Download Security Ninja Premium v5.287

List of improvements in Security Ninja Premium version 5.287

• = 5.287 =
• 2026-06-02
• FIX: Change Login URL (Pro) — Works when Cloud Firewall is disabled; only “Change login URL” and the slug need to be enabled under Login Protection.
• FIX: Change Login URL (Pro) — `/your-slug/` login URLs work even when permalinks are Plain (fixes 404 when the Preview link used a path-style URL).
• FIX: Change Login URL (Pro) — Reliable path matching for subdirectory installs; fallback serves login if WordPress resolved the request as a 404.
• FIX: Change Login URL (Pro) — wp-admin blocking applies to `/wp-admin` with or without a trailing slash.
• IMPROVED: Change Login URL (Pro) — Admin Preview shows the same URL the plugin uses (`?slug` on Plain permalinks, `/slug/` otherwise).
• = 5.286 =
• 2026-06-01
• NEW: MainWP integration — child sites accept allowlisted Security Ninja settings updates from the Security Ninja for MainWP extension (`update_settings` remote action; changed keys only).
• IMPROVED: MainWP settings updates are logged in Events with a list of changed setting keys (no values stored), so you can see what was changed from the dashboard.
• IMPROVED: AI Security Advisor — works more reliably with WordPress 7 AI connectors (including DeepSeek and OpenAI). The plugin picks the right request format for each service instead of failing when structured JSON is not supported.
• IMPROVED: AI Security Advisor — Reports are faster and cheaper. Only tests that need attention are included, with short summaries.
• IMPROVED: AI Security Advisor — report output is cleaned up and checked before it is saved.
• IMPROVED: AI Security Advisor — full reports can be longer (higher token limit).
• IMPROVED: AI Security Advisor — when something goes wrong, the page shows a more helpful error message, and the failure is logged in Events so you can see what happened.
• IMPROVED: AI Security Advisor — successful and failed AI requests in Events now record which connector and model were used (prompt chip id only when relevant).
• = 5.285 =
• 2026-05-26
• FIX: Upgrading from the free plugin to Pro no longer causes a site error when both versions are present during install or activation. Pro skips loading Composer again if the free copy already loaded it, then Freemius deactivates free on activation.
• IMPROVED: AI Security Advisor — when an AI connector request fails, the page now shows the provider’s actual error message instead of a generic “temporarily unavailable” notice, so quota, billing, and configuration issues are easier to diagnose.
• NEW: MainWP integration (Phase 1) — sync now includes IP management entries (up to 200), AI Security Advisor executive summary, and optional event raw_data for the top 50 events. Remote IP actions (whitelist/blacklist add/remove, lift local ban, lift 404 guard ban) via the Security Ninja for MainWP extension 2.1.0+.
• = 5.284 =
• 2026-05-23
• FIX: Change Login URL (Pro) — Checkout and other frontend flows that use WordPress `admin-post.php` (for example FluentCart account creation during checkout) no longer show “Access Denied” for visitors. Legitimate public handlers registered with `admin_post_nopriv_*` are allowed; direct access to the rest of wp-admin stays blocked.
• IMPROVED: Rename Login (Pro) — Recognized temporary-login plugin links (Temporary Login Without Password, One Time Login, Magic Login, Login Links) are no longer blocked when accessing wp-admin before authentication completes. Extend via the `securityninja_rename_login_allow_autologin` filter.
• IMPROVED: AI Security Advisor now uses WordPress 7 structured AI responses for more reliable report output.
• IMPROVED: AI Security Advisor reports now include richer context from Security Tests, Vulnerability Scanner, Core Scanner, and recent security events.
• IMPROVED: Pro sites now include Malware Scanner findings in AI report context when available.
• NEW: WordPress 7 Abilities (optional, on by default): expose read-only security data to other WordPress AI clients—Security Test summary (passed/warning/failed), 7-day attack activity vs the previous week, and the latest saved AI Security Advisor report. Control exposure under Security Advisor → Settings; turning this off does not affect generating reports or follow-ups on the Security Advisor page.
• NEW: Added a dismissable “Re-evaluate with AI” reminder after tests, scans, and firewall setting changes (stays hidden after dismiss until a new security event occurs).
• = 5.283 =
• 2026-05-18
• FIX: Cloud Firewall (Pro) — Satellite ASN softening now works consistently across country blocking (including Starlink).
• FIX: 2FA setup during frontend login now shows the manual entry secret key again, matching the backend user profile setup flow.
• IMPROVED: Cloud Firewall (Pro) — IP Management shows your blacklist, whitelist, and temporary blocks in one searchable table, so you can see everything in one place.
• IMPROVED: Add, edit, and remove IP rules directly from the table; add several at once with one IP or range per line.
• IMPROVED: Copy your full blacklisted or whitelisted lists, or clear temporary blocks, from easy buttons below the table.
• = 5.282 =
• 2026-05-05
• FIX: Two-factor authentication (Pro) — When 2FA is enabled but required roles were missing or invalid, login could skip the 2FA step. Security Ninja now falls back to requiring **Administrator*so the code prompt always appears for protected accounts.
• FIX: Saving 2FA status would fail if firewall not enabled. Thank you Vassos.
• Added a new Tools-page Cleanup button. Securely removes any legacy options or data. Thank you Davina for the idea.
• FIX: Cloud Firewall (Pro) — Clearing **all*countries in country blocking and saving now actually turns country blocking off. Previously, choosing “none” could leave old selections in place because empty lists were not saved correctly.
• IMPROVED: Cloud Firewall — IP whitelist entries written as **ranges*(CIDR, one per line on IP Management) now apply the same way everywhere: visitor checks, secret recovery links, and automatic whitelist logic no longer treat ranges like plain single IPs only in some code paths.
• NEW: Cloud Firewall (Pro) — Option to soften country blocking for satellite ISPs like Starlink. Easily enable or adjust under Firewall → Settings for smoother access while keeping strong protection.
• IMPROVED: Cloud Firewall (Pro) — If a country or cloud block is skipped because the visitor is using a satellite ISP (satellite ASN softening), you’ll now see this clearly in the Events log.
• = 5.281 =
• 2026-04-22
• FIX: 2FA — Post-verification redirects now match WordPress core validation for relative and absolute `redirect_to` URLs ( Rename Login compatible ). AJAX responses always include a safe `redir_to` / `redirect_url` with `admin_url()` fallback so editors and other roles are not sent to the front page unexpectedly. Thank you Davina.