WP 2FA plugin changelog
Release notes: WP 2FA 1.4.2: Improved 2FA policies & multisite network support
- Policy to enforce 2FA policies on superadmins only on a multisite network.
- Setting to restrict other site admins from accessing the 2FA settings and policies.
- Support for Okta Verify 2FA app.
- Added new test buttons to test the email delivery system and also to test individual templates.
- Support for custom user roles with multiple words (such as “shop manager”).
- Users can setup 2FA via their smart device without the need to scan the QR code.
- When instant 2FA setup is required, existing user sessions are not terminated. Instead they are redirected to the 2FA wizard.
- The dates and times used in emails and notifications have the same format as that configured in WordPress.
- The dates and times strings used in the plugin and emails are fully translatable.
- Added a subject to the login confirmation code email.
- Better error reporting when required settings are missing.
- Removed all reference to the Google Authenticator app. Now all messages are generic for all 2FA apps.
- Standardized the order of placeholders in 2FA wizard.
- Users were unable to setup 2FA in some edge cases because of a HTTP 400 error response during the wizard.
- Grace period settings hid unexpectedly upon changing the settings.
- The wrong grace period was being added to the user emails.
- Wrong grace period was shown in user email when users are required to instantly setup 2FA.
- Users were able to disable 2FA after setting it up, even when 2FA is enforced.
This is a followup maintenance release of version 1.4.0.
- Updated the plugin settings text and wizards’ text to reflect the new changes (support for multiple 2FA apps).
- Redirect users to the user profile page if they exit the 2FA setup wizard.
- Reset 2FA app method button not working in wizard.
- When a 2FA method is disabled, all enabled user configured 2FA methods are cleared in the usermeta, falsely flagging the user to reconfigure 2FA.
- Fixed a minor UI compatability issue with Jetpack CRM.
Release notes: WP 2FA 1.4: Support for Authy, FreeOTP & other 2FA apps
- Support for the following 2FA apps: Authy, Duo Security, FreeOTP (open source) Microsoft Authenticator, LastPass.
- Optional policy to enforce instant 2FA – users have to configure 2FA otherwise they can’t login to the website.
- Admins now have the option to choose when the plugin sends emails to users who have not configured 2FA yet (emails to setup 2FA).
- New slide in the setup wizard to allow admins to disable initial 2FA setup emails.
- New option to disallow users from disabling 2FA in their profile.
- Plugin no longer changes the email templates when the front-end 2FA page is enabled / disabled.
- Grace period slide in setup wizard updated so admins can require 2FA straight after login.
- Improved the intructions and help text of the front-end 2FA page.
- Applied several minor UI and UX improvements to the wizard.
- Super admin not shown the notification to configure 2FA when policies applied to them.
- Compatibility issue with WordFence (support ticket).
- Grace period changes in wizard are properly reflected in initial 2FA setup email sent to users.
- Reset button in wizard not working when 2FA is already configured with 2FA app.
- Minor CSS issue with a dashboard widget from Mailster.
Release notes: WP 2FA 1.3: Front-end 2FA setup & improved 2FA policies
- 2FA setup website page for users who do not have access the dashboard and want to setup 2FA.
- Front-end 2FA setup page email tag so the link to setup 2FA can be included in the user emails.
- A number of shortcodes to setup your own 2FA configuration page.
- Setting to enable/disable every individual email notification.
- 2FA Policies can now be enforced both by role and to specific users at the same time.
- Administrators are redirected to the 2FA settings after completing the wizard.
- Standardized the handling and error notifications for the custom from email address and display name placeholders.
- Addressed a number of minor UI issues in the plugin wizard.
- Sites excluded in the wizard on multisite networks not excluded in config.
- Username was not properly retrieved and shown in the backup code print export.
- Users’ grace period database entry was not deleted when admin removed the policies.
- Multisite network support.
- Configurable email templates.
- New setting to also configure the “from email address and display name” for all plugin emails.
- Support for redirect after login plugins.
- Support for custom login pages; user is correctly redirected to enter 2FA code when using one.
- Added a “Send another code” button in the email 2FA wizard (in case first email is not received).
- If they apply, policies are automatically enforced on newly created user (user is sent an email notification).
- 2FA policies are enforced if they apply when a user’s role is changed.
- Locked user is sent an email every time there is a login attempt on the account.
- Backup codes not generated in some specific scenarios.
- Incorrect META title of plugin wizard (Support ticket).
- Plugin does not generate backup codes in certain circumstances.
- Initial release