New features. You can now tweak cookie paths, native CRON settings and the WordPress autoupdate policies for Core, Plugins, Themes and Translations through Admin Tools' WordPress advanced configuration page. Please be careful. These are settings for advanced users with special use cases that cannot be satisfied by the default options. Be very weary of the auto-update settings; if you disable them you are putting your site at risk!
The .htaccess Set a Long Expiration Time now also applies a no-cache setting for administrator URLs. This prevent browsers from caching redirects and / or error messages in admin pages
Add WebP to Set a Long Expiration Time in .htaccess and NginX Conf Maker. Yeah, we forgot WebP is a real image format used in real world sites. Sorry!
Added support to render the Advanced WordPress Configuration page with tabs. Departing from its humble origins with a small number of options, this page was now cognitive overload to the point of being overwhelming. Settings are now organised in tabs to make it easier to find what you want.
Improved WAF Exceptions with better fine tuning. WAF Exceptions were a very simple affair, where you could whitelist entire URLs. Over the last few months we've seen use cases which required whitelisting only specific page parameters. For these use cases, the original WAF Exceptions implementation felt like swatting a fly with a wrecking ball. We added more fine control in the new WAF Exceptions implementation to give you surgical precision to what you want to allow, just like we have already been doing in the Joomla counterpart of Admin Tools.
Bug fixes and minor improvements. Please take a look at the CHANGELOG below.
We officially support only the latest released version of WordPress 4.9 and 5.x.
While our software should run on any WordPress version newer than 3.8 (with several features only working fully or at all on WordPress 4.4 and later) we VERY STRONGLY recommend using the latest version of WordPress only. Newer versions of WordPress address security issues which can not be guarded against through a web application firewall / security plugin. Moreover, newer WordPress versions address bugs and features which by themselves are not security issues but can be used to facilitate the compromise of a site. For example, support for the UTF8MB4 character code may have been billed as “Emoji support” but, in fact, addresses a whole class of very sinister database attacks, hinging on the way MySQL quashes extended characters in plain UTF8 mode, which are impossible to address in a generic firewall.
In short: trying to have a secure site with old code that contains known vulnerabilities is an exercise in futility. Do the smart thing, update WordPress first, then use a security plugin to tighten your security.
We only officially support using our software with PHP 5.6, 7.2, 7.3 or 7.4. We strongly advise you to run the latest available version of PHP on a branch currently maintained by the PHP project for security reasons. Older versions of PHP have known major security issues which are being actively exploited to hack sites and they have stopped receiving security updates, leaving you exposed to these issues.
Our software should still run on PHP 7.0 and 7.1. However, we do not test with these versions and we no longer treat breaking support for these obsolete PHP versions of PHP as a bug.
Our software will not run on versions of PHP older than 5.6 such as 5.5, 5.4, 5.3 or even older.