Releases: Melapress/melapress-login-security
Releases · Melapress/melapress-login-security
GDPR login page consent message + password expiry notification
-
New features
- New GDPR consent message on the login page (this is a new optional setting and the admins can also edit the message).
- New shortcode to add the GDPR consent message to any custom login page.
- Password expiry notification: users can now be notified via a notice in the dashboard prior to their password expiring.
-
Plugin improvements
- Added some more links to plugin's documentation in the plugin's help text.
- Added in-dashboard notification to advise users what is new and improved in the plugin with each update.
- Enhanced Notification System: Improved the overall infrastructure of the plugin's notification system.
- Created a new "User Management" page and centralized the "Locked Users" and "User import/export" in this new section, for a better UX.
- Updated some settings to ensure they all use the same prefix in the database settings table.
- PHP Function Tweaks: Adjusted some PHP functions to prevent potential errors when timed login policies are active.
-
Bug fixes
- Fixed an edge case in which a fatal error is caused when unlocking a locked user and both the Free and Premium editions are installed.
- Security patch: fixed a low severity security issue reported by YC_Infosec.
Limit Failed Login Attempts included in the Free edition
New features
* Limit failed login attempts feature added.
* Reset passwords of all users with a specific role.
-
Improvements
- Optimized and improved the plugin loading speed and data processing.
- Enhanced email deliverability by adjusting the "From" email address used by the plugin - now the plugin uses an email address with the same domain of the website.
- Enhanced plugin security by reviewing input sanitization and updating all libraries used by the plugin.
- Made several minor UX/UI improvements and text updates across the plugin.
-
Bug fixes
- Fixed PHP warnings generated on multisite when the Summary Email was sent.
- Resolved a redirection issue when using a custom login URL.
- Fixed plugin text overlapping on small devices and resolved several UI/UX issues across the plugin.
Maintenance update - wrapping up 2023 fixes - prepping for 2024
-
Plugin improvements
- Removed redundant code for an improved overall speed and performance.
- Added logic check and notice for users in regards to the 'From email address' used by the plugin when using the "import settings" feature.
- Users can now remove default policies over WordPress forms from the 'Forms & Placements' plugin page.
- Applied a number of UX improvements to the User login time restrictions settings area.
- Fixed a couple of broken URLs in the Free edition's UI used for help text etc.
- Updated the plugin's branding.
-
Bug fixes
- Updated a broken URL of an SVG used inside the plugin's UI.
- Fixed a potential crash that could occur when the plugin was running on sites running on PHP 7.2.
- Fixed: user data and plugin settings was not removed upon uninstall in the Free edition, even when the setting is enabled.
- Fixed an edge case that could cause a wizard to be prompted inside the plugin dashboard, in regards to missing Email Templates content.
- Fixed: an edge case fatal error triggered when the "Remove all plugin data on uninstall" setting is enabled in the Free edition.
Maintenance release + support for new pricing and plans
- *Plugin improvements
- Updated the plugin's branding.
- Upgraded the Freemius SDK to 2.6.2 (Premium).
- Added support for the upcoming new Premium plans (Premium).
Login time restrictions policies & much more
-
New features
- User login time restrictions: restrict the time and days users can log in to the website
- Settings importer & exporter: export the plugin's settings for backup purposes and / or to import the settings to new plugin installs.
- Setting to enable/disable individual emails the plugin sends to users to notify them about changes to their user account.
-
*Plugin improvements
- Support for the WooCommerce user registration form: add the login and password policies with just a click.
- Failed login error messages by the plugin are now displayed correctly on Memberpress powered forms / websites.
- The plugin admin notices only appear on appropriate admin pages.
- Applied various styling and UX improvements to the admin settings and the plugin's UI.
- Improved the integration script so now the PW Strength JS can be triggered via custom JS.
- The change the login page URL setting now available in own admin area.
- Improved user-facing error messages for both Memberpress and Ultimate Member.
- Users restricted from accessing front-end pages on Memberpress + WooCommerce pending a forced password update.
-
Bug fixes
- The strings ‘wp-activate’ and ‘wp-signup’ are no longer blocked in the Custom Login URL settings.
- Fixed bug in password history which would cause the initial user password to not be stored.
- Exempt users setting no longer accepts duplicate entries.
- Fixed: PHP 8.1 deprecation errors.
- Fixed: Bulk Actions not working within Inactive Users page.
- Fixed: Error causing wrong email to be sent on user unblock due to failed logins.
- Fixed an error on multisite networks which could cause some policies to be ignored when logging in via a child site.
- Password hints are displayed correctly on Ultimate Member.
- Fixed potential Fatal error when password reset requests are blocked on Memberpress.
- Fixed JS to ensure PW hide/unhide buttons function as expected on Memberpress forms.
- Ensure any password(s) updates adhere to all policies on third party forms.
- Fixed JS bug on multisite networks bug which would cause an empty popup to appear when toggling ‘disable password reset’ checkbox.
Maintenance release
- Improvements
- Improved contextual help text around the Login access settings page.
- Added further help text to third-party forms area.
Change of login page URL
-
New features
- Custom login URL - Change the default WordPress login page URL and also set a 404 for the old slug.
- Out of the box support for the Memberpress Registration and user password update forms.
-
Improvements
- Added compatibility with WooCommerce COT.
- Locked Users - User list is now paginated for much better performance.
- Plugin no longer applies any user meta on plugin activation resulting in a much faster activation on websites with thousands of users.
- Optimised loading of all plugins files via use of autoloading.
- Admin refinements and improvements of texts where needed.
- Inactive users are now ignored by Failed login policies, to ensure a user cannot be inactive then subsequently locked out.
- Overall build process improvements to ensure no extraneous files.
- Removal of now obsolete npm code.
- Improved Admin area JS to ensure no duplicate values when entering excluded chars.
- Better support for Learndash - Failed login attempts are now fully considered and counted when ‘failed login polices’ are enabled.
- The "Inactive users check" process is now performed in the background to aid performance on sites with large volumes of users.
-
Bug fixes
- PHP 8.1 - Fixed possible deprecation warning.
- Upgrade link no longer leads to 404.
- Email templates - mailto tag no longer shows an ‘http’ protocol.
- Fixed bug where users excluded from policies would not be removable from the list.
Update 1.0.1
- The new Free edition of MLS including some follow-up fixes.