2019.09.19 – Version 1.5
- Update: WC_AM_Client with version 2.7 to work with WooCommerce API Manager 2.2.0 and greater.
- Tweak: Update security database table creation routine.
- Tweak: No longer delete transients on activation.
- Remove: Removed support for Affiliate WP, as required filters were never added to Affiliate WP as requested.
- Remove: Dead code.
- Format: Reformatted all code to current format style.
2019.1.19 – Version 1.4.1
- Update WC_AM_Client with version 2.2 to work with WooCommerce API Manager 2.0 and greater.
2019.1.19 – Version 1.4
- Removed deprecated encryption functions for PHP 7.2 and greater compatibility.
- Fix: Replaced deprecated get_current_theme() with wp_get_theme().
- Replaced WC_AM_Client class with version 2.1 to work with WooCommerce API Manager 2.0 and greater.
- WordPress 3.8 and above required.
- Compatible up to PHP 7.2.
2017.1.9 – Version 188.8.131.52
- Fix: PHP Notice with Contact Form 7 version 4.6. “wpcf7_add_shortcode is deprecated since Contact Form 7 version 4.6! Use wpcf7_add_form_tag instead.”
2015.9.4 – Version 184.108.40.206
2015.6.23 – Version 220.127.116.11
- Fix: Updated Contact Form 7 tag generator. CF7 4.2 and above now required due to major changes in CF7.
2015.6.7 – Version 18.104.22.168
- Tweak: Abandon Block UI while securing login form in favor of inline login form messages.
- Tweak: Eliminate autocomplete login detection until it can be evaluated in greater detail.
- Tweak: Improved login experience.
2015.6.3 – Version 1.3.8
- Tweak: Replace wp_remote_get with wp_safe_remote_get
- Fix: Autocompleted login forms were not always automatically detected properly when securing the form.
- Fix: Pasting a username into a login form is now detected when securing the form.
2015.5.28 – Version 22.214.171.124.2
- Tweak: Wrap Gravity Forms form security error messages in div tag with class name gf-sc-sec-error-msg so it can be styled.
- Tweak: Replace some backend .png icons with Dashicons.
- Enhancement: Block UI and display a message for 3 seconds when securing login and registration forms to give slow servers time to handle AJAX tasks.
2015.4.21 – Version 126.96.36.199.1
- Fix: Autocompleted username and password on WP login form are now detected properly. Manually typing in username no longer required. Test on iPhone and Android, as well as all web browsers.
- Fix: Popup dialog added to remind users with blank username and password fields to type in their username.
- Fix: Outgoing API Key and Software Update request URLs are now escaped to prevent possible XSS attack vector.
2014.6.14 – Version 188.8.131.52
- A few server environments with PHP 5.3.x or older had the following errors.
- Fix: Fatal error: Can’t use method return value in write context, on plugin activation.
- Fix: Fatal error: Cannot redeclare class, on plugin uninstall.
2014.6.14 – Version 184.108.40.206
- Waiting: Added support for AffiliateWP to protect the registration and login forms from hackbots and spambots. Still waiting for the code and hooks to be added to AffiliateWP.
- Feature: API License Key is now encrypted in the database, so unauthorized clients, and unauthorized staff, cannot view the API key, or use it on unauthorized blogs.
- Fix: Automatically deactivate Spam Free WordPress if active, rather than display a warning.
- Fix: NextGEN Gallery incorrectly loads a persist.js on the WordPress login and registration pages breaking Simple Comments. Simple Comments now loads earlier to eliminate this issue.
- Refactor: Improved AJAX responses.
- Refactor: Load shared classes as singular on-demand instances.
- Tweak: Check if WP_HTTP_BLOCK_EXTERNAL is defined and set to true.
2014.4.30 – Version 220.127.116.11
- * Feature: Added ability to make 30% off the sale of Simple Comments using an affiliate ID.
2014.4.3 – Version 18.104.22.168
- Feature: Disable WordPress XML-RPC completely, to prevent DDOS attacks against any XML-RPC service. Disabling XML-RPC can break some plugins.
2014.3.14 – Version 22.214.171.124
- Feature: Disable XML-RPC pingback service, when Close Pingbacks option is selected, to prevent DDOS attacks against the pingback service.
2014.1.24 – Version 126.96.36.199
- Tweak: Security class instantiates only once now.
- Tweak: Added more capability to provide security for comment forms even when the theme is broken.
- Tweak: Moved bl_keys array element from simple_comments array to its own sc_bl_keys option database entry.
2014.1.7 – Version 188.8.131.52
- Tweak: Changed when jQuery scripts are ready.
2013.12.31 – Version 184.108.40.206
- Fix: Removed the update timer as it caused the plugin to disable itself under certain conditions.
2013.12.30 – Version 220.127.116.11
- Feature: WordPress does not always display a notice for software updates when they become available, so an update timer was added to ensure timely notice of software updates.
- Feature: Added hackbot protection for WooCommerce 2.1 and above login forms.
2013.12.18 – Version 1.3.6
- Fix: Contact Form 7 security shortcode hook was calling function too early, causing it to display the shortcode tag on the page, when it should not be visible.
- Fix: Deactivation message now displays a single message.
- Fix: Fixed some text localization.
- Fix: Improved Nonce behavior for some rare edge cases.
- Fix: Tightened security in the plugin code.
- Tweak: Classes can now only be instantiated once. Saves memory, and prevents the need to use globals.
2013.9.26 – Version 1.3.5
- Added new Subscription error message sent from the WooCommerce API Manager
2013.9.22 – Version 1.3.4
- License Key class now using new WooCommerce API Manager for API license keys.
2013.8.29 – Version 1.3.3
- Fixed: A function was not being called correctly in the uninstall routine.
2013.8.25 – Version 1.3.2
- Added instructions to WordPress login form, and WordPress User Registration form, to physically type into the form fields for human detection security.
2013.8.25 – Version 1.3.1
- WordPress login form, and WooCommerce registration form, security is disabled if WooCommerce is active. This is due to an authentication problem related to a lack of hooks for Simple Comments on the WooCommerce login form.
- Bypass security checks for Gravity Forms and Contact Form 7 if user is logged in.
2013.8.23 – Version 1.3
- New feature: Added option to save comment spam to spam folder for manual review.
- New feature: Added spam blocking support for Gravity Forms.
- New feature: Added spam blocking support for Contact Form 7.
- Added support for the Jetpack Contact form, and the WooCommerce login, but cannot implement until hooks are availble to turn these features on.
- New feature: Added hackbot security for the WordPress login form.
- New feature: Added hackbot security for the WordPress user registration form.
- Tweak: Added support for the Twenty Thirteen theme.
- Code refactoring completed. Plugin is now 100% Object Oriented.
- Setup new classes to load on-demand to only consume memory when needed.
2013.7.30 – Version 1.2.6
- Multisite compatibility added.
- New feature: Added spam blocking support for WooCommerce Product Enquiry Form extension.
- Fixed: Sometimes install information was missing, causing invalid license error.
- Updated language files.
- Code refactoring to move towards all Object Oriented.
- Removed legacy function call. Obsolete.
- Removed old legacy password fields. Obsolete.
- Fixed: PHP errors would break jQuery event listener when WordPress in debug mode.
- Moved cron events into their own class.
- Fixed: each comment is now authenticated, rather than allowing all comments from one commenter in 20 minutes time frame.
- Support added for WooCommerce product review comment form.
- Updated troubleshooting URL