RocketGeek

Home of WP-Members, The Original WordPress Membership Plugin

Home » Release Announcements » WP-Members Security 1.6.2

WP-Members Security 1.6.2

· ·

This article is provided free. Find out how you can get full access to premium content, including how-to articles and support forums, as well as priority email support and member exclusive plugin extensions..

 

WP-Members Security 1.6.2 has been released. This is a minor update with some feature elements that didn’t quite make it into the previous two packages. Most of the changes are related to WP CLI commands.

This update incorporates the addition of a new query object class to standardize the queries the plugin makes, especially related to its custom tables in the WP database. There is no difference in output, so the change is not noticeable.

Failed Login Report Table

One change that is noticeable and is not part of the WP CLI command updates is with regards to recording failed logins. Previously, if a user login using an email address as the username failed, the record showed it as being an unknown user. This is because only the user_login field was queried when trying to get the user ID. The way this displayed in the failed login table was the email was shown in the username field and the user ID and email were unknown.

Now, with this update, if the login was using a known email (an email address belonging to an existing user) and the login fails, it will be recorded with the user ID of the known user. The failed login table will display the user ID, username, and email address of the user.

Note: this is just a minor change with regards to display and tracking failed logins. Fundamentally, all of this is happening after the login was failed – it’s just in how the data was recorded and viewed.

WP CLI Commands

This update gets rid of the get command. This has now been replaced by individual direct commands that were all subcommands of get. New commands were added as follows:

  • wp mem sec lockouts list – Displays a list of locked out users. Can display all (--all) or current (--current) lists.
  • wp mem sec lockouts search <search_string> – Searches for lockouts by username or email. If no “search by” parameter is passed, it will search by username. You can specify the search by username (login) or email with the “by” argument: --by=<login|email>.
  • wp mem sec clear_lockout <lock_id> – This command can clear a specific lockout. Specify the lockout to clear by its ID. You can retrieve the ID from the list or search results as both of those tables display the lock ID for each line.
  • disable and enable are now subcommands of wp mem sec settings (they were previously standalone commands). Specify the setting/option to enable or disable in the command. For example to enable login lockout (login_lockout):
    wp mem sec settings --enable=login_lockout

View the documentation on all of the Security plugin’s WP CLI commands here.

Ready to get started?

Join Today!