WP Ghost Changelog – All Version Updates, Features, and Fixes

Last plugin update: 06 April 2026

Stay informed about the latest updates and improvements to the WP Ghost plugin. This changelog provides a detailed record of all version releases, including new features, security enhancements, bug fixes, and performance optimizations. For the most up-to-date changelog, visit the WP Ghost Knowledge Base.

= 9.0.03 (06 April 2026) =

• Fix – Fixed an issue where the Dark Mode popup remained white and some settings fields were too dark
• Fix – Fixed Login Page Design to work in Disable mode
• Fix – Fixed Firewall whitelist IPs and paths to work in disabled mode when the Firewall is activated
• Fix – Fixed minor bugs and typos

= 9.0.02 (01 April 2026) =

• New – Translation in Indonesian (id_ID) language
• New – Translation in Turkish (tr_TR) language
• Update – Translations updated in all 16 supported languages: Arabic, Brazilian Portuguese, Chinese (Simplified), Dutch, Finnish, French, German, Italian, Japanese, Portuguese, Romanian, Russian, Spanish, and English (default)
• Fix – Friendly time display (e.g. “3 hours ago”) now renders correctly in all translated languages
• Fix – Dropdown and Help icon in the RTL languages

= 9.0.01 (30 March 2026) =

• Fix – Resolved robots.txt warning when user agents are blocked
• New – Country filter in Security Threats Log and User Events Log
• New – Click on a country circle in the GeoMap to open Security Threats Log filtered by that country for the last 7 days
• Update – Moved Export CSV button to below the table in Security Threats Log and User Events Log to avoid accidental clicks
• Update – Added proper color handling for dark mode (browser-based)
• Update – Enhanced security progress indicator and introduced Security Optimization Score
• Update – Add a loading process on login submit
• Fix – GeoMap country circle counts now match Security Threats Log counts for the same 7-day window
• Fix – Security Threats counting for the last 7 days on widget now matches the log totals (timezone-aligned day buckets)
• Fix – Passkey login spinner not showing due to missing classList calls
• Fix – Country codes missing from threats log rows now resolved on-the-fly from GeoIP when cron is not running

= 9.0.00 (26 March 2026) =

• New – Customize the login page with custom logo (with live preview), logo link URL, and color scheme (page, form, button, text, link colors) with one-click presets
• New – Block AI Crawler Bots at firewall level with automatic robots.txt Disallow rules (GPTBot, ClaudeBot, PerplexityBot, Bytespider, and 30+ others)
• New – GEO Map with top 5 threat countries visualization on the Overview dashboard
• New – Export Security Threats Log and User Events Log to CSV
• New – Security Check task to verify IP block automation is configured correctly
• New – Threats count in the Overview widget now shows the full 7-day period totals
• New – Notification in the Overview widget to activate 7G/8G Firewall when unblocked threats are detected
• Update – Store country code in the threats log table for faster country stats
• Update – Missing country codes resolved in background via cron without slowing down threat logging

= 8.3.07 (16 March 2026) =

• Fix – Sorting and filtering in the Events Log & Security Threats Log
• Fix – Rules and Threats filters to work with WP Multisite subpaths structure
• Fix – Temporary login user edit link on WP Multisite
• Fix – Compatibility with WooCommerce 10.6
• Fix – Compatibility with the Blocksy theme
• Fix – Optimize the plugin speed

= 8.3.06 (09 March 2026) =

• Update – JS requirements for WordPress 6.9.2
• Fix – Security Log and Events Log not recording properly
• Fix – Optimize user logged in verification
• Fix – Don’t show the 2FA and Magic Login form when the Safe URL parameter is set
• Fix – Prevent logging out when the paths are changed
• Fix – Sending the code too often on 2FA Email verification. The code can be resent only every 30 seconds
• Fix – Remove unused JS, CSS and fonts

= 8.3.05 (05 March 2026) =

• Update – JS requirements for WordPress 6.9.2
• Fix – Security Log and Events Log not recording properly
• Fix – Optimize user logged in verification
• Fix – Sending the code too often on 2FA Email verification. The code can be resent only every 30 seconds
• Fix – Remove unused JS, CSS and fonts

= 8.3.04 (02 March 2026) =

• Update – Remove the option to send the new paths by email as they are already on WP Ghost Dashboard
• Update – Send the Brute Force, 2FA and Magic Login texts to the multilingual plugins like WPML and Polylang
• Update – Add the Magic Login options to Change Paths > Login Security section
• Update – Compatibility with PHP 8.5
• Fix – Small bugs and typos

= 8.3.03 (25 Feb 2026) =

• New – Added Automation on IP address blocking in the Firewall
• Update – Added compatibility with Photo Gallery from 10Web
• Update – Translations in all 14 languages
• Update – Moved 2FA and Magic Login feature in WP Ghost core
• Update – UI for Security Threats Log and Events Log
• Update – Plugin core security according to the latest WordPress security recommendations
• Fix – Firewall rules to work with the new WordPress 6.9.2 update

= 8.3.02 (20 Feb 2026) =

• New – Added Automation on IP address blocking in the Firewall
• Update – Added compatibility with Photo Gallery from 10Web
• Update – Translations in all 14 languages
• Fix – Firewall rules to work with the new WordPress 6.9.2 update

= 8.3.01 (10 Feb 2026) =

• Fix – Fatal error on log table creation when the plugin is activated
• Fix – Safe URL parameter on login form to prevent 2FA from showing when is activated

= 8.3.00 (07 Feb 2026) =

• New – Security Threats Log added to track blocked attacks and malicious requests
• Change – Events Log renamed to Logs, now split into User Events and Security Threats
• Update – Expanded 7G / 8G Firewall rules to block advanced brute-force attempts, SQL injection, XSS payloads, file inclusion, directory traversal, and automated vulnerability scans before reaching WordPress
• Update – Improved threat detection to stop malicious requests before execution

= 8.2.10 (11 Apr 2025) =

• Update – Compatibility with WordPress version 6.8
• Fix – File security when the rewrite rules are not loaded correctly
• Fix – Prevent Brute Force from updating the warning text without space when switched off
• Fix – Prevent PHP warning when IP address unknown in Brute Force IP check
• Fix – Load i18n on the login page for password-strength-meter messages when the Clean Login option is activated
• Fix – Detect if parent theme has caps when child theme is activated
• Fix – Dynamic file mapping to load through index.php for better compatibility with all server types

= 8.2.04 (07 Mar 2025) =

• Update – Add the option to customize all active and inactive themes
• Fix – Brute Force error in comments when no recaptcha option is selected
• Fix – WP Multisite root directory for custom WP directory installation

= 8.2.03 (04 Mar 2025) =

• Update – Security update on wp-activate.php path call
• Fix – Headers check on Brute Force to get the real IP behind Proxy
• Fix – Admin layout issue when other plugins notification is loading in WP Ghost settings
• Fix – Remove newlines from the rewrite rules

= 8.2.01 (26 Feb 2025) =

• Update – Add Google reCaptcha Enterprise
• Update – Increase security on Brute Force feature
• Update – Compatibility with Sucuri plugin on Events Log and Brute Force
• Update – Add the HMWP_CONFIG_DIR constant to define the config root path
• Update – Translations files for the last text changed
• Fix – Get the real IP address behind proxy
• Fix – Brute Force compatibility with Advanced Pack Magic Login and small bugs
• Fix – Include parent theme in the custom theme name list if the child theme is loaded

= 8.1.04 (06 Feb 2025) =

• Update – New WP Ghost Dashboard design
• Update – Login Attempt and Blocked IPs chart in WP Ghost Dashboard
• Update – Email Alerts log report in WP Ghost Dashboard
• Fix – Paths changed in dynamically loaded CSS and JS files
• Fix – Prevent redirecting URLs to hidden paths on config rules issue
• Fix – Prevent hiding the wp-admin on config rules issue
• Fix – Prevent changing the wp-admin on config rules issue

= 8.1.03 (22 Jan 2025) =

• Update – Knowledge Base links and responsive layout
• Update – GeoIP Country database for Geo-Blocking
• Fix – Config update issue when saving the whitelist from Level Of Security

For versions 8.1.02 and earlier, see the complete changelog on the WP Ghost Knowledge Base.