Skip to content

Version 3.0

Choose a tag to compare

View all tags
@KBurkholder KBurkholder released this 03 Dec 15:35
· 47 commits to main since this release
3.0.0
39b162d

= Version 3.0 – December 3, 2024 =

  • Introducing 'Doojiggers', 'Doolollys', 'Doohickeys', and 'Doodads'.
  • Tested with WordPress 6.7.
  • Dropped support for PHP < 8.1.
  • New browser optimization options (CSS Early Hints, Asynchronous CSS, JS Early Hints, Asynchronous JS).
  • New Risk Assessment security module using 3rd-party API extensions as well as internal actions and filters to assess and track security risks by IP address.
    • Implemented server-side CORS security.
      • Apply CORS rules to rest, xml, and admin-ajax.php requests.
      • Options to use referer or reverse DNS to get origin.
      • Validate local server host IP when passed as origin.
      • Origin white-list and excluded URIs.
    • New register_[fraud|threat|abuse|risk] hooks used to tag risky actions and, possibly, block access.
      • Added register_threat action to several security checks.
    • New AbuseIPDB api extension to block by IP address based on abuse score.
    • New FraudGuard api extension to block by IP address based on risk level.
    • New IpGeoLocation api extension to block by IP address based on threat score.
  • New 'Content Security Assistant' (Add Script nonce, Add Style nonce, Do CSP Action).
    • Add nonce=xxx to script and style link tags.
    • New eacDoojigger_security_nonce filter gets security nonce.
    • New eacDoojigger_content_security_policy action passes security nonce to facilitate Content-Security-Policy creation.
  • New ipUtil helper to check IP address against list of addresses and/or subnets (cidr).
    • New isIpInList() method using ipUtil.
  • New get_output_file() to create/write a file in appropriate WP path.
    • a. where the WP debug log is stored.
    • b. in the upload folder.
    • Uses wp_filesystem for proper access.
  • New access_denied() method used to block fraudulent requests.
  • Move is_admin_request() and is_network_admin_request() from abstract_context to Helpers/functions.php.
  • Added is_request_type() and is_php_request() to functions.php (\EarthAsylumConsulting namespace).
  • Reworked admin options menu(s).
  • Improved extension loader methods.
  • Allow null instance in plugin_loader::getInstance().
  • Added user roles to advanced mode arrays and allow array of OR'd options.
    • $this->isAdvancedMode('global','administrator')
    • $this->isAdvancedMode('global',['administrator','editor'])
  • Standard methods for option, hook, table names with prefix.
    • addClassNamePrefix(), removeClassNamePrefix(), getClassNamePrefix(), hasClassNamePrefix()
  • Debugging extension uses get_output_file() and changes log file name.
  • New hooks trait includes all prefixed action and filter functions.
    • New has_filter_count(), has_action_count()
    • New wp_filter_count(), wp_action_count() (not prefixed).
  • Added ENABLE_OPTION constant to extensions to allow override of the enable option used in an admin tab section.
  • Added TAB_NAME constant to extensions to allow setting the default tab name.
  • Added filters to change a settings group label or tab name.
    • $this->apply_filters('settings_group_label',$groupLabel,$optionGroup)
    • $this->apply_filters('settings_tab_name',$optionTab,$optionGroup,$isNetworkSettings)
  • New getRequestURL(), getRequestParts(), getRequestHost(), getRequestPath() methods using WP request.
  • New getRequestOrigin() gets origin from header or referrer or reverse DNS lookup.
  • New options_settings_page_footer action after settings form before closing div.
  • Use options_settings_page_footer action in swRegistrationUI.
  • Suppress shutdown error for not-called parent methods.
  • Check additional http headers in getVisitorIP().
  • Debugging allows non-php requests with file type exclude list (using wp_get_ext_types()).
  • Changed default session cookie name (play nice with caching utilities).
  • Changed default visitor cookie name (play nice with caching utilities).
  • Allow cookie name as array containing alternate names in get_cookie().
  • Maybe serialize/unserialize cookie value in set_cookie() and get_cookie().
  • varCookie() defaults to get_cookie() if only one argument (name).
  • Use sanitize_key() on cookie name but check for un-sanitized name in get_cookie().
  • Removed scheduleEvent() method. Not used, didn't work. Use wp_schedule_single_event().
  • New color-palette.css loaded on admin pages.
  • Load TextDomain on init (as per WP v6.7).
Assets 2
Loading