Secupress Pro Version History

* 03 April 2026
* Improvement: Remove the ping on google.com, set it to secupress.me.
* Improvement: Refactored the database scan logic in SecuPress_File_Monitoring to use background processing for scanning posts, options, and custom post types for malware patterns. Better perf, quicker scans incoming on big sites.
* Fix: (again) Possible fatal error "Call to undefined method SecuPress_Background_Process_Bad_Plugins::is_processing()" if WooCommerce is installed since THEY include the obsolete version of the async lib before us...
* Fix: Warning notice when saving captcha style.
* Fix: Re-add the "monthly" index for cron schedules.
* Fix: Do not unvalidate passwordless email on plugin deactivation or licence deconnection
* Fix: Remove the usage of shell_exec() and `host $ip` that can overconsume resources on your host, bringing down your site (even if this was in SecuPress since 8 years, only now this cause an issue)

* 16 January 2026
* New: GeoIP Location on Login
* New: Search field in admin UI.
* New: Scanner for malwares in our 35 scanners.
* Improvement: UI for Malware Scanner has been improved, and will be again ;) You'll find a "WP File Integrity" which has always been there since 1.0, just not mentionned as is.
* Improvement: Add WP 2FA compatibility to Easy Login scan
* Fix: Dashboard Widget not displaying graphs
* Fix: PHP Version Scanner was saying that the last version was "ok tier"
* Fix: PasswordLess activation checkbox was not checked after reload
* Fix: Remove secupress-data directory on uninstall (I forgot, my bad)
* Fix: "wp-includes/version.php" should not be tagged "different" anymore if you use a localised zip (in malware scanners)
* Fix: Possible fatal error when deactivating the module "Disable all actions on plugins" + "disable all actions on FTP"
* Fix: Possible fatal error "Call to undefined method SecuPress_Background_Process_Bad_Plugins::is_processing()"

* 02 December 2025
* New: Colored notices can be added up in the plugins page to help you prioritize updates by showing you since when the update is available.
* New: The standalone "SF Move Login" is now renamed "SP Move Login" and since it's the same feature as the one here, it will be deactivated and this feature here activated.
* New: "Move Login" feature can now display a Honeypot instead of a message or page. This is an expert setting, also, only available if you only have Admins on your site (or lusers will be banned trying to log-in, I know them)
* New: Translations are now done using the new `.l10n.php` format
* Improvement: "Move login" feature will now display every other slugs, it now depends on the login one. "Register" is only available is the registration is open.
* Improvement: Dashboard widget finally get a skin, can display a graph to check evolution of monthly attacks.
* Improvement: All the messages from the "unlock yourself as an admin" on login page have been set to the same one to prevent guessing an admin email. props to Lohen Florent
* Fix: JS Error when Antispam Comment Timer module is active
* Fix: Correct custom validity for roles in some cases
* Fix: Warning for undefined SECUPRESS_INSTALLED_MUPLUGINS constant
* Fix: Warning when the distant DB was not accessible
* Fix: Passwords couldn't be updated when Passwordless was active, even if your role was not targeted, or module activatjon not validated yet
* Fix: Changelogs couldn't be opened in the iframe popup in plugins.php page when "Prevent Actions on Plugins" feature was activated