GDPR login page consent message + password expiry notification

• New features

  • New GDPR consent message on the login page (this is a new optional setting and the admins can also edit the message).
  • New shortcode to add the GDPR consent message to any custom login page.
  • Password expiry notification: users can now be notified via a notice in the dashboard prior to their password expiring.

• Plugin improvements

  • Added some more links to plugin's documentation in the plugin's help text.
  • Added in-dashboard notification to advise users what is new and improved in the plugin with each update.
  • Enhanced Notification System: Improved the overall infrastructure of the plugin's notification system.
  • Created a new "User Management" page and centralized the "Locked Users" and "User import/export" in this new section, for a better UX.
  • Updated some settings to ensure they all use the same prefix in the database settings table.
  • PHP Function Tweaks: Adjusted some PHP functions to prevent potential errors when timed login policies are active.

• Bug fixes

  • Fixed an edge case in which a fatal error is caused when unlocking a locked user and both the Free and Premium editions are installed.
  • Security patch: fixed a low severity security issue reported by YC_Infosec.

Limit Failed Login Attempts included in the Free edition

New features
* Limit failed login attempts feature added.
* Reset passwords of all users with a specific role.

• Improvements

  • Optimized and improved the plugin loading speed and data processing.
  • Enhanced email deliverability by adjusting the "From" email address used by the plugin - now the plugin uses an email address with the same domain of the website.
  • Enhanced plugin security by reviewing input sanitization and updating all libraries used by the plugin.
  • Made several minor UX/UI improvements and text updates across the plugin.

• Bug fixes

  • Fixed PHP warnings generated on multisite when the Summary Email was sent.
  • Resolved a redirection issue when using a custom login URL.
  • Fixed plugin text overlapping on small devices and resolved several UI/UX issues across the plugin.

Maintenance update - wrapping up 2023 fixes - prepping for 2024

• Plugin improvements

  • Removed redundant code for an improved overall speed and performance.
  • Added logic check and notice for users in regards to the 'From email address' used by the plugin when using the "import settings" feature.
  • Users can now remove default policies over WordPress forms from the 'Forms & Placements' plugin page.
  • Applied a number of UX improvements to the User login time restrictions settings area.
  • Fixed a couple of broken URLs in the Free edition's UI used for help text etc.
  • Updated the plugin's branding.

• Bug fixes

  • Updated a broken URL of an SVG used inside the plugin's UI.
  • Fixed a potential crash that could occur when the plugin was running on sites running on PHP 7.2.
  • Fixed: user data and plugin settings was not removed upon uninstall in the Free edition, even when the setting is enabled.
  • Fixed an edge case that could cause a wizard to be prompted inside the plugin dashboard, in regards to missing Email Templates content.
  • Fixed: an edge case fatal error triggered when the "Remove all plugin data on uninstall" setting is enabled in the Free edition.

Maintenance release + support for new pricing and plans

• *Plugin improvements
  • Updated the plugin's branding.
  • Upgraded the Freemius SDK to 2.6.2 (Premium).
  • Added support for the upcoming new Premium plans (Premium).

Login time restrictions policies & much more

• New features

  • User login time restrictions: restrict the time and days users can log in to the website
  • Settings importer & exporter: export the plugin's settings for backup purposes and / or to import the settings to new plugin installs.
  • Setting to enable/disable individual emails the plugin sends to users to notify them about changes to their user account.

• *Plugin improvements

  • Support for the WooCommerce user registration form: add the login and password policies with just a click.
  • Failed login error messages by the plugin are now displayed correctly on Memberpress powered forms / websites.
  • The plugin admin notices only appear on appropriate admin pages.
  • Applied various styling and UX improvements to the admin settings and the plugin's UI.
  • Improved the integration script so now the PW Strength JS can be triggered via custom JS.
  • The change the login page URL setting now available in own admin area.
  • Improved user-facing error messages for both Memberpress and Ultimate Member.
  • Users restricted from accessing front-end pages on Memberpress + WooCommerce pending a forced password update.

• Bug fixes

  • The strings ‘wp-activate’ and ‘wp-signup’ are no longer blocked in the Custom Login URL settings.
  • Fixed bug in password history which would cause the initial user password to not be stored.
  • Exempt users setting no longer accepts duplicate entries.
  • Fixed: PHP 8.1 deprecation errors.
  • Fixed: Bulk Actions not working within Inactive Users page.
  • Fixed: Error causing wrong email to be sent on user unblock due to failed logins.
  • Fixed an error on multisite networks which could cause some policies to be ignored when logging in via a child site.
  • Password hints are displayed correctly on Ultimate Member.
  • Fixed potential Fatal error when password reset requests are blocked on Memberpress.
  • Fixed JS to ensure PW hide/unhide buttons function as expected on Memberpress forms.
  • Ensure any password(s) updates adhere to all policies on third party forms.
  • Fixed JS bug on multisite networks bug which would cause an empty popup to appear when toggling ‘disable password reset’ checkbox.

Maintenance release

• Improvements
  • Improved contextual help text around the Login access settings page.
  • Added further help text to third-party forms area.

Change of login page URL

• New features

  • Custom login URL - Change the default WordPress login page URL and also set a 404 for the old slug.
  • Out of the box support for the Memberpress Registration and user password update forms.

• Improvements

  • Added compatibility with WooCommerce COT.
  • Locked Users - User list is now paginated for much better performance.
  • Plugin no longer applies any user meta on plugin activation resulting in a much faster activation on websites with thousands of users.
  • Optimised loading of all plugins files via use of autoloading.
  • Admin refinements and improvements of texts where needed.
  • Inactive users are now ignored by Failed login policies, to ensure a user cannot be inactive then subsequently locked out.
  • Overall build process improvements to ensure no extraneous files.
  • Removal of now obsolete npm code.
  • Improved Admin area JS to ensure no duplicate values when entering excluded chars.
  • Better support for Learndash - Failed login attempts are now fully considered and counted when ‘failed login polices’ are enabled.
  • The "Inactive users check" process is now performed in the background to aid performance on sites with large volumes of users.

• Bug fixes

  • PHP 8.1 - Fixed possible deprecation warning.
  • Upgrade link no longer leads to 404.
  • Email templates - mailto tag no longer shows an ‘http’ protocol.
  • Fixed bug where users excluded from policies would not be removable from the list.

Update 1.0.1

• The new Free edition of MLS including some follow-up fixes.