Remove: Removed support for Affiliate WP, as required filters were never added to Affiliate WP as requested.
Remove: Dead code.
Format: Reformatted all code to current format style.
2019.1.19 – Version 1.4.1
Update WC_AM_Client with version 2.2 to work with WooCommerce API Manager 2.0 and greater.
2019.1.19 – Version 1.4
Removed deprecated encryption functions for PHP 7.2 and greater compatibility.
Fix: Replaced deprecated get_current_theme() with wp_get_theme().
Replaced WC_AM_Client class with version 2.1 to work with WooCommerce API Manager 2.0 and greater.
WordPress 3.8 and above required.
Compatible up to PHP 7.2.
2017.1.9 – Version 1.3.8.4
Fix: PHP Notice with Contact Form 7 version 4.6. “wpcf7_add_shortcode is deprecated since Contact Form 7 version 4.6! Use wpcf7_add_form_tag instead.”
2015.9.4 – Version 1.3.8.3
Fix: WSOD on uninstall.
2015.6.23 – Version 1.3.8.2
Fix: Updated Contact Form 7 tag generator. CF7 4.2 and above now required due to major changes in CF7.
2015.6.7 – Version 1.3.8.1
Tweak: Abandon Block UI while securing login form in favor of inline login form messages.
Tweak: Eliminate autocomplete login detection until it can be evaluated in greater detail.
Tweak: Improved login experience.
2015.6.3 – Version 1.3.8
Tweak: Replace wp_remote_get with wp_safe_remote_get
Fix: Autocompleted login forms were not always automatically detected properly when securing the form.
Fix: Pasting a username into a login form is now detected when securing the form.
2015.5.28 – Version 1.3.7.9.2
Tweak: Use scheme, such as http or https for JavaScript file URL rather than using a relative URL, so CDNs can properly serve the JavaScript files.
Tweak: Wrap Gravity Forms form security error messages in div tag with class name gf-sc-sec-error-msg so it can be styled.
Tweak: Replace some backend .png icons with Dashicons.
Enhancement: Block UI and display a message for 3 seconds when securing login and registration forms to give slow servers time to handle AJAX tasks.
2015.4.21 – Version 1.3.7.9.1
Fix: Autocompleted username and password on WP login form are now detected properly. Manually typing in username no longer required. Test on iPhone and Android, as well as all web browsers.
Fix: Popup dialog added to remind users with blank username and password fields to type in their username.
Fix: Outgoing API Key and Software Update request URLs are now escaped to prevent possible XSS attack vector.
2014.6.14 – Version 1.3.7.9
A few server environments with PHP 5.3.x or older had the following errors.
Fix: Fatal error: Can’t use method return value in write context, on plugin activation.
Fix: Fatal error: Cannot redeclare class, on plugin uninstall.
2014.6.14 – Version 1.3.7.8
Waiting: Added support for AffiliateWP to protect the registration and login forms from hackbots and spambots. Still waiting for the code and hooks to be added to AffiliateWP.
Feature: API License Key is now encrypted in the database, so unauthorized clients, and unauthorized staff, cannot view the API key, or use it on unauthorized blogs.
Fix: Automatically deactivate Spam Free WordPress if active, rather than display a warning.
Fix: NextGEN Gallery incorrectly loads a persist.js on the WordPress login and registration pages breaking Simple Comments. Simple Comments now loads earlier to eliminate this issue.
Refactor: Improved AJAX responses.
Refactor: Improved AJAX, JavaScript, and CSS now load relative to the scheme.
Refactor: Load shared classes as singular on-demand instances.
Tweak: Check if WP_HTTP_BLOCK_EXTERNAL is defined and set to true.
2014.4.30 – Version 1.3.7.7
* Feature: Added ability to make 30% off the sale of Simple Comments using an affiliate ID.
2014.4.3 – Version 1.3.7.6
Feature: Disable WordPress XML-RPC completely, to prevent DDOS attacks against any XML-RPC service. Disabling XML-RPC can break some plugins.
2014.3.14 – Version 1.3.7.5
Feature: Disable XML-RPC pingback service, when Close Pingbacks option is selected, to prevent DDOS attacks against the pingback service.
2014.1.24 – Version 1.3.7.4
Tweak: Security class instantiates only once now.
Tweak: Added more capability to provide security for comment forms even when the theme is broken.
Tweak: Moved bl_keys array element from simple_comments array to its own sc_bl_keys option database entry.
2014.1.7 – Version 1.3.7.3
Tweak: Changed when jQuery scripts are ready.
2013.12.31 – Version 1.3.7.2
Fix: Removed the update timer as it caused the plugin to disable itself under certain conditions.
2013.12.30 – Version 1.3.7.1
Feature: WordPress does not always display a notice for software updates when they become available, so an update timer was added to ensure timely notice of software updates.
Feature: Added hackbot protection for WooCommerce 2.1 and above login forms.
2013.12.18 – Version 1.3.6
Fix: Contact Form 7 security shortcode hook was calling function too early, causing it to display the shortcode tag on the page, when it should not be visible.
Fix: Deactivation message now displays a single message.
Fix: Fixed some text localization.
Fix: Improved Nonce behavior for some rare edge cases.
Fix: Tightened security in the plugin code.
Tweak: Classes can now only be instantiated once. Saves memory, and prevents the need to use globals.
2013.9.26 – Version 1.3.5
Added new Subscription error message sent from the WooCommerce API Manager
2013.9.22 – Version 1.3.4
License Key class now using new WooCommerce API Manager for API license keys.
2013.8.29 – Version 1.3.3
Fixed: A function was not being called correctly in the uninstall routine.
2013.8.25 – Version 1.3.2
Added instructions to WordPress login form, and WordPress User Registration form, to physically type into the form fields for human detection security.
Enhanced JavaScript to remove autofilled form field information to allow for human detection security on WordPress login form and WordPress User Registration form.
2013.8.25 – Version 1.3.1
WordPress login form, and WooCommerce registration form, security is disabled if WooCommerce is active. This is due to an authentication problem related to a lack of hooks for Simple Comments on the WooCommerce login form.
Bypass security checks for Gravity Forms and Contact Form 7 if user is logged in.
2013.8.23 – Version 1.3
New feature: Added option to save comment spam to spam folder for manual review.
New feature: Added spam blocking support for Gravity Forms.
New feature: Added spam blocking support for Contact Form 7.
Added support for the Jetpack Contact form, and the WooCommerce login, but cannot implement until hooks are availble to turn these features on.
New feature: Added hackbot security for the WordPress login form.
New feature: Added hackbot security for the WordPress user registration form.
Tweak: Added support for the Twenty Thirteen theme.
Code refactoring completed. Plugin is now 100% Object Oriented.
Setup new classes to load on-demand to only consume memory when needed.