v.0.18.0

PHP 8.0 is now officially supported [#104].

Other changes:

• "No removed plugins installed" alert has more info [#107]
• Improve detection of plugins installed from WordPress Directory [#112]
• On WordPress 5.8 and newer the plugin cannot be accidentally overriden from WordPress.org Plugins Directory [#111]

v.0.17.1

• Fix an issue in PHP version check
• Fix minor issues related to formatting and grammar

v.0.17.0

• Require PHP 7.3 [#106]
• Add an option to disable application passwords introduced in WordPress 5.6 [#108]
• Add an option to run single check or particular checks only [#109]
• Test with WordPress 5.7 [#110]

v.0.16.0

WordPress 5.5 or newer is now required!

• Log failed login reason [#95].
• Use the new wp_get_environment_type() function to get environment instead of WP_ENV [#102] - this is a breaking change for anyone who did not migrate from WP_ENV to WP_ENVIRONMENT_TYPE.

v.0.15.2

Run "Site is not blacklisted by Google" check only in live environments [#101].

v.0.15.1

Prevent issues with 3-rd party integrations by making admin page slug constants public again [#99].

v.0.15.0

WordPress 5.3 or newer is now required!

• include installation instructions [#93]
• fix/improve internal handling of timestamps [#83]
• add (optional) Safe Browsing check [#68]

v.0.14.0

Require PHP 7.2 and WordPress 5.1 at least!

Also:

• Account for PHP 7.4 in PHP version check [#88]
• Make "production environment" test filterable [#87]
• Add $user as second argument to bc-security/filter:is-admin filter [#84]
• Micro-optimize plugin performance
• Plugin has been tested with WordPress 5.3

v.0.13.1

Make sure blog name is not HTML-encoded in notification email subject and body [#86].

v.0.13.0

New features and tweaks:

• New registrations with username on blacklist are no longer possible [#81]
• "Error log not publicly accessible" check automatically passes if error log is stored in custom location [#78]
• All external links now have rel="noreferrer" attribute [#77]
• New hardening option "Prevent usernames discovery via REST API and username enumeration" have been added [#74]

Removed features:

• Hardening option "Disable access to REST API to anonymous users" has been removed [#74]

Breaking changes:

• bc-security/filter:login-username-blacklist filter has been renamed to bc-security/filter:username-blacklist

Other:

• Fix issues detected by PHPStan [#73] - thanks @szepeviktor!
• Tested with WordPress 5.2