WP-Members Security 1.6.0 has been released. This is a fairly extensive update and it includes many bug fixes, improvements, and some additional features. It incorporates some updates that were included in two unreleased versions, 1.5.1 and 1.5.2.
Bug Fixes
- Fixes a bug in the concurrent login options that ignores the setting for preventing the current session.
- Fixes a bug in the login lockout that doesn’t lock the user out until max retries +1.
- Fixes a bug in the login lockout that doesn’t recognize when a lockout has been manually released (bug locks the user out again even on successful login until the lockout time expires).
- Fixes a bug that causes the default login lock settings to not load when the setting is first enabled.
- Fixes a bug that displays the password rules in the registration form even if a password field is not included.
- Fixes a bug that displays the password rules heading in the registration form even if no rules have been created.
- Fixes a bug that causes the password rules settings to not load when the setting is first enabled.
- Fixes a bug in the password change when current password is required and applying a custom rule set.
- Fixes a bug in the Akismet anti-spam logging that logs entries that were not rejected.
- Fixes a bug in the login captcha (also disables the checkbox for the option if captcha is not enabled in the main plugin settings).
Additions
- Adds a new option to destroy all existing sessions when a user updates their password.
- Adds a new option to disable xmlrpc and disable pingbacks if xmlrpc is disabled.
- Adds
wpmem_sec_maybe_spam_msg
filter hook to customize the dialog message for registrations flagged as spam. - Adds
wpmem_sec_failedlogin_notify_email_args
filter hook to customize the email address the failed login notification email goes to. - Adds HTML5 tooltip error message for custom password rules when used.
Improvements
- The entire plugin underwent a code review. There were some code improvements, additional sanitizing of inputs, and a security review.
- New admin screen and improvements.
- Custom password rules can now be translated.
- Applies
_n()
for singular/plural password criteria translation. - Updates the Akismet API library.
- Updates the use of
wpmem_inc_changepassword_inputs
which is deprecated in WP-Members, now useswpmem_changepassword_form_defaults
.