* Improvement: Remove the ping on google.com, set it to secupress.me.
* Improvement: Refactored the database scan logic in SecuPress_File_Monitoring to use background processing for scanning posts, options, and custom post types for malware patterns. Better perf, quicker scans incoming on big sites.
* Fix: (again) Possible fatal error "Call to undefined method SecuPress_Background_Process_Bad_Plugins::is_processing()" if WooCommerce is installed since THEY include the obsolete version of the async lib before us...
* Fix: Warning notice when saving captcha style.
* Fix: Re-add the "monthly" index for cron schedules.
* Fix: Do not unvalidate passwordless email on plugin deactivation or licence deconnection
* Fix: Remove the usage of shell_exec() and `host $ip` that can overconsume resources on your host, bringing down your site (even if this was in SecuPress since 8 years, only now this cause an issue)
* New: GeoIP Location on Login
* New: Search field in admin UI.
* New: Scanner for malwares in our 35 scanners.
* Improvement: UI for Malware Scanner has been improved, and will be again 😉 You'll find a "WP File Integrity" which has always been there since 1.0, just not mentionned as is.
* Improvement: Add WP 2FA compatibility to Easy Login scan
* Fix: Dashboard Widget not displaying graphs
* Fix: PHP Version Scanner was saying that the last version was "ok tier"
* Fix: PasswordLess activation checkbox was not checked after reload
* Fix: Remove secupress-data directory on uninstall (I forgot, my bad)
* Fix: "wp-includes/version.php" should not be tagged "different" anymore if you use a localised zip (in malware scanners)
* Fix: Possible fatal error when deactivating the module "Disable all actions on plugins" + "disable all actions on FTP"
* Fix: Possible fatal error "Call to undefined method SecuPress_Background_Process_Bad_Plugins::is_processing()"
* New: Colored notices can be added up in the plugins page to help you prioritize updates by showing you since when the update is available.
* New: The standalone "SF Move Login" is now renamed "SP Move Login" and since it's the same feature as the one here, it will be deactivated and this feature here activated.
* New: "Move Login" feature can now display a Honeypot instead of a message or page. This is an expert setting, also, only available if you only have Admins on your site (or lusers will be banned trying to log-in, I know them)
* New: Translations are now done using the new `.l10n.php` format
* Improvement: "Move login" feature will now display every other slugs, it now depends on the login one. "Register" is only available is the registration is open.
* Improvement: Dashboard widget finally get a skin, can display a graph to check evolution of monthly attacks.
* Improvement: All the messages from the "unlock yourself as an admin" on login page have been set to the same one to prevent guessing an admin email. props to Lohen Florent
* Fix: JS Error when Antispam Comment Timer module is active
* Fix: Correct custom validity for roles in some cases
* Fix: Warning for undefined SECUPRESS_INSTALLED_MUPLUGINS constant
* Fix: Warning when the distant DB was not accessible
* Fix: Passwords couldn't be updated when Passwordless was active, even if your role was not targeted, or module activatjon not validated yet
* Fix: Changelogs couldn't be opened in the iframe popup in plugins.php page when "Prevent Actions on Plugins" feature was activated
* New: Force Better Encryption System
* Improvement: Add the filter "secupress.get_wp_directory" to make a better compat with BedRock (with which we are not compatible natively)
* Improvement: Password reset cannot be asked for account using PasswordLess
* Improvement: Add a message on "Forbid user enumeration" to recall that author front pages will be replaced by homepage.
* Fix: Remove ajax call from antispam delay module to prevent unwanted indexed ajax URL
* Fix: Password reset was not possible for some roles, due to activation+deactivation of the PasswordLess module
* Fix: Some notices where duplicated
* Fix: Check allowed IP before auth_redirect in "bad usernames" module
* Update: Allowed IP List
* Fix: Remove "1" from "Bad Usernames" because Man/age WP use it as a fake login and it break the connection. You don't say.
* Fix: Possible multiple notices when malware database is updating.
* Fix: Possible PHP Warning when renaming a username.
* Fix: Fatal error when saving Firewall settings
* Fix: Missing captcha session on registration page
* Improve: Better UI and UX. We use the WP login page and not our own page design (byebye secupress_action_page() on some modules)
* Improve: Module "Password Lifespan" now depends of "Force Strong Passwords", because if you care about the lifetime of a password, I bet you care tyour their strengh too and before.
* Improve: Constant SECUPRESS_MODE improved, read the doc: https://docs.secupress.me/article/237-secupressmode
* Update: ZXCVBN libs
* Fix: Cookie hash file was not created when running the autofix
* Fix: "Bad Url Access" and "Bad File Extensions" were tagged as "fixable in pro only"
* Fix: "Already done your way" message on "Security Keys" module was wrong.
* Fix: Upgrader should always check the mu version file
* Fix: Remove "mail*" from the bad usernames list, too wide (Hello Maïlis & Mailisa...)
* Improve: Regenerating salt keys will now display a notice message as a feedback #UX
* Improve: Some strings were not translated.
* Improve: Better handling for "Rename User Names"
* Improve: "Show Admin Bar Menu" & "Hide Contextual Help & Tips"
* New: "Show Contextual Help & Tips" and "Admin Bar Menu" are now a user setting
* Fix: A possible loop when login
* Fix: A too big SQL query on site with too many users
Fix v2.2.5.2 Blackhole nonce bloking some front requests
Update Malware Database