Password Policies Manager plugin changelog
- New shortcode to add password policy checks to custom login pages (more efficient way of adding the policies check to a page).
- Custom form filter/shortcode no longer require all 3 arguments to work.
- Weekly summary email highlighting a list of users which have been made dormant, locked due to failed logins or have reset their password during the last week.
- New option to prioritise roles in cases where users can have multiple roles.
- New policy to disable users from requesting a new password (meaning admins must send reset).
- New hook “ppmwp_apply_forced_reset_usermeta” that can be used to “force password reset on login” when creating WordPress users via a custom workflow.
- The plugin settings, list of locked users, and help & contact pages are now available in their own admin pages.
- Policies UI is now hidden unless policies are enabled.
- The role tabs are now available via a dropdown rather than individual tabs (better UX & UI).
- Failed login policy now detects failed email-based logins.
- Standardized and improved the password reset form hints styling.
- Improved the plugin’s help-text and setting names.
- Users last activity is now updated on login or logout, to improve performance.
- Double quotes were escaped when added as non-allowed special characters in plugin settings.
- “Update user” button in user profile was not reset when the reset password dialogue is closed.
- Custom password hints not reflected in non-admin facing forms.
- Dormant user now uses correct value even if translated.
- Failed login policies required error argument to always be provided.
- The notice “A user must be excluded” no longer appears when the inactive users policy is disabled.
- Network users now recieve relevant email when “Reset all passwords” is used.
- Cancelling the “set new password” box within a user’s profile page no longer leaves the “Save profile settings” button disabled.
- Password reset’s via a user’s profile page can no longer POST an empty password.
- Failed logins policy – block user log in attempts after a number of failed logins.
- New filter hook to hide password strength suggestions on custom forms.
- Automatically generated passwords now match the configured policies.
- Added more input validation in backend fields.
- Plugin now uses timestamp() instead of time() so it is aware of the time zone configured in WordPress.
- All plugin settings now use YES/NO instead of boolean values in the database (improving dev standards).
- Refactored script data and styles that were printed manually (now using the function wp_localize_script).
- Reduced code by deleting duplicate code and using central functions instead.
- Improved the “User last active” check – plugin updates this more often for more accurate functionality.
- More plugin text, especially text with links is now translatable.
- Email with password reset notification is no longer sent when user has to reset password on next login.
- PHP fatal during plugin uninstall and data clean-up.
- Excluded characters were not shown in the policies in user view
- In some cases users were marked as inactive even though the inactive users check was not enabled.
- Policies for logged-in user’s role were applied when resetting the password of another user with a different role.
- WordPress “Send password reset link” button was not working when the plugin was installed.
- “Generate password” button in the password reset page was not working for users who had to change the password during login.
- Password hints in password reset page were not being updated when changing password.
- Users can bypass some policies and use easy passwords when manipulating the DOM in the user profile page.
- Number of warnings were being generated when generating the POT file.
- In some cases, unlocked inactive users were still marked as inactive users.
- Improved the support for post-login redirect plugins (in some setups the “reset password on first login”was not working when a post-login redirect plugin was installed).
- Moved a number of queries as background process, so users can navigate away from the plugin’s settings page while the task is still running.
- Improved a number of database queries for better performance.
- In some cases users with expired password could still access the dashboard.
- The function “reset password on first login” was not working well with some redirect plugins.
- The password reset link sent to unlock users was invalid in some cases.
- Password policies were not being shown when a password reset page was refreshed.
- Added the ability to specify the submit button class/ID when enabling password policies on custom forms and pages.
- Headers not sent errors were being reported when resetting passwords using the WooCommerce account form.
- Updated the Freemius SDK to 2.4.1.
Release notes: PPMWP 2.3.1: improved support for third party plugins
- Removed option to disable WordPress’ automatic password generation.
- Better support for third party plugins – plugin works much better now with eCommerce, membership & subscription plugins.
- The password reset module will require users to change the password even if they have not reset it within 24 hours.
- Password was not always automatically generated.
- Generated password did not always meet the configured password policies.
- UI was not showing the correct configured user role specific policies.
- Password was not being generated automatically when user had to reset the password on next login.
- Password policies not inherited properly when using custom roles in certain edge cases.
- Password policies not displayed properly on custom pages with WooCommerce.
- User profile setting to require user to change the password during next login.
- The password policies shown when creating a new user are are the policies that apply for the new user’s role.
- Setting to stop WordPress from automatically generating passwords.
- Policy to require inactive users in WordPress to reset password once unlocked.
- Applied several core and performance updates. Plugin can now be used to enforce policies on sites with more than 100,000 users without any performance drops.
- The inactive WordPress users policy now works as a standalone policy. It is no longer dependent on the expiration policy.
- When users are marked as inactive, their existing sessions are instantly terminated.
- Standardized the plugin’s settings prefix (code improvement).
- Plugin hangs when a user is automatically created by WooCommerce during checkout.
- Users are not asked to reset their password during first login when using a specific custom login form.
- Minor UI / placeholders alignment issues.
- Password not reset properly when reset via Custom password reset form in Storefront.
- Out of the box support for custom login pages.
- Added documentation about the hook for custom password reset pages.
- Updated About us page – added reference to our new two-factor authentication plugin.
- Standardized the UI and UX of the user exemption settings.
- Improved validation / checking of all policy settings.
- Password policies inheritance not working properly in some edge cases.
- Plugin loading translation files correctly.
- Plugin settings & data deleted from database when relevant setting is enabled and plugin is uninstalled.
- Plugin shows incorrect message to user when their account is locked (WordPress dormant users check).
- Dormant users policy.
- Setting to specify special characters that cannot be used in passwords.
- Support for post login redirect plugins.
- Reset all passwords functionality now resets all passwords and terminates sessions instantly.
- Updated Freemius SDK to 2.3.2.
- Removed old / obsolete code from the plugin.
- Localized some strings that were hardcoded in js files.
- Setting to exempt users from dormant users checks.
- Fixed some issues with localization and generated new POT file.
- Fixed an edge case issue in which the reset all function was not terminating the users’ sessions.
- Password policies for WordPress multisite networks.
- New password policy to force WordPress users to reset the password the first time they login.
- Increased password history policy: plugin can now remember up to 100 passwords per user.
- Improved the text of the email templates used in the plugin.
- Improved the help and about pages (more links, help etc).
- Improved plugin’s error messages.
- Expired passwords can be reset with a wrong password.
- Expired passwords cannot be reset by administrator.
- Added new SDK to allow Free 7-day plugin trials.
- Reset all passwords functionality works also when policies are disabled.
Improved the plugin’s text and messages (better UX).
- Fixed an issue in which plugin prompts on login pages where incorrect.
- Ability to configure different password policies for different user roles.
- Users can now configure the maximum password length to less than 6 characters (not recommended).
- Generic plugin improvements
- Added Spanish language files.
- Initial Release.