Bug Fix: Fatal error when running on a site with an unprefixed version of Pimple or Psr/Container that was loaded before iThemes Security.

Important: iThemes Security now requires PHP 7.3 and WordPress 5.9 or later.

New: Introducing passkeys for Passwordless Login! Users can log into their site using biometrics like Face ID, Touch ID, or Windows Hello. Enable the new "Passkeys" module to add it as a Passwordless Login method.

Bug Fix: Preliminary PHP 8.1 compatibility.

Tweak: Add Security Alert when running a PHP version older than 7.3.0. Future versions of iThemes Security will require PHP 7.3.0.

Bug Fix: Don't attempt to Hide Backend when a Cron request is being processed.

Bug Fix: Prevent entering invalid date values when selecting a custom date range in the Security Dashboard.

Tweak: Require a Title when creating a new Dashboard.

Bug Fix: Don't attempt to send a Site Scan notification for Clean scans preventing a fatal error after scheduled site scans.

Bug Fix: Initialize Theme in Dashboard Widget rectifying the "An error occurred while rendering this card" message.

Bug Fix: Use Site Registration Authentication when performing a Site Scan on Multisite Subsites rectifying the "Request is missing verification credentials" message.

Tweak: Schedule the Automatic Updater to run 5 minutes after a Site Scan finds Vulnerable Software.

Bug Fix: Help styling on WordPress 5.9.

Bug Fix: Compatibility with plugins that expected a logged-in user during lockouts.

Bug Fix: Error when visiting the Notifications page after activating a module with notifications for the first time.

Bug Fix: Update deprecated withState usages to useState.

Bug Fix: Set a default value for the Notification User Roles control.

Important: iThemes Security now requires WordPress 5.8 or later.

New Feature: Introduce a new Import Export feature that allows for greater customization and flexibility.

Bug Fix: Scroll to top of window when navigating.

Bug Fix: Allow searching for Password Requirements.

Bug Fix: Login page would be blank when Passwordless Login was configured to use the "Username First" flow.

Bug Fix: Don't load WordPress and System Tweaks modules when the `ITSEC_DISABLE_MODULES` constant is enabled.

Bug Fix: Prevent incidentally loading the Two-Factor module when it is unregistered.

Bug Fix: Conditionally display the NGINX File Path setting.

Bug Fix: Allow saving Notifications when "default recipients must contain at least 1 item" error is present.