- Fixes a bug that checks current password during password reset by link when confirm current password for a password change is enabled.
- Fixes a bug that enables login lockout by default when failed login tracking is enabled (leading to inadvertent lockouts).
- Update password strength meter option to allow selecting minimum password strength required.
- Adds wpmem_sec_strength_meter_text filter to customize password strength meter text.
- Adds password generate button as an option (adds generate password button to password change form, may need styling).
- Adds option to remove custom db tables on plugin uninstall.
- Updated updates API.
- Updates to code for improved PHP 8+ compatibility.
- Add option to disable xmlrpc.php for authenticated processes.
- Updated translation template.
- Moved /libraries/ to /vendor/.
- Added rocketgeek-utilities library.
- Added WP_Error object check on response in stop-forum-spam api.
- Localizes password strength meter.
- Updates Akismet API library.
- Updates jQuery Tabs library.
- Updates RocketGeek plugin manager library.
- Make sure track failed logins is enabled if login lockout is enabled.
- New wpmem_sec_skip_pwd_chg filter to allow skipping password change requirements by user.
- Only load sub object classes if appropriate setting is enabled.
- Fixes a bug in the track failed login db query.
- Updated the plugin update API to 1.3.1
- Updated dates.
- Added German language files. (Thanks, Yvonne!)
- Added login form captcha.
- Added login lockout features.
- Added shortcodes to the failed login admin notification email: [timestamp], [error_code], and [error_message]. New installs will see these in the default message. If you're upgrading, it won't overwrite what you have, so you'll need to add them manually if you want that data included in the email.
- Expanded concurrent login prevention - now you can choose whether to destroy the current session or the previous session.
- Update to not ask for current password when new WP-Members password reset link is being activated (WP-Members 3.3.8 compatibility).
- Fixes a bug in WP-Members Security that causes a password reset required flag to be set when the registration form includes a password. This means a newly registered user would log in and be required to change their password. The flag should only be set on registration when the password is randomly set. 1.2.2 fixes this issue.
- Fixes a bug in WP-Members Security 1.2.0 and 1.1.0 that caused the plugin to not recognize that the current version was the most recent. If WP debugging was turned on, this would include some PHP errors indicating that the wp-members-security.php file could not be opened. Note: this bug only affected validating whether the plugin needed to be updated and does not affect the core plugin functionality in any way.
- Added some additional file protections and data sanitization.
- Added "previous passwords" restriction.
- Added logging and notification of failed logins.
- Added stopforumspam.com API validation of registrations.
- Added Akismet API validation of registrations.
- Updated to evaluate all email and username comparisons as lowercase (improves blacklist validation).
- Updated registration honey pot to assign a random (text) field.
- Bug fix the settings tab (checkbox settings not displaying in 1.0.3).
- Added password flag (change required) if admin changes a user's password.
- Improved coding standards in main object class.
- get_current_session() now can check a specific user ID.
- password_flag(), password_timestamp(), password_on_rePset(), password_change() now return boolean on meta update.
- API functions added for wpmem_sec_set_password_flag(), wpmem_sec_users_with_sessions(), and wpmem_sec_get_user_session().
- Added wpmem_honey_pot_row filter.
- Fixed registration form honey pot bug.
- Localized the plugin.
- Updated login redirect (it comes later so no longer needs to validate credentials).
- Updated plugin updates library.
- Fixes issue with password_flag() where arguments were passed out of order.
- Expands password_flag() for possible API inclusion.
- Changes action for password_flag_reg() to user_register (was wpmem_post_register_data).
- Updated uninstall file.
- Applies new updates API with license keys.
- Fixes issue with loading blacklist settings (if not upgrading from Blacklist extension).
- Initial Release.
- Replaces Registration Blacklist extension.