If you haven’t heard, iThemes Security has recently gotten a new team. Along with that new team comes a new level of excitement and passion, and a refreshed and renewed focus. We are intently focused on making iThemes Security the best possible security solution for WordPress, and this is the first step of many to accomplishing that!
Here are a few notes about today’s iThemes Security 4.9.0 and iThemes Security Pro 1.17.0 release:
reCaptcha Improvementspro
We’ve pushed out several improvements to reCaptcha. First, logged in users are people, so we treat them that way! No longer do logged in users need to complete a captcha to submit a comment.
Theme support has been strengthened as well, so comment captchas will work on more themes than ever before.
Password Generationpro
iThemes is actively involved in WordPress development. One of the many things coming in WordPress 4.3 is an all new user interface for passwords and a password generator. It is really exciting to us to see WordPress continue to roll out great features like this, especially when they help encourage healthy password practices. Our users will still be able to use our password generator for older versions of WordPress, and they will be seamlessly moved to using the WordPress core functionality when they upgrade to WordPress 4.3. There will be no conflicts, and no action needed on your part at all.
Removed WordPress Version Number Hiding
In order to truly make iThemes Security the best security solution, we need to take a very hard line on actual security versus perceived security. In this case, that means pulling out a feature that does not meet our standards. Hiding or obfuscating your WordPress version number is only perceived security. Hackers do not check your WordPress version before they attempt an attack. Instead, they simply deploy the attack and see if it succeeds or fails.
While hiding your WordPress version number did not offer any additional security for your site, it could cause some problems. Plugins, or even external services, that made use of the WordPress version to roll out additional functionality for users on newer versions of WordPress that could support them, were unable to do so when the version number was obfuscated.
You no longer have to worry about any of this and your site is still just as secure as it was before!
Bug Fixes and Other Enhancements
As always, iThemes is focused on giving you a security solution that is both stable and reliable, so we also focused on squishing some of those pesky bugs in this release, as well as adding some enhancements that will help keep things running smoothly for you:
- We added a new “Undo” for content directory move.
- No longer tries to load a non-existent JavaScript file for the salts module
- Fixed an issue with one-time database backups on multisite installs
- Fixed issues related to locating .htaccess or nginx.conf files on sites with WordPress installed in a separate directory
- Fixed issues with PHP blocking in uploads directory not working with certain non-standard setups
- Minor change to fix a warning that can appear after changing the content directory name
- Fixed a PHP fatal error that could occur on some servers when adding a ban to the site’s .htaccess or nginx.conf file.
- Fixed some issues with profile pages on multisite setups that affected both two factor authentication and the password generator

Good job team, liked the explanation on ‘hiding the version number’. Very honest and accurate.