WordPress.org

1.7.0

• Added: Option to display an error message, instead of redirecting users to the login or to another page
• Added: Option to display 404 error page instead of a Bad Request error
• Added: Log all potential malicious url requests (A viewer will be added in one of the next versions)
• Added: Block requests longer than 255 chars
• Added: Block requests containing your db prefix
• Added: Block file uploads with dangerous file endings
• Added: Block directory traversal attacks
• Added: Force security settings on all member blogs in a multisite environment
• Added: Ability to remove readme.html from blog root
• Added: Protect your Plugins and Includes Folder by creating index.php files in these folders
• Added: Capability setting for editing auth time
• Added: Restrict the Admin to your current ip
• Changed: Split detection of xss/sql Attacks
• Changed: Standard capability for editing users changed to edit users
• Fixed: Redirect to login does not work correctly in some situations
• Fixed: Plugin link is now shown, even if there are no restrictions

1.6.5

• Fixed: Typo in login, signup condition, that might give access for anyone [Thanks to sulfsby]

1.6.4

• Fixed: PHP Warning when not hiding tags

1.6.3

• Added: Multisite registration to single blogs is not restricted to subdomain installations anymore
• Added: Tags can also be hidden from the Tag cloud widget
• Changed: Moved multisite options down on the settings page
• Fixed: Register page stays open, even if all pages are restricted

1.6.2

• Added: Brazilian Portugese language file [Big big thanks to Eduardo]
• Fixed: Error in check_auth, which prevents logged in user to see hidden categories [Sorry to Sabeth]

1.6.1

• Fixed: Translation issue in the main menu [Big thanks to Eduardo]

1.6.0

• Added: Allow users to register directly to a blog in the multisite network if webmaster allows [Thanks to Aphrodite for the suggestion]
• Added: Ability to add directly to a blog for users if webmaster allows [Thanks to Aphrodite for the suggestion]
• Added: PHP Version check for really really old installations [Thanks for lauryn]
• Fixed: auth date was taken from current user and not from shown user
• Fixed: admin warnings are restricted to admins now
• Fixed: update notices are restricted to admins now

1.5.0

• Added: Remove restricted posts from front page, search, blog home etc. for non authorized users based on restricted categories, tags or posts
• Added: Remove categories from sidebar

1.4.1

• Fixed: Plugin does not show categories, if the first category was deleted or edited [Thanks to Sabeth and cscscs]

1.4.0

• Added: Option to remove feeds from blog headers
• Added: Generation of feed keys, so that RSS Reader can access restricted feeds
• Added: Navigation below Admin
• Added: Ability to remove feed keys from database
• Added: Force users to use only strong passwords
• Changed: Merged the access rights pages
• Fixed: Some improvements on the assistant
• Fixed: Some wrong or forgotten translations
• Fixed: A lot of typos

1.3.1

• Fixed: A small bug in des.class.php as the password is not decrypted correctly because of unneeded whitespaces

1.3.0

• Added: Easy to use setup assistant
• Added: Option to delete brute force logs
• Fixed: Added english and german translation for user profile field

1.2.2

Fixed: Wrong parameter count on form_row [Thanks to hdridder]

1.2.1

• Added: New options are marked as new
• Fixed: Secure key was not depending on your installation

1.2.0

• Added: Secure login script

1.1.1

• Fixed: wrong datatype in array [Thanks to bamajr]

1.1

• Added: New interface design
• Added: Allow access to attachments
• Added: Disable all restrictions with a single click
• Added: Customize your login error messages
• Added: Prevent against attackers with tarpit technology
• Added: Brute force prevention
• Added: Define maximum login attempts and lockout time for brute force attempts
• Added: Remove or anonymize your WordPress Generator Meta Tag
• Added: Notification of recent updates
• Changed: Seperate settings for RSD and WLW headers
• Fixed: Some language strings
• Fixed: Some unitialized variables
• Fixed: Issue on setting the time for access allowed
• Fixed: Allowing single posts also allowed access to pages
• Fixed: logged in users may had lower rights than logged out if they were not approved
• Fixed: fixed some very complicated rules with tags and categories in single posts
• Fixed: A lot of testing with all kinds of rules

1.0.4

• Another fix in multisites
• Deleted some warnings about uninitialized vars

1.0.3

• Fixed a bug in non multisite environment

1.0.2

• Fixed a bug with deleting user settings in multisite environment

1.0.1

• A lot of small bugfixes - mainly wrong paths and forgotten translations

1.0

• Initial release - it may let explode your hamster!