RocketGeek

Home of WP-Members, The Original WordPress Membership Plugin

Home » Plugins » Security » Security Documentation » Change Log

Change Log

1.6.2

  • Add new query object class.
  • Update queries to new object class.
  • Add WP_CLI commands to list and search locked out users.
  • Add WP_CLI command to clear a user lockout.
  • Update WP_CLI settings to disable/enable options as a subcommand (removes separate standalone disable/enalbe commands).
  • Update to list valid email as a valid user (not -1) when recording a failed login (this did not affect lockouts, just the display screen whether it was a valid user or not).

1.6.1

  • Fixes a bug in the failed login screen, the sql query is invalid if paged results are viewed.
  • Fixes a bug in the blocked registration screen, the sql query is invalid if paged results are viewed.
  • Fixes a bug in the blocked registration screen to delete entries using the bulk action menu.
  • Add pagination to WP_CLI sessions command.
  • Add search to WP_CLI sessions command.
  • Add pagination to WP_CLI failed_login command.
  • Add search to WP_CLI failed_login command (currently only by username).

1.6.0

  • Fixes a bug in the concurrent login options that ignores the setting for preventing the current session.
  • Fixes a bug in the login lockout that doesn't lock the user out until max retries +1.
  • Fixes a bug in the login lockout that doesn't recognize when a lockout has been manually released (bug locks the user out again even on successful login until the lockout time expires).
  • Fixes a bug that causes the default login lock settings to not load when the setting is first enabled.
  • Fixes a bug that displays the password rules in the registration form even if a password field is not included.
  • Fixes a bug that displays the password rules heading in the registration form even if no rules have been created.
  • Fixes a bug that causes the password rules settings to not load when the setting is first enabled.
  • Fixes a bug in the password change when current password is required and applying a custom rule set.
  • Fixes a bug in the Akismet anti-spam logging that logs entries that were not rejected.
  • Fixes a bug in the login captcha (also disables the checkbox for the option if captcha is not enabled in the main plugin settings).
  • Adds new option to destroy all sessions on password change.
  • Adds new option to disable xmlrpc and disable pingbacks if xmlrpc is disabled.
  • Adds wpmem_sec_maybe_spam_msg filter hook to customize dialog message.
  • Adds wpmem_sec_failed_login_notify_email_args filter hook to customize failed login notification email.
  • Applies translation to user-facing strings in custom password criteria rules.
  • Applies _n() for singular/plural password criteria translation.
  • Improves the password custom rules check with an error message in the HTML5 form validation.
  • Updates Akismet API library
  • Updates use of wpmem_msg_dialog_arr (deprecated filter hook) to wpmem_msg_defaults (WP-Members 3.3.0+ required).
  • Updates use of wpmem_inc_changepassword_inputs (deprecated filter hook) to wpmem_changepassword_form_defaults.
  • Updates the password generator buttons (when WP pwd strength meter is used) to also be included in the register form. Currently hardcodes input field width to 100%.
  • New loader class (compliant with the other extensions).
  • Code improvements, including additional sanitizing of inputs, security review.
  • Admin screen updates and improvements.

1.5.0

  • Adds log table for tracking rejected spam when using stopforumspam.com or Akismet.
  • Replaces "blacklist" with "banlist".
  • Upgrades password reset error checking when the password generator is used. Requires WP-Members 3.4.7 or higher to work correctly.
  • Declares all object class variables for PHP 8.2 compatibility.
  • Updates queries for list tables to load offset results (speeds up page loads).
  • Adds custom password rules option.

1.4.0

  • Fixes a bug that checks current password during password reset by link when confirm current password for a password change is enabled.
  • Fixes a bug that enables login lockout by default when failed login tracking is enabled (leading to inadvertent lockouts).
  • Update password strength meter option to allow selecting minimum password strength required.
  • Adds wpmem_sec_strength_meter_text filter to customize password strength meter text.
  • Adds password generate button as an option (adds generate password button to password change form, may need styling).
  • Adds option to remove custom db tables on plugin uninstall.
  • Updated updates API.
  • Updates to code for improved PHP 8+ compatibility.

1.3.3

  • Add option to disable xmlrpc.php for authenticated processes.
  • Updated translation template.
  • Moved /libraries/ to /vendor/.
  • Added rocketgeek-utilities library.
  • Added WP_Error object check on response in stop-forum-spam api.

1.3.2

  • Localizes password strength meter.
  • Updates Akismet API library.
  • Updates jQuery Tabs library.
  • Updates RocketGeek plugin manager library.
  • Make sure track failed logins is enabled if login lockout is enabled.
  • New wpmem_sec_skip_pwd_chg filter to allow skipping password change requirements by user.
  • Only load sub object classes if appropriate setting is enabled.

1.3.1

  • Fixes a bug in the track failed login db query.
  • Updated the plugin update API to 1.3.1
  • Updated dates.

1.3.0

  • Added German language files. (Thanks, Yvonne!)
  • Added login form captcha.
  • Added login lockout features.
  • Added shortcodes to the failed login admin notification email: [timestamp], [error_code], and [error_message]. New installs will see these in the default message. If you're upgrading, it won't overwrite what you have, so you'll need to add them manually if you want that data included in the email.
  • Expanded concurrent login prevention - now you can choose whether to destroy the current session or the previous session.
  • Update to not ask for current password when new WP-Members password reset link is being activated (WP-Members 3.3.8 compatibility).

1.2.2

  • Fixes a bug in WP-Members Security that causes a password reset required flag to be set when the registration form includes a password. This means a newly registered user would log in and be required to change their password. The flag should only be set on registration when the password is randomly set. 1.2.2 fixes this issue.

1.2.1

  • Fixes a bug in WP-Members Security 1.2.0 and 1.1.0 that caused the plugin to not recognize that the current version was the most recent. If WP debugging was turned on, this would include some PHP errors indicating that the wp-members-security.php file could not be opened. Note: this bug only affected validating whether the plugin needed to be updated and does not affect the core plugin functionality in any way.
  • Added some additional file protections and data sanitization.

1.2.0

  • Added "previous passwords" restriction.
  • Added logging and notification of failed logins.
  • Added stopforumspam.com API validation of registrations.
  • Added Akismet API validation of registrations.
  • Updated to evaluate all email and username comparisons as lowercase (improves blacklist validation).
  • Updated registration honey pot to assign a random (text) field.

1.1.0

  • Bug fix the settings tab (checkbox settings not displaying in 1.0.3).
  • Added password flag (change required) if admin changes a user's password.
  • Improved coding standards in main object class.
  • get_current_session() now can check a specific user ID.
  • password_flag(), password_timestamp(), password_on_rePset(), password_change() now return boolean on meta update.
  • API functions added for wpmem_sec_set_password_flag(), wpmem_sec_users_with_sessions(), and wpmem_sec_get_user_session().

1.0.3

  • Added wpmem_honey_pot_row filter.
  • Fixed registration form honey pot bug.
  • Localized the plugin.
  • Updated login redirect (it comes later so no longer needs to validate credentials).
  • Updated plugin updates library.

1.0.2

  • Fixes issue with password_flag() where arguments were passed out of order.
  • Expands password_flag() for possible API inclusion.
  • Changes action for password_flag_reg() to user_register (was wpmem_post_register_data).
  • Updated uninstall file.
  • Applies new updates API with license keys.

1.0.1

  • Fixes issue with loading blacklist settings (if not upgrading from Blacklist extension).

1.0.0

  • Initial Release.
  • Replaces Registration Blacklist extension.

Ready to get started?

Join Today!