked IP addresses from logging in and whitelist ability.
Added: Finetune when to block an IP addresses when firewall blocks a request.
Added: Finetune when to block an IP address when a login request failed.
Added: Comment form reCAPTCHA option.
Added: Ability to select which user roles are excluded from the firewall.
Changed: Re-designed the plugin to match the portal design
Changed: Ability to block IP addresses by range, CIDR notation, wildcard and single IP.
Changed: Refactored a bunch of code.
Removed: Old user login logs.
Removed: Old code that was no longer used.
Fixed: Several issues regarding plugin/license activation.
Fixed: Login brute force blocking not working properly.
Fixed: Permission error message.
Fixed: Patchstack styling overrides styling of other plugins.
Fixed: When you request a rescan of the site, it will block Patchstack and log it.
August 3rd 2018
Added: The ability to control when to block an IP address depending on the number of failed login attempts and time span.
Fixed: Security headers checkbox not working properly.
Fixed: Prefixed cookie notice CSS class/id attributes so it doesn't collide with the theme or other plugins.
August 2nd 2018
Added: Added section separators to the settings page.
Added: Ability to tell Patchstack where to inject custom .htaccess code.
Added: Ability to tell Patchstack to never modify the .htaccess file again.
Fixed: Rewrote .htaccess related code to fix issues in certain environments.
Fixed: Removed and adjusted some CSS so it doesn't override CSS of other plugins.
Fixed: WP_Error on some environments when trying to login.
Fixed: Small adjustment made to reCAPTCHA processor to fix the issue on some environments.
Fixed: Patchstack icon on vertical menu's.
Fixed: Rename login page not working on certain environments.
July 28th 2018
Added: The Patchstack logo and text in the cookie notice can now contain your referral link.
Fixed: The firewall/user logs pagination styling has been improved.
Fixed: Firewall will not execute if the whitelist is non-existent to prevent false positives.
Fixed: In rare scenarios the plugin activation process would cause an infinite redirect loop, this has been fixed.