News

Article updates

XSS and CSRF security issues within AVADA Theme

The Avada | Responsive Multi-Purpose Theme is the best sold theme ever on Themeforest, so far it counted over 320k of customers. That being said, imagine the huge number of WordPress sites running on this theme.

As being widely used, is notorious thing for the Avada code to be checked by hackers to find vulnerabilities. Recently there’s been reported 2 huge impact security issues. Remember, there are automated boots which search for such theme, using a particular version which is known for being insecure.
Continue reading

Plugin Changelog

The plugin is actively maintained, we work hard to improve the code and add new functionality.

= 1.4.6.5 =
* Fixed hardcoded wp-register.php within rewrite – root files component
* Updated components to rewrite_base / rewrite_to system
* Improved components: Rewrite – WP Includes, Rewrite – WP Content, Rewrite – Plugins, Rewrite – Uploads, Rewrite – Comments, Rewrite – Root Files, Admin – wp-login.php, Admin – Admin Url
* Typo fix environemnt to environment
* New Component – Remove Shortlink Meta
* New Component – Remove new line carriage
* Apply relative paths change on styles only if main theme / child theme rewrite slug is not empty
* Improved interface errors and warnings transient structure
* Use ABSPATH and Environemnt data to create file path for file processing, instead just ABSPATH, for better compatibility

= 1.4.5.6 =
* Prevent the wp-register.php redirect to new login page when using block
* Prepare plugin for Composer package
* URL Slash description update
* xml_rpc_path add php_extension_required validation
* File processor use ABSPATH instead DOCUMENT_ROOT environment variable to avoid different paths on certain systems
* Allow path structure to be used for New Theme Path and Child – New Theme Path

= 1.4.5.1 =
* Media Galery src images fix
* Use separate variables for holding replacements to avoid key overwrite

= 1.4.5 =
* Add replacements for urls which does not contain explicit protocol e.g. http: or https:
* Avada cache URLs replacements support
* Fix processing_order for specific root files
* Ignore wp-register.php when blocking other wp-* files
* Fixed wp-register.php block
* Check for replacements on url encoded links
* Show message notices on General/HTML -> Html for options which may interfere with themes.
* sanitize_file_path_name fix when slug include a file type extension
* Prevent redirect to new url when accessing links through www
* New component Feeds
* Windows – Global file process rewrite rules update

= 1.4.4.4 =
* If no server type identification possible, try to check for .htaccess file
* Improved .htaccess search mod, Use preg_grep for identify the begin and end of WordPress rules
* Output notice when no supported server was found
* Use separate block of rules for .htaccess file, outside of WordPress lines
* Improved server htaccess support check
* Moved WPH_CACHE_PATH constant declaration from mu loader to wph class
* Use shutdown hock instead wp_loaded when plugin inline updated
* Use FS_CHMOD_FILE for $wp_filesystem->put_contents

= 1.4.4.2 =
* Fixed default wp-content block
* Updated compatibility with WP Fastest Cache
* Fixed wp-content replacement
Continue reading

Scroll to top