diff --git a/Block/Adminhtml/Loginlog/Edit/Form.php b/Block/Adminhtml/Loginlog/Edit/Form.php
index 80bf892..43110fa 100644
--- a/Block/Adminhtml/Loginlog/Edit/Form.php
+++ b/Block/Adminhtml/Loginlog/Edit/Form.php
@@ -87,10 +87,11 @@ protected function _prepareForm()
             'name'  => 'id',
             'label' => __('ID'),
         ]);
-        $fieldset->addField('time', 'label', [
+        $fieldset->addField('times', 'label', [
             'name'  => 'time',
             'label' => __('Time'),
             'title' => __('Time'),
+            'value' => $this->_helper->convertToLocaleTime($log->getTime())
         ]);
         $fieldset->addField('user_name', 'label', [
             'name'  => 'user_name',
diff --git a/Helper/Data.php b/Helper/Data.php
index 1b91317..21e6c11 100644
--- a/Helper/Data.php
+++ b/Helper/Data.php
@@ -21,6 +21,13 @@
 
 namespace Mageplaza\Security\Helper;
 
+use DateTime;
+use DateTimeZone;
+use Exception;
+use Magento\Framework\App\Helper\Context;
+use Magento\Framework\ObjectManagerInterface;
+use Magento\Framework\Stdlib\DateTime\TimezoneInterface;
+use Magento\Store\Model\StoreManagerInterface;
 use Mageplaza\Core\Helper\AbstractData;
 use Sinergi\BrowserDetector\Browser;
 use Sinergi\BrowserDetector\Os;
@@ -46,6 +53,30 @@ class Data extends AbstractData
      */
     protected $osLib;
 
+    /**
+     * @var TimezoneInterface
+     */
+    protected $timezone;
+
+    /**
+     * Data constructor.
+     *
+     * @param Context $context
+     * @param ObjectManagerInterface $objectManager
+     * @param StoreManagerInterface $storeManager
+     * @param TimezoneInterface $timezone
+     */
+    public function __construct(
+        Context $context,
+        ObjectManagerInterface $objectManager,
+        StoreManagerInterface $storeManager,
+        TimezoneInterface $timezone
+    ) {
+        $this->timezone     = $timezone;
+
+        parent::__construct($context, $objectManager, $storeManager);
+    }
+
     /**
      * Get Brute Force Config
      *
@@ -160,4 +191,23 @@ public function isReports()
         return $this->isModuleOutputEnabled('Mageplaza_Reports')
             && $this->getConfigValue('mageplaza_reports/general/enabled');
     }
+
+    /**
+     * @param string $time
+     * @param string $format
+     *
+     * @return string
+     */
+    public function convertToLocaleTime($time, $format = 'Y-m-d H:i:s')
+    {
+        try {
+            $localTime   = new DateTime($time, new DateTimeZone('UTC'));
+            $localTime->setTimezone(new DateTimeZone($this->timezone->getConfigTimezone()));
+            $currentTime = $localTime->format($format);
+        } catch (Exception $e) {
+            $currentTime = '';
+        }
+
+        return $currentTime;
+    }
 }
diff --git a/composer.json b/composer.json
index 86c27d7..b2cef49 100644
--- a/composer.json
+++ b/composer.json
@@ -8,7 +8,7 @@
     "sinergi/browser-detector": "*"
   },
   "type": "magento2-module",
-  "version": "4.0.0",
+  "version": "4.0.1",
   "license": "proprietary",
   "authors": [
     {
diff --git a/view/adminhtml/templates/checklist/index.phtml b/view/adminhtml/templates/checklist/index.phtml
index 5822af4..5b0a476 100644
--- a/view/adminhtml/templates/checklist/index.phtml
+++ b/view/adminhtml/templates/checklist/index.phtml
@@ -23,57 +23,57 @@ $unSecureNames = $block->checkAdminUserName();
 ?>
 <div class="box box-<?= empty($unSecureNames) ? 'green' : 'red'; ?>">
     <div class="box-header with-border">
-        <strong><?= __("Check admin's username:") ?></strong>
+        <strong><?= $block->escapeHtml(__("Check admin's username:")) ?></strong>
     </div>
     <div class="username-notice">
-        <p><?= __('The following usernames are not secured: %1.', 'admin, root, test, magento') ?></p>
-        <p><?= __('Hackers can guest username easily. Click on an user to change username.') ?></p>
+        <p><?= $block->escapeHtml(__('The following usernames are not secured: %1.', 'admin, root, test, magento')) ?></p>
+        <p><?= $block->escapeHtml(__('Hackers can guest username easily. Click on an user to change username.')) ?></p>
     </div>
     <div class="err-nof">
-        <?php if (!empty($unSecureNames)): ?>
-            <?php foreach ($unSecureNames as $unSecureName): ?>
+        <?php if (!empty($unSecureNames)) : ?>
+            <?php foreach ($unSecureNames as $unSecureName) : ?>
                 <div class="err-nof-line">
                     <i class="fa fa-remove"></i>
-                    <span><?= __('Username: "%1" is not secure.', $unSecureName['username']) ?></span>
-                    <a href="<?= $block->getUserNameFixitUrl($unSecureName) ?>" target="_blank"
-                       class="fix-it"><?= __('Fix it') ?></a>
+                    <span><?= $block->escapeHtml(__('Username: "%1" is not secure.', $unSecureName['username'])) ?></span>
+                    <a href="<?= $block->escapeUrl($block->getUserNameFixitUrl($unSecureName)) ?>" target="_blank"
+                       class="fix-it"><?= $block->escapeHtml(__('Fix it')) ?></a>
                 </div>
             <?php endforeach; ?>
-        <?php else: ?>
+        <?php else : ?>
             <i class="fa fa-check"></i>
-            <span><?= __('All users are adequate for security purposes') ?></span>
+            <span><?= $block->escapeHtml(__('All users are adequate for security purposes')) ?></span>
         <?php endif; ?>
     </div>
 </div>
 <div class="box box-<?= (!$block->checkFrontendCaptcha() && !$block->checkBackendCaptcha()) ? 'red' : 'green' ?>">
     <div class="box-header with-border">
-        <strong><?= __('Check captcha:') ?></strong>
+        <strong><?= $block->escapeHtml(__('Check captcha:')) ?></strong>
     </div>
     <div class="err-nof">
         <p>
-            <?php if (!$block->checkFrontendCaptcha()): ?>
+            <?php if (!$block->checkFrontendCaptcha()) : ?>
                 <i class="fa fa-remove"></i>
-                <span><?= __("Frontend captcha is not enabled. Hackers may carry out brute-force attacks on your customers' accounts") ?></span>
-                <a href="<?= $block->getFrontendCaptchaFixitUrl() ?>"
-                   class="fix-it"><?= __('Fix it') ?></a>
-            <?php else: ?>
+                <span><?= $block->escapeHtml(__("Frontend captcha is not enabled. Hackers may carry out brute-force attacks on your customers' accounts")) ?></span>
+                <a href="<?= $block->escapeUrl($block->getFrontendCaptchaFixitUrl()) ?>"
+                   class="fix-it"><?= $block->escapeHtml(__('Fix it')) ?></a>
+            <?php else : ?>
                 <i class="fa fa-check"></i>
-                <span><?= __('Frontend captcha is enabled.') ?></span>
+                <span><?= $block->escapeHtml(__('Frontend captcha is enabled.')) ?></span>
             <?php endif; ?>
         </p>
-        <?php if (!$block->checkBackendCaptcha()): ?>
+        <?php if (!$block->checkBackendCaptcha()) : ?>
             <div class="err-nof-line">
                 <p>
                     <i class="fa fa-remove"></i>
-                    <span><?= __('Backend captcha is not enabled. To protect your backend from brute-force attacks, you should enable it.') ?></span>
-                    <a href="<?= $block->getBackendCaptchaFixitUrl() ?>"
-                       class="fix-it"><?= __('Fix it') ?></a>
+                    <span><?= $block->escapeHtml(__('Backend captcha is not enabled. To protect your backend from brute-force attacks, you should enable it.')) ?></span>
+                    <a href="<?= $block->escapeUrl($block->getBackendCaptchaFixitUrl()) ?>"
+                       class="fix-it"><?= $block->escapeHtml(__('Fix it')) ?></a>
                 </p>
             </div>
-        <?php else: ?>
+        <?php else : ?>
             <p>
                 <i class="fa fa-check"></i>
-                <span><?= __('Backend captcha is enabled.') ?></span>
+                <span><?= $block->escapeHtml(__('Backend captcha is enabled.')) ?></span>
             </p>
         <?php endif; ?>
     </div>
@@ -84,51 +84,51 @@ $isLatest = $version['latestVer'] == $version['currentVersion'];
 ?>
 <div class="box box-<?= $isLatest ? 'green' : 'red' ?>">
     <div class="box-header with-border">
-        <strong><?= __('Check Magento Version:') ?></strong>
+        <strong><?= $block->escapeHtml(__('Check Magento Version:')) ?></strong>
     </div>
     <div class="err-nof">
-        <?php if (!$isLatest): ?>
+        <?php if (!$isLatest) : ?>
             <div class="err-nof-line">
                 <i class="fa fa-remove"></i>
                 <span>
-                    <?= __('Your Magento version is: %1, the latest version is: %2', $version['currentVersion'], $version['latestVer']) ?>
-                    <a href="<?= $block->getVersionFixitUrl() ?>" target="_blank"
-                       class="fix-it"><?= __('Upgrade') ?></a>
+                    <?= $block->escapeHtml(__('Your Magento version is: %1, the latest version is: %2', $version['currentVersion'], $version['latestVer'])) ?>
+                    <a href="<?= $block->escapeUrl($block->getVersionFixitUrl()) ?>" target="_blank"
+                       class="fix-it"><?= $block->escapeHtml(__('Upgrade')) ?></a>
                 </span>
             </div>
-        <?php else: ?>
+        <?php else : ?>
             <i class="fa fa-check"></i>
-            <span><?= __('Your store is running on the latest version.') ?></span>
+            <span><?= $block->escapeHtml(__('Your store is running on the latest version.')) ?></span>
         <?php endif; ?>
     </div>
 </div>
 <?php $dbPrefix = $block->getDatabasePrefix() ?>
 <div class="box box-<?= $dbPrefix ? 'green' : 'red' ?>">
     <div class="box-header with-border">
-        <strong><?= __('Check database prefix:') ?></strong>
+        <strong><?= $block->escapeHtml(__('Check database prefix:')) ?></strong>
     </div>
     <div class="err-nof">
-        <?php if ($dbPrefix): ?>
+        <?php if ($dbPrefix) : ?>
             <i class="fa fa-check"></i>
-            <span><?= __("Your store's database is good.") ?></span>
-        <?php else: ?>
+            <span><?= $block->escapeHtml(__("Your store's database is good.")) ?></span>
+        <?php else : ?>
             <div class="err-nof-line">
                 <i class="fa fa-remove"></i>
                 <span>
-                    <?= __('Your store’s database hasn’t got table prefixes.') ?>
-                    <a id="db-prefix" class="fix-it"><?= __('Fix it') ?></a>
-                    <?= $block->getDbFixitAdditionData() ?>
+                    <?= $block->escapeHtml(__('Your store’s database hasn’t got table prefixes.')) ?>
+                    <a id="db-prefix" class="fix-it"><?= $block->escapeHtml(__('Fix it')) ?></a>
+                    <?= $block->escapeHtml($block->getDbFixitAdditionData()) ?>
                 </span>
             </div>
         <?php endif; ?>
     </div>
 </div>
 <script>
-    <?php if (!$block->hasProPackage()): ?>
+    <?php if (!$block->hasProPackage()) : ?>
     require([
         'jquery'
     ], function ($) {
-        var notice = "<?= __('Please update to %1 edition to have these issues solved automatically.', '<a href=\'http://www.mageplaza.com/magento-2-security/\' target=\'_blank\'>SecurityPro</a>'); ?>";
+        var notice = "<?= /** noEscape */ __('Please update to %1 edition to have these issues solved automatically.', '<a href=\'http://www.mageplaza.com/magento-2-security/\' target=\'_blank\'>SecurityPro</a>'); ?>";
 
         $('.fix-it').each(function () {
             $(this).click(function (e) {
@@ -147,5 +147,5 @@ $isLatest = $version['latestVer'] == $version['currentVersion'];
         });
     });
     <?php endif; ?>
-    <?= $block->getAdditionalJavascript() ?>
+    <?= /** noEscape */ $block->getAdditionalJavascript() ?>
 </script>
diff --git a/view/adminhtml/templates/dashboard/grid.phtml b/view/adminhtml/templates/dashboard/grid.phtml
index 9518722..e76b5aa 100644
--- a/view/adminhtml/templates/dashboard/grid.phtml
+++ b/view/adminhtml/templates/dashboard/grid.phtml
@@ -21,8 +21,8 @@
 
 $numColumns = count($block->getColumns());
 ?>
-<?php if ($block->getCollection()): ?>
-    <?php if ($block->isReports()): ?>
+<?php if ($block->getCollection()) : ?>
+    <?php if ($block->isReports()) : ?>
         <style>
             #container > #mp-login-log {
                 display: none;
@@ -34,34 +34,34 @@ $numColumns = count($block->getColumns());
         </style>
     <?php endif; ?>
     <div class="dashboard-item" id="mp-login-log">
-        <div class="dashboard-item-title"><?= __('Login Log') ?></div>
+        <div class="dashboard-item-title"><?= $block->escapeHtml(__('Login Log')) ?></div>
         <div class="dashboard-item-content">
-            <?php if ($block->getCollection()->getSize() > 0): ?>
-                <table class="admin__table-primary dashboard-data" id="<?= $block->getId() ?>_table">
+            <?php if ($block->getCollection()->getSize() > 0) : ?>
+                <table class="admin__table-primary dashboard-data" id="<?= $block->escapeHtmlAttr($block->getId()) ?>_table">
                     <?php
                     /* This part is commented to remove all <col> tags from the code. */
                     /* foreach ($block->getColumns() as $_column): ?>
                     <col <?= $_column->getHtmlProperty() ?> />
                     <?php endforeach; */ ?>
-                    <?php if ($block->getHeadersVisibility() || $block->getFilterVisibility()): ?>
+                    <?php if ($block->getHeadersVisibility() || $block->getFilterVisibility()) : ?>
                         <thead>
-                        <?php if ($block->getHeadersVisibility()): ?>
+                        <?php if ($block->getHeadersVisibility()) : ?>
                             <tr>
-                                <?php foreach ($block->getColumns() as $_column): ?>
+                                <?php foreach ($block->getColumns() as $_column) : ?>
                                     <?= $_column->getHeaderHtml() ?>
                                 <?php endforeach; ?>
                             </tr>
                         <?php endif; ?>
                         </thead>
                     <?php endif; ?>
-                    <?php if (!$block->getIsCollapsed()): ?>
+                    <?php if (!$block->getIsCollapsed()) : ?>
                         <tbody>
-                        <?php foreach ($block->getCollection() as $_index => $_item): ?>
-                            <tr title="<?= $block->getRowUrl($_item) ?>">
+                        <?php foreach ($block->getCollection() as $_index => $_item) : ?>
+                            <tr title="<?= $block->escapeHtmlAttr($block->getRowUrl($_item)) ?>">
                                 <?php $i = 0;
-                                foreach ($block->getColumns() as $_column): ?>
-                                    <td class="<?= $_column->getCssProperty() ?> <?= ++$i === $numColumns ? 'last' : '' ?>">
-                                        <?= ($_column->getRowField($_item) != '') ? $_column->getRowField($_item) : '&nbsp;' ?>
+                                foreach ($block->getColumns() as $_column) : ?>
+                                    <td class="<?= $block->escapeHtmlAttr($_column->getCssProperty()) ?> <?= ++$i === $numColumns ? 'last' : '' ?>">
+                                        <?= ($_column->getRowField($_item) != '') ? $block->escapeHtml($_column->getRowField($_item)) : '&nbsp;' ?>
                                     </td>
                                 <?php endforeach; ?>
                             </tr>
@@ -69,8 +69,8 @@ $numColumns = count($block->getColumns());
                         </tbody>
                     <?php endif; ?>
                 </table>
-            <?php else: ?>
-                <div class="<?= $block->getEmptyTextClass() ?>"><?= $block->getEmptyText() ?></div>
+            <?php else : ?>
+                <div class="<?= $block->escapeHtmlAttr($block->getEmptyTextClass()) ?>"><?= $block->escapeHtml($block->getEmptyText()) ?></div>
             <?php endif; ?>
         </div>
     </div>
@@ -83,15 +83,15 @@ $numColumns = count($block->getColumns());
             })
         });
     </script>
-    <?php if ($block->canDisplayContainer()): ?>
+    <?php if ($block->canDisplayContainer()) : ?>
         <script>
             var deps = [];
 
-            <?php if ($block->getDependencyJsObject()): ?>
+            <?php if ($block->getDependencyJsObject()) : ?>
             deps.push('uiRegistry');
             <?php endif; ?>
 
-            <?php if (strpos($block->getRowClickCallback(), 'order.') !== false): ?>
+            <?php if (strpos($block->getRowClickCallback(), 'order.') !== false) : ?>
             deps.push('Magento_Sales/order/create/form');
             <?php endif; ?>
 
@@ -100,35 +100,35 @@ $numColumns = count($block->getColumns());
             require(deps, function (<?=($block->getDependencyJsObject() ? 'registry' : '') ?>) {
                 <?php //TODO: getJsObjectName and getRowClickCallback has unexpected behavior. Should be removed ?>
 
-                <?php if ($block->getDependencyJsObject()): ?>
-                registry.get('<?= $block->getDependencyJsObject() ?>', function (<?= $block->getDependencyJsObject() ?>) {
+                <?php if ($block->getDependencyJsObject()) : ?>
+                registry.get('<?= /** noEscape */ $block->getDependencyJsObject() ?>', function (<?= /** noEscape */ $block->getDependencyJsObject() ?>) {
                 <?php endif; ?>
 
-                    <?= $block->getJsObjectName() ?> = new varienGrid('<?= $block->getId() ?>', '<?= $block->getGridUrl() ?>', '<?= $block->getVarNamePage() ?>', '<?= $block->getVarNameSort() ?>', '<?= $block->getVarNameDir() ?>', '<?= $block->getVarNameFilter() ?>');
-                    <?= $block->getJsObjectName() ?>.
-                    useAjax = '<?= $block->getUseAjax() ?>';
-                    <?php if ($block->getRowClickCallback()): ?>
-                        <?= $block->getJsObjectName() ?>.
-                    rowClickCallback = <?= $block->getRowClickCallback() ?>;
+                    <?= /** noEscape */ $block->getJsObjectName() ?> = new varienGrid('<?= /** noEscape */ $block->getId() ?>', '<?= /** noEscape */ $block->getGridUrl() ?>', '<?= /** noEscape */ $block->getVarNamePage() ?>', '<?= /** noEscape */ $block->getVarNameSort() ?>', '<?= /** noEscape */ $block->getVarNameDir() ?>', '<?= /** noEscape */ $block->getVarNameFilter() ?>');
+                    <?= /** noEscape */ $block->getJsObjectName() ?>.
+                    useAjax = '<?= /** noEscape */ $block->getUseAjax() ?>';
+                    <?php if ($block->getRowClickCallback()) : ?>
+                        <?= /** noEscape */ $block->getJsObjectName() ?>.
+                    rowClickCallback = <?= /** noEscape */ $block->getRowClickCallback() ?>;
                     <?php endif; ?>
-                    <?php if ($block->getCheckboxCheckCallback()): ?>
-                        <?= $block->getJsObjectName() ?>.
-                    checkboxCheckCallback = <?= $block->getCheckboxCheckCallback() ?>;
+                    <?php if ($block->getCheckboxCheckCallback()) : ?>
+                        <?= /** noEscape */ $block->getJsObjectName() ?>.
+                    checkboxCheckCallback = <?= /** noEscape */ $block->getCheckboxCheckCallback() ?>;
                     <?php endif; ?>
-                    <?php if ($block->getRowInitCallback()): ?>
-                        <?= $block->getJsObjectName() ?>.
-                    initRowCallback = <?= $block->getRowInitCallback() ?>;
-                        <?= $block->getJsObjectName() ?>.
+                    <?php if ($block->getRowInitCallback()) : ?>
+                        <?= /** noEscape */ $block->getJsObjectName() ?>.
+                    initRowCallback = <?= /** noEscape */ $block->getRowInitCallback() ?>;
+                        <?= /** noEscape */ $block->getJsObjectName() ?>.
                     rows.each(function (row) {
-                        <?= $block->getRowInitCallback() ?>(<?= $block->getJsObjectName() ?>, row
+                        <?= /** noEscape */ $block->getRowInitCallback() ?>(<?= /** noEscape */ $block->getJsObjectName() ?>, row
                     )
                     });
                     <?php endif; ?>
-                    <?php if ($block->getMassactionBlock()->isAvailable()): ?>
-                        <?= $block->getMassactionBlock()->getJavaScript() ?>
+                    <?php if ($block->getMassactionBlock()->isAvailable()) : ?>
+                        <?= /** noEscape */ $block->getMassactionBlock()->getJavaScript() ?>
                     <?php endif ?>
 
-                    <?php if ($block->getDependencyJsObject()): ?>
+                    <?php if ($block->getDependencyJsObject()) : ?>
                 });
                     <?php endif; ?>
             });
diff --git a/view/adminhtml/templates/report.phtml b/view/adminhtml/templates/report.phtml
index 3ed5a9e..5b78527 100644
--- a/view/adminhtml/templates/report.phtml
+++ b/view/adminhtml/templates/report.phtml
@@ -21,15 +21,15 @@
 ?>
 
 <h1>
-    <?= $this->errorCode ? $this->errorCode . ' - ' : '' ?>
-    <?= $this->pageTitle ?>
+    <?= $this->errorCode ? $block->escapeHtml($this->errorCode . ' - ') : '' ?>
+    <?= $block->escapeHtml($this->pageTitle) ?>
 </h1>
-<?php if ($this->_config->action == ''): ?>
-    <p><em><?= __('Exception printing is disabled by default for security reasons.') ?></em></p>
-<?php elseif ($this->reportData): ?>
+<?php if ($this->_config->action == '') : ?>
+    <p><em><?= $block->escapeHtml(__('Exception printing is disabled by default for security reasons.')) ?></em></p>
+<?php elseif ($this->reportData) : ?>
     <div class="trace-container">
         <div class="trace">
-            <pre><?= $this->reportData ?><br/>
+            <pre><?= $block->escapeHtml($this->reportData) ?><br/>
 Please read the following materials to resolve the problem:
  - User Guide http://docs.mageplaza.com/security/
  - FAQs https://www.mageplaza.com/faqs/
diff --git a/view/frontend/templates/email/email.phtml b/view/frontend/templates/email/email.phtml
index 4bd6216..5d1e520 100644
--- a/view/frontend/templates/email/email.phtml
+++ b/view/frontend/templates/email/email.phtml
@@ -21,17 +21,17 @@
 
 $logs = $block->getLogs();
 ?>
-<?php if ($logs): ?>
-    <?php foreach ($logs as $log): ?>
+<?php if ($logs) : ?>
+    <?php foreach ($logs as $log) : ?>
         <tr>
             <td style="border-collapse: collapse; border: 1px solid #ccc;">
-                <span style="margin: 10px"><?= $log['user_name']; ?></span>
+                <span style="margin: 10px"><?= $block->escapeHtml($log['user_name']) ?></span>
             </td>
             <td style="border-collapse: collapse; border: 1px solid #ccc;">
-                <span style="margin: 10px"><?= $log['ip']; ?></span>
+                <span style="margin: 10px"><?= $block->escapeHtml($log['ip']) ?></span>
             </td>
             <td style="border-collapse: collapse; border: 1px solid #ccc;">
-                <span style="margin: 10px"><?= $log['time']; ?></span>
+                <span style="margin: 10px"><?= $block->escapeHtml($log['time']) ?></span>
             </td>
         </tr>
     <?php endforeach; ?>