WP White Security will soon be rebranding to Melapress. As part of this change, www.wpwhitesecurity.com will no longer be available and will be redirected to melapress.com.

Search Knowledge Base by Keyword

MelaPress Login Security changelog

You are here:

1.0.0 (20230302) – Plugin renamed

Release notes: Announcing MelaPress Login Security 1.0.0

New Features:

  • Free edition of the plugin now available on the WordPress plugins repository.
  • One-click integration with WooCommerce, LearnDash, Ultimate Member, BuddyPress and bbPress: add password policy checks to forms from these plugins with just a click.
  • Editable email templates: the text of all the plugin’s emails can be edited using the WordPress editor.

Improvements & other changes:

  • New plugin slug: melapress-login-security.
  • New plugin menu name: MelaPress Login Security.
  • WordPress’ “Generate Password” button creates a password that matches the policies.
  • Added a configurable time limit users can configure to specify the time period required to reset the failed logins count in the [Failed Logins Policies]() feature.
  • In the Failed Logins Policies usrs can now specify minutes instead of hours, enuring no accounts are locked for a very long time.
  • Updated code to adhere to coding standards and formatting.
  • Improved support for running the plugin on wesites with custom file structure (WordPress core files are no longer called directly).
  • Beefed up security; added much more sanitization and validation, and escaping user input etc.
  • Reviewed and improved the text and help text in the plugin.
  • Improved the UI of the password suggestions in the password reset page.
  • Updated the Freemius SDK to version 2.5.3.
  • Consolidated the “Redirect user to password reset” code to one class.
  • Reviewed and improved all the text of the email templates.
  • Updated the password-strength-meter.js to avoid any potential conflicts.
  • Removed quite a bit of redundant code.
  • Better support for passwordless logins: plugin now completely bails out when a user is using a passwordless login.
  • UX improvement: mouse pointer only changes on checkmarks/hoverable/clickable elements.
  • Support for forms with multiple password placeholders; plugin adds the policy checks to both placeholders.
  • Improved support for running the plugin on PHP 8.


  • Fixed: Plugin not remembering the first used password when the Disallow Passwords policy is enabled.
  • Fixed: Missing var in ppm_handle_login_based_reset.
  • Disallow the use of previous passwords was not working properly on reset password page.
  • Fixed: reducing the number of disallowed passwords was not purging the passwords that are no longer needed.
  • Fixed an issue with the HTML in the Inactive users when the interface is translated.
  • Fixed the text in the settings page: in some places HTML code was showing up.
  • Fixed: fatal error when a user tries to reset a password while already logged in to the website.
  • Fixed a PHP fatal error in the class PPM_Failed_Logins.

2.6.1 (20220726)

Bug fixes:

* Fixed: Locked users always requested to reset password upon unlock (even when the setting is disabled).
* Fixed: Password expired email sent multiple times.
* Fixed: Inactive users still able to log in in some cases.
* Fixed a typo in reset password email.

2.6.0 (20220517)

Release notes: Announcing the release of WPassword 2.6.0

New feature:


  • Made some prompts’ text available for translation.
  • Improved the formatting of the summary email.
  • Added the new plugin logo in the plugin’s UI.
  • Improved parsing of list of IDs and classes in the custom forms support script.
  • Updated the text of the Help & About us page.
  • Added the GNU license / updated the licensing details.

Bug fixes:

  • Fixed: Plugin sending multiple “password expired” emails to users.
  • Fixed: The password expired check was running even on exempted users.
  • Fixed: Automatically unlocked users not removed from list of locked users.
  • Fixed: Unable to use the ‘ and ” characters in the special characters field.

2.5.1 (20220225)

Security Fix

  • Updated the Freemius SDK to 2.4.3 to address a security issue.


  • Updated variable order for PHP8 support.

2.5.0 (20211103)

Release notes: Password Policy Manager renamed to WPassword

Update Highlight

  • Password Policy Manager has been renamed to WPassword.


  • Settings and Locked Users moved to their own pages.
  • Better support for WooCommerce – plugin’s login error notices can now be displayed in WooCommerce custom login pages.
  • Locked Users area now correctly uses the “lockout time” rather than the last activity time which could lead to inaccurate results.
  • Ensured all strings can be translated

Bug fixes

  • Fixed issue which was causing certain characters to not display in the password hints.
  • Fixed regex issue which was causing JS errors if certain characters are elected to the “must not contain” setting.
  • Fixed logic which caused “must contains special chars” to display an empty string.
  • Fixed bug with custom user roles priority setting which was causing some of the policies to be ignored for custom user roles.
  • Users who have been locked out due to failed login attempts are now self-removing from the Locked Users list upon successful login.
  • Exclude characters setting will now alert correctly if an invalid setting is provided.

2.4.1 (20210906)

Release notes: PPMWP 2.4.1: Weekly email summary and other UI/UX improvements

New Features

  • New shortcode to add password policy checks to custom login pages (more efficient way of adding the policies check to a page).
  • Custom form filter/shortcode no longer require all 3 arguments to work.
  • Weekly summary email highlighting a list of users which have been made dormant, locked due to failed logins or have reset their password during the last week.
  • New option to prioritise roles in cases where users can have multiple roles.
  • New policy to disable users from requesting a new password (meaning admins must send reset).
  • New hook “ppmwp_apply_forced_reset_usermeta” that can be used to “force password reset on login” when creating WordPress users via a custom workflow.


  • The plugin settings, list of locked users, and help & contact pages are now available in their own admin pages.
  • Policies UI is now hidden unless policies are enabled.
  • The role tabs are now available via a dropdown rather than individual tabs (better UX & UI).
  • Failed login policy now detects failed email-based logins.
  • Standardized and improved the password reset form hints styling.
  • Improved the plugin’s help-text and setting names.
  • Users last activity is now updated on login or logout, to improve performance.

Bug fixes

  • Double quotes were escaped when added as non-allowed special characters in plugin settings.
  • “Update user” button in user profile was not reset when the reset password dialogue is closed.
  • Custom password hints not reflected in non-admin facing forms.
  • Dormant user now uses correct value even if translated.
  • Failed login policies required error argument to always be provided.
  • The notice “A user must be excluded” no longer appears when the inactive users policy is disabled.
  • Network users now recieve relevant email when “Reset all passwords” is used.
  • Cancelling the “set new password” box within a user’s profile page no longer leaves the “Save profile settings” button disabled.
  • Password reset’s via a user’s profile page can no longer POST an empty password.

2.4.0 (20210331)

Release notes: PPMWP 2.4.0: New feature to block users with failed login attempts & other updates

New Features

  • Failed logins policy – block user log in attempts after a number of failed logins.
  • New filter hook to hide password strength suggestions on custom forms.


  • Automatically generated passwords now match the configured policies.
  • Added more input validation in backend fields.
  • Plugin now uses timestamp() instead of time() so it is aware of the time zone configured in WordPress.
  • All plugin settings now use YES/NO instead of boolean values in the database (improving dev standards).
  • Refactored script data and styles that were printed manually (now using the function wp_localize_script).
  • Reduced code by deleting duplicate code and using central functions instead.
  • Improved the “User last active” check – plugin updates this more often for more accurate functionality.
  • More plugin text, especially text with links is now translatable.
  • Email with password reset notification is no longer sent when user has to reset password on next login.

Bug fixes

  • PHP fatal during plugin uninstall and data clean-up.
  • Excluded characters were not shown in the policies in user view
  • In some cases users were marked as inactive even though the inactive users check was not enabled.
  • Policies for logged-in user’s role were applied when resetting the password of another user with a different role.
  • WordPress “Send password reset link” button was not working when the plugin was installed.
  • “Generate password” button in the password reset page was not working for users who had to change the password during login.
  • Password hints in password reset page were not being updated when changing password.
  • Users can bypass some policies and use easy passwords when manipulating the DOM in the user profile page.
  • Number of warnings were being generated when generating the POT file.
  • In some cases, unlocked inactive users were still marked as inactive users.

2.3.4 (2021-01-21)

Release notes: PPMWP 2.3.4: improved plugin interoperability & maintenance updates


  • Improved the support for post-login redirect plugins (in some setups the “reset password on first login”was not working when a post-login redirect plugin was installed).
  • Moved a number of queries as background process, so users can navigate away from the plugin’s settings page while the task is still running.
  • Improved a number of database queries for better performance.

Bug fixes

  • In some cases users with expired password could still access the dashboard.
  • The function “reset password on first login” was not working well with some redirect plugins.
  • The password reset link sent to unlock users was invalid in some cases.
  • Password policies were not being shown when a password reset page was refreshed.

2.3.3 (2020-12-04)


Bug fix

  • Headers not sent errors were being reported when resetting passwords using the WooCommerce account form.

2.3.2 (2020-11-23)


  • Updated the Freemius SDK to 2.4.1.

2.3.1 (2020-09-09)

Release notes: PPMWP 2.3.1: improved support for third party plugins

Breaking change

  • Removed option to disable WordPress’ automatic password generation.


  • Better support for third party plugins – plugin works much better now with eCommerce, membership & subscription plugins.
  • The password reset module will require users to change the password even if they have not reset it within 24 hours.

Bug fixes

  • Password was not always automatically generated.
  • Generated password did not always meet the configured password policies.
  • UI was not showing the correct configured user role specific policies.
  • Password was not being generated automatically when user had to reset the password on next login.
  • Password policies not inherited properly when using custom roles in certain edge cases.
  • Password policies not displayed properly on custom pages with WooCommerce.

2.3.0 (2020-07-15)

Release notes: PPMWP 2.3.0: inactive users & other policies and performance updates

New features

  • User profile setting to require user to change the password during next login.
  • The password policies shown when creating a new user are are the policies that apply for the new user’s role.
  • Setting to stop WordPress from automatically generating passwords.
  • Policy to require inactive users in WordPress to reset password once unlocked.


  • Applied several core and performance updates. Plugin can now be used to enforce policies on sites with more than 100,000 users  without any performance drops.
  • The inactive WordPress users policy now works as a standalone policy. It is no longer dependent on the expiration policy.
  • When users are marked as inactive, their existing sessions are instantly terminated.
  • Standardized the plugin’s settings prefix (code improvement).

Bug fixes

  • Plugin hangs when a user is automatically created by WooCommerce during checkout.
  • Users are not asked to reset their password during first login when using a specific custom login form.
  • Minor UI / placeholders alignment issues.
  • Password not reset properly when reset via Custom password reset form in Storefront.

2.2.0 (2020-04-22)

Release notes: WPassword 2.2.0: out of the box support for custom login pages & other updates.

New features


  • Updated About us page – added reference to our new two-factor authentication plugin.
  • Standardized the UI and UX of the user exemption settings.
  • Improved validation / checking of all policy settings.

Bug fixes

  • Password policies inheritance not working properly in some edge cases.
  • Plugin loading translation files correctly.
  • Plugin settings & data deleted from database when relevant setting is enabled and plugin is uninstalled.
  • Plugin shows incorrect message to user when their account is locked (WordPress dormant users check).

2.1.0 (2020-03-05)

Release notes: WPassword 2.1.0: dormant users policy and support for post login redirect plugins.

New features

  • Dormant users policy.
  • Setting to specify special characters that cannot be used in passwords.
  • Support for post login redirect plugins.


  • Reset all passwords functionality now resets all passwords and terminates sessions instantly.
  • Updated Freemius SDK to 2.3.2.
  • Removed old / obsolete code from the plugin.
  • Localized some strings that were hardcoded in js files.
  • Setting to exempt users from dormant users checks.

Bug fixes

  • Fixed some issues with localization and generated new POT file.

2.0.1 (2019-12-04)

Bug fix

  • Fixed an edge case issue in which the reset all function was not terminating the users’ sessions.

2.0 (2019-11-06)

Release notes: WPassword 2.0: multisite networks support and first time login policy.

New Features


  • Increased password history policy: plugin can now remember up to 100 passwords per user.
  • Improved the text of the email templates used in the plugin.
  • Improved the help and about pages (more links, help etc).
  • Improved plugin’s error messages.

Bug Fixes

  • Expired passwords can be reset with a wrong password.
  • Expired passwords cannot be reset by administrator.

1.4 (2019-08-13)

Release notes: WPassword 1.4: premium trials, advantageous pricing & plugin improvements.

New Feature


  • Reset all passwords functionality works also when policies are disabled.
    Improved the plugin’s text and messages (better UX).

Bug Fix

  • Fixed an issue in which plugin prompts on login pages where incorrect.

1.2 (2019-06-05)

New Feature

1.1 (2019-01-10)

New Feature

  • Ability to configure different password policies for different user roles.


  • Users can now configure the maximum password length to less than 6 characters (not recommended).
  • Generic plugin improvements

1.0.1 (2018-09-10)

  • Added Spanish language files.

1.0.0 (2018-08-17)

  • Initial Release.