GD Security Toolbox Pro 1.1 is the first major update for this WordPress security plugin. The new version includes new addons, instant notifications, headers scanner, support for CloudFlare to get IP’s and few more things.
Version 1.1 brings several new and important features. A new scanner is added to get the list of all response headers for any page request. This can help you validate what headers included and get recommendations about some important headers that you might be missing and you can add using this plugin.
There are two new addons. First one is for adding menu into WordPress toolbar. This menu includes shortcuts to all plugin panels for quick access. The menu is for super admins only and it will adapt to show active addons menu items when needed.
Content Security Policy header
The second new addon is for creating and adding Content Security Policy header entry. Content Security Policy (or CSP) is very important header element that can be used to control which types of resources are allowed to download and use. This can prevent various forms of injection attacks relying on browser executing outside scripts.
You can specify allowed sources for scripts, styles, fonts, images… On top of that, there are few other elements CSP allows. And, there is a way to log in any attempt from breaking CSP. The plugin will log such attempts in the events log.
To debug the rules before applying them, the plugin can add the header in report only mode allowing you to test your website in browsers first before switching to the live mode when everything is ready.
Other improvements
Htaccess addon can now apply changes to .htaccess automatically during daily maintenance (it is disabled by default, you can enable it from main plugin Settings panel). This will always keep .htaccess current with banned IP’s from the log. The plugin can send instant notification for any event. The plugin supports CloudFlare to get proper IP from the visitor relayed through CloudFlare. There are various small updates and improvements to settings and plugin interface.
As for the bugs, there are several important bugs fixed related to .htaccess addon, banned IP’s and events log, and some minor issues with Tweaks addon.
If you notice any problems with the plugin, stop by the support forums to report it. Let me know what you think about the new version, and as always, suggestions are welcome.