RocketGeek

Home of WP-Members, The Original WordPress Membership Plugin

Home » Release Announcements » WP-Members Security 1.6.0

WP-Members Security 1.6.0

· ·

This article is provided free. Find out how you can get full access to premium content, including how-to articles and support forums, as well as priority email support and member exclusive plugin extensions..

 

WP-Members Security 1.6.0 has been released. This is a fairly extensive update and it includes many bug fixes, improvements, and some additional features. It incorporates some updates that were included in two unreleased versions, 1.5.1 and 1.5.2.

Bug Fixes

  • Fixes a bug in the concurrent login options that ignores the setting for preventing the current session.
  • Fixes a bug in the login lockout that doesn’t lock the user out until max retries +1.
  • Fixes a bug in the login lockout that doesn’t recognize when a lockout has been manually released (bug locks the user out again even on successful login until the lockout time expires).
  • Fixes a bug that causes the default login lock settings to not load when the setting is first enabled.
  • Fixes a bug that displays the password rules in the registration form even if a password field is not included.
  • Fixes a bug that displays the password rules heading in the registration form even if no rules have been created.
  • Fixes a bug that causes the password rules settings to not load when the setting is first enabled.
  • Fixes a bug in the password change when current password is required and applying a custom rule set.
  • Fixes a bug in the Akismet anti-spam logging that logs entries that were not rejected.
  • Fixes a bug in the login captcha (also disables the checkbox for the option if captcha is not enabled in the main plugin settings).

Additions

  • Adds a new option to destroy all existing sessions when a user updates their password.
  • Adds a new option to disable xmlrpc and disable pingbacks if xmlrpc is disabled.
  • Adds wpmem_sec_maybe_spam_msg filter hook to customize the dialog message for registrations flagged as spam.
  • Adds wpmem_sec_failedlogin_notify_email_args filter hook to customize the email address the failed login notification email goes to.
  • Adds HTML5 tooltip error message for custom password rules when used.

Improvements

  • The entire plugin underwent a code review. There were some code improvements, additional sanitizing of inputs, and a security review.
  • New admin screen and improvements.
  • Custom password rules can now be translated.
  • Applies _n() for singular/plural password criteria translation.
  • Updates the Akismet API library.
  • Updates the use of wpmem_inc_changepassword_inputs which is deprecated in WP-Members, now uses wpmem_changepassword_form_defaults.

Ready to get started?

Join Today!