How can we help?

Search for answers or browse our knowledge base.

Table of Contents

Melapress Login Security changelog

This is the plugin’s changelog, which is mainly a detailed list of all the plugin changes and bug fixes introduced in every version update. Refer to the plugin release notes for a high level overview of what is new and improved with every plugin version update.

1.3.1 (2024-05-30)

New features

  • New GDPR consent message on the login page (this is a new optional setting and the admins can also edit the message).
  • New shortcode to add the GDPR consent message to any custom login page.
  • Password expiry notification: users can now be notified via a notice in the dashboard prior to their password expiring.

Plugin improvements

  • Added some more links to plugin’s documentation in the plugin’s help text.
  • Added in-dashboard notification to advise users what is new and improved in the plugin with each update.
  • Enhanced Notification System: Improved the overall infrastructure of the plugin’s notification system.
  • Created a new “User Management” page and centralized the “Locked Users” and “User import/export” in this new section, for a better UX.
  • Updated some settings to ensure they all use the same prefix in the database settings table.
  • PHP Function Tweaks: Adjusted some PHP functions to prevent potential errors when timed login policies are active.

Bug fixes

  • Fixed an edge case in which a fatal error is caused when unlocking a locked user and both the Free and Premium editions are installed.
  • Security patch: fixed a low severity security issue reported by YC_Infosec.

1.3.0 (2024-04-30)

New features

  • Limit failed login attempts feature now also available in the free edition.
  • Geo-blocking to restrict access to the login page to specific countries only, or to block traffic from specific countries.
  • User login IP restriction policy: limit every user’s login to a specific IP address or number of IP addresses to restrict account sharing.
  • Reports to see when users were last active on the website, their passwords’ age and whose password is expired.
  • Easily reset passwords of all users with a specific user role, a user, or a selective list of users.
  • Users import feature: import users to the site via a CSV file.

Improvements

  • Optimized and improved the plugin loading speed and data processing.
  • Enhanced email deliverability by adjusting the “From” email address used by the plugin – now the plugin uses an email address with the same domain of the website.
  • Made several UX improvements in the “Timed Login Policies” section of the plugin.
  • Enhanced plugin security by reviewing input sanitization and updating all libraries used by the plugin.
  • Made several minor UX/UI improvements and text updates across the plugin.
  • Included support for a legacy Premium plan to prevent potential issues.

Bug fixes

  • Fixed PHP warnings generated on multisite when the Summary Email was sent.
  • Resolved a redirection issue when using a custom login URL.
  • Resolved an error that could occur when resetting passwords for Professional plan users.
  • Fixed PHP errors and warnings that might appear when logging in with an incorrect password using the Ultimate Member login form.
  • Addressed a PHP error that could occur on the Ultimate Member login page when using non-existent users for login.
  • Fixed plugin text overlapping on small devices and resolved several UI/UX issues across the plugin.

1.2.2 (2024-03-01)

New feature

  • Added an editable message in the “User login time restrictions” section for when users try to log in during restricted times.

Plugin updates

  • Removed redundant code for an improved overall speed and performance.
  • Added logic check and notice for users in regards to the ‘From email address’ used by the plugin when using the “import settings” feature.
  • Users can now remove default policies over WordPress forms from the ‘Forms & Placements’ plugin page.
  • Tweaked how the “Run inactive check” button acts when it is manually run by the administrator (Locked Users table).
  • Applied a number of UX improvements to the User login time restrictions settings area.
  • Fixed a couple of broken URLs in the Free edition’s UI used for help text etc.
  • Updated the plugin’s branding.

Bug fixes

  • Updated a broken URL of an SVG used inside the plugin’s UI.
  • Fixed a potential crash that could occur when the plugin was running on sites running on PHP 7.2.
  • Fixed: user data and plugin settings was not removed upon uninstall in the Free edition, even when the setting is enabled.
  • Fixed an edge case that could cause a wizard to be prompted inside the plugin dashboard, in regards to missing Email Templates content.
  • Fixed: an edge case fatal error triggered when the “Remove all plugin data on uninstall” setting is enabled in the Free edition.

1.2.1 (2024-02-01)

Improvements

  • Updated the plugin’s branding (was still using old logo and artwork).
  • Upgraded the Freemius SDK to 2.6.2.
  • Added support for the upcoming new Premium plains.

1.2.0 (2023-10-03)

New features

  • User login time restrictions: restrict the time and days users can log in to the website
  • Settings importer & exporter: export the plugin’s settings for backup purposes and / or to import the settings to new plugin installs.
  • Setting to enable/disable individual emails the plugin sends to users to notify them about changes to their user account.

Plugin improvements

  • Support for the WooCommerce user registration form: add the login and password policies with just a click.
  • Failed login error messages by the plugin are now displayed correctly on Memberpress powered forms / websites.
  • The plugin admin notices only appear on appropriate admin pages.
  • Applied various styling and UX improvements to the admin settings and the plugin’s UI.
  • Improved the integration script so now the PW Strength JS can be triggered via custom JS.
  • The change the login page URL setting now available in own admin area.
  • Improved user-facing error messages for both Memberpress and Ultimate Member.
  • Users restricted from accessing front-end pages on Memberpress + WooCommerce pending a forced password update.

Bug fixes

  • The strings ‘wp-activate’ and ‘wp-signup’ are no longer blocked in the Custom Login URL settings.
  • Fixed bug in password history which would cause the initial user password to not be stored.
  • Exempt users setting no longer accepts duplicate entries.
  • Fixed: PHP 8.1 deprecation errors.
  • Fixed: Bulk Actions not working within Inactive Users page
  • Fixed: Error causing wrong email to be sent on user unblock due to failed logins.
  • Fixed an error on multisite networks which could cause some policies to be ignored when logging in via a child site.
  • Password hints are displayed correctly on Ultimate Member.
  • Fixed potential Fatal error when password reset requests are blocked on Memberpress.
  • Fixed JS to ensure PW hide/unhide buttons function as expected on Memberpress forms.
  • Ensure any password(s) updates adhere to all policies on third party forms.
  • Fixed JS bug on multisite networks bug which would cause an empty popup to appear when toggling ‘disable password reset’ checkbox.

Other improvement

  • Updated Freemius SDK to the latest version (addressing a security issue).

1.1.1 (2023-07-05)

Improvements

  • Improved contextual help text around the Login access settings page.
  • Added further help text to third-party forms area.
  • Renamed Failed login policies to Login limitation policies in settings.

Other improvement

  • Updated Freemius SDK to the latest version (addressing a security issue).

1.0.0 (20230302) – Plugin renamed

Release notes: Announcing Melapress Login Security 1.0.0

New Features:

  • Free edition of the plugin now available on the WordPress plugins repository.
  • One-click integration with WooCommerce, LearnDash, Ultimate Member, BuddyPress and bbPress: add password policy checks to forms from these plugins with just a click.
  • Editable email templates: the text of all the plugin\’s emails can be edited using the WordPress editor.

Improvements & other changes:

  • New plugin slug: melapress-login-security.
  • New plugin menu name: Melapress Login Security.
  • WordPress’ “Generate Password” button creates a password that matches the policies.
  • Added a configurable time limit users can configure to specify the time period required to reset the failed logins count in the [Failed Logins Policies]() feature.
  • In the Failed Logins Policies usrs can now specify minutes instead of hours, enuring no accounts are locked for a very long time.
  • Updated code to adhere to coding standards and formatting.
  • Improved support for running the plugin on wesites with custom file structure (WordPress core files are no longer called directly).
  • Beefed up security; added much more sanitization and validation, and escaping user input etc.
  • Reviewed and improved the text and help text in the plugin.
  • Improved the UI of the password suggestions in the password reset page.
  • Updated the Freemius SDK to version 2.5.3.
  • Consolidated the “Redirect user to password reset” code to one class.
  • Reviewed and improved all the text of the email templates.
  • Updated the password-strength-meter.js to avoid any potential conflicts.
  • Removed quite a bit of redundant code.
  • Better support for passwordless logins: plugin now completely bails out when a user is using a passwordless login.
  • UX improvement: mouse pointer only changes on checkmarks/hoverable/clickable elements.
  • Support for forms with multiple password placeholders; plugin adds the policy checks to both placeholders.
  • Improved support for running the plugin on PHP 8.

Fixed:

  • Fixed: Plugin not remembering the first used password when the Disallow Passwords policy is enabled.
  • Fixed: Missing var in ppm_handle_login_based_reset.
  • Disallow the use of previous passwords was not working properly on reset password page.
  • Fixed: reducing the number of disallowed passwords was not purging the passwords that are no longer needed.
  • Fixed an issue with the HTML in the Inactive users when the interface is translated.
  • Fixed the text in the settings page: in some places HTML code was showing up.
  • Fixed: fatal error when a user tries to reset a password while already logged in to the website.
  • Fixed a PHP fatal error in the class PPM_Failed_Logins.

2.6.1 (20220726)

Bug fixes:

* Fixed: Locked users always requested to reset password upon unlock (even when the setting is disabled).
* Fixed: Password expired email sent multiple times.
* Fixed: Inactive users still able to log in in some cases.
* Fixed a typo in reset password email.

2.6.0 (20220517)

Release notes: Announcing the release of WPassword 2.6.0

New feature:

Improvements:

  • Made some prompts\’ text available for translation.
  • Improved the formatting of the summary email.
  • Added the new plugin logo in the plugin’s UI.
  • Improved parsing of list of IDs and classes in the custom forms support script.
  • Updated the text of the Help & About us page.
  • Added the GNU license / updated the licensing details.

Bug fixes:

  • Fixed: Plugin sending multiple “password expired” emails to users.
  • Fixed: The password expired check was running even on exempted users.
  • Fixed: Automatically unlocked users not removed from list of locked users.
  • Fixed: Unable to use the ‘ and ” characters in the special characters field.

2.5.1 (20220225)

Security Fix

  • Updated the Freemius SDK to 2.4.3 to address a security issue.

Improvement

  • Updated variable order for PHP8 support.

2.5.0 (20211103)

Release notes: Password Policy Manager renamed to WPassword

Update Highlight

  • Password Policy Manager has been renamed to WPassword.

Improvements

  • Settings and Locked Users moved to their own pages.
  • Better support for WooCommerce – plugin\’s login error notices can now be displayed in WooCommerce custom login pages.
  • Locked Users area now correctly uses the “lockout time” rather than the last activity time which could lead to inaccurate results.
  • Ensured all strings can be translated

Bug fixes

  • Fixed issue which was causing certain characters to not display in the password hints.
  • Fixed regex issue which was causing JS errors if certain characters are elected to the “must not contain” setting.
  • Fixed logic which caused “must contains special chars” to display an empty string.
  • Fixed bug with custom user roles priority setting which was causing some of the policies to be ignored for custom user roles.
  • Users who have been locked out due to failed login attempts are now self-removing from the Locked Users list upon successful login.
  • Exclude characters setting will now alert correctly if an invalid setting is provided.

2.4.1 (20210906)

Release notes: PPMWP 2.4.1: Weekly email summary and other UI/UX improvements

New Features

  • New shortcode to add password policy checks to custom login pages (more efficient way of adding the policies check to a page).
  • Custom form filter/shortcode no longer require all 3 arguments to work.
  • Weekly summary email highlighting a list of users which have been made dormant, locked due to failed logins or have reset their password during the last week.
  • New option to prioritise roles in cases where users can have multiple roles.
  • New policy to disable users from requesting a new password (meaning admins must send reset).
  • New hook “ppmwp_apply_forced_reset_usermeta” that can be used to “force password reset on login” when creating WordPress users via a custom workflow.

Improvements

  • The plugin settings, list of locked users, and help & contact pages are now available in their own admin pages.
  • Policies UI is now hidden unless policies are enabled.
  • The role tabs are now available via a dropdown rather than individual tabs (better UX & UI).
  • Failed login policy now detects failed email-based logins.
  • Standardized and improved the password reset form hints styling.
  • Improved the plugin\’s help-text and setting names.
  • Users last activity is now updated on login or logout, to improve performance.

Bug fixes

  • Double quotes were escaped when added as non-allowed special characters in plugin settings.
  • \”Update user\” button in user profile was not reset when the reset password dialogue is closed.
  • Custom password hints not reflected in non-admin facing forms.
  • Dormant user now uses correct value even if translated.
  • Failed login policies required error argument to always be provided.
  • The notice “A user must be excluded” no longer appears when the inactive users policy is disabled.
  • Network users now recieve relevant email when “Reset all passwords” is used.
  • Cancelling the “set new password” box within a user’s profile page no longer leaves the “Save profile settings” button disabled.
  • Password reset’s via a user’s profile page can no longer POST an empty password.

2.4.0 (20210331)

Release notes: PPMWP 2.4.0: New feature to block users with failed login attempts & other updates

New Features

  • Failed logins policy – block user log in attempts after a number of failed logins.
  • New filter hook to hide password strength suggestions on custom forms.

Improvements

  • Automatically generated passwords now match the configured policies.
  • Added more input validation in backend fields.
  • Plugin now uses timestamp() instead of time() so it is aware of the time zone configured in WordPress.
  • All plugin settings now use YES/NO instead of boolean values in the database (improving dev standards).
  • Refactored script data and styles that were printed manually (now using the function wp_localize_script).
  • Reduced code by deleting duplicate code and using central functions instead.
  • Improved the “User last active” check – plugin updates this more often for more accurate functionality.
  • More plugin text, especially text with links is now translatable.
  • Email with password reset notification is no longer sent when user has to reset password on next login.

Bug fixes

  • PHP fatal during plugin uninstall and data clean-up.
  • Excluded characters were not shown in the policies in user view
  • In some cases users were marked as inactive even though the inactive users check was not enabled.
  • Policies for logged-in user\’s role were applied when resetting the password of another user with a different role.
  • WordPress “Send password reset link” button was not working when the plugin was installed.
  • “Generate password” button in the password reset page was not working for users who had to change the password during login.
  • Password hints in password reset page were not being updated when changing password.
  • Users can bypass some policies and use easy passwords when manipulating the DOM in the user profile page.
  • Number of warnings were being generated when generating the POT file.
  • In some cases, unlocked inactive users were still marked as inactive users.

2.3.4 (2021-01-21)

Release notes: PPMWP 2.3.4: improved plugin interoperability & maintenance updates

Improvements

  • Improved the support for post-login redirect plugins (in some setups the \”reset password on first login\”was not working when a post-login redirect plugin was installed).
  • Moved a number of queries as background process, so users can navigate away from the plugin\’s settings page while the task is still running.
  • Improved a number of database queries for better performance.

Bug fixes

  • In some cases users with expired password could still access the dashboard.
  • The function “reset password on first login” was not working well with some redirect plugins.
  • The password reset link sent to unlock users was invalid in some cases.
  • Password policies were not being shown when a password reset page was refreshed.

2.3.3 (2020-12-04)

Improvement

Bug fix

  • Headers not sent errors were being reported when resetting passwords using the WooCommerce account form.

2.3.2 (2020-11-23)

Improvement

  • Updated the Freemius SDK to 2.4.1.

2.3.1 (2020-09-09)

Release notes: PPMWP 2.3.1: improved support for third party plugins

Breaking change

  • Removed option to disable WordPress’ automatic password generation.

Improvements

  • Better support for third party plugins – plugin works much better now with eCommerce, membership & subscription plugins.
  • The password reset module will require users to change the password even if they have not reset it within 24 hours.

Bug fixes

  • Password was not always automatically generated.
  • Generated password did not always meet the configured password policies.
  • UI was not showing the correct configured user role specific policies.
  • Password was not being generated automatically when user had to reset the password on next login.
  • Password policies not inherited properly when using custom roles in certain edge cases.
  • Password policies not displayed properly on custom pages with WooCommerce.

2.3.0 (2020-07-15)

Release notes: PPMWP 2.3.0: inactive users & other policies and performance updates

New features

  • User profile setting to require user to change the password during next login.
  • The password policies shown when creating a new user are are the policies that apply for the new user\’s role.
  • Setting to stop WordPress from automatically generating passwords.
  • Policy to require inactive users in WordPress to reset password once unlocked.

Improvements

  • Applied several core and performance updates. Plugin can now be used to enforce policies on sites with more than 100,000 users  without any performance drops.
  • The inactive WordPress users policy now works as a standalone policy. It is no longer dependent on the expiration policy.
  • When users are marked as inactive, their existing sessions are instantly terminated.
  • Standardized the plugin\’s settings prefix (code improvement).

Bug fixes

  • Plugin hangs when a user is automatically created by WooCommerce during checkout.
  • Users are not asked to reset their password during first login when using a specific custom login form.
  • Minor UI / placeholders alignment issues.
  • Password not reset properly when reset via Custom password reset form in Storefront.

2.2.0 (2020-04-22)

Release notes: WPassword 2.2.0: out of the box support for custom login pages & other updates.

New features

Improvements

  • Updated About us page – added reference to our new two-factor authentication plugin.
  • Standardized the UI and UX of the user exemption settings.
  • Improved validation / checking of all policy settings.

Bug fixes

  • Password policies inheritance not working properly in some edge cases.
  • Plugin loading translation files correctly.
  • Plugin settings & data deleted from database when relevant setting is enabled and plugin is uninstalled.
  • Plugin shows incorrect message to user when their account is locked (WordPress dormant users check).

2.1.0 (2020-03-05)

Release notes: WPassword 2.1.0: dormant users policy and support for post login redirect plugins.

New features

  • Dormant users policy.
  • Setting to specify special characters that cannot be used in passwords.
  • Support for post login redirect plugins.

Improvements

  • Reset all passwords functionality now resets all passwords and terminates sessions instantly.
  • Updated Freemius SDK to 2.3.2.
  • Removed old / obsolete code from the plugin.
  • Localized some strings that were hardcoded in js files.
  • Setting to exempt users from dormant users checks.

Bug fixes

  • Fixed some issues with localization and generated new POT file.

2.0.1 (2019-12-04)

Bug fix

  • Fixed an edge case issue in which the reset all function was not terminating the users\’ sessions.

2.0 (2019-11-06)

Release notes: WPassword 2.0: multisite networks support and first time login policy.

New Features

Improvements

  • Increased password history policy: plugin can now remember up to 100 passwords per user.
  • Improved the text of the email templates used in the plugin.
  • Improved the help and about pages (more links, help etc).
  • Improved plugin’s error messages.

Bug Fixes

  • Expired passwords can be reset with a wrong password.
  • Expired passwords cannot be reset by administrator.

1.4 (2019-08-13)

Release notes: WPassword 1.4: premium trials, advantageous pricing & plugin improvements.

New Feature

Improvements

  • Reset all passwords functionality works also when policies are disabled.
    Improved the plugin’s text and messages (better UX).

Bug Fix

  • Fixed an issue in which plugin prompts on login pages where incorrect.

1.2 (2019-06-05)

New Feature

1.1 (2019-01-10)

New Feature

  • Ability to configure different password policies for different user roles.

Improvements

  • Users can now configure the maximum password length to less than 6 characters (not recommended).
  • Generic plugin improvements

1.0.1 (2018-09-10)

  • Added Spanish language files.

1.0.0 (2018-08-17)

  • Initial Release.

The survey results are in: Find out what your WordPress security gameplan might be missing

Uploading Melapress Login Security as a zip file in WordPress
Melapress Login Security in the WordPress plugin repository
Close

Installing Melapress Login Security Free

Congratulations on taking control of your WordPress website's security by implementing robust login and password policies with Melapress Login Security. You can change your login page URL, limit failed login attempts, and reset passwords.

 

Below are two ways to install Melapress Login Security on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for Melapress Login Security.

Download the Melapress Login Security plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading CAPTCHA 4WP as a zip file in WordPress
CAPTCHA 4WP in the WordPress plugin repository
Close

Installing CAPTCHA 4WP Free

Well done you. You're one step closer to safeguarding your WordPress website from spam and automated attacks with CAPTCHA 4WP. You'll be able to effortlessly integrate CAPTCHA into your forms and enjoy a website with enhanced security.

 

Below are two ways to install CAPTCHA 4WP on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for CAPTCHA 4WP.

Download the CAPTCHA 4WP plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP Activity Log as a zip file in WordPress
WP Activity Log in the WordPress plugin repository
Close

Installing WP Activity Log Free on your website

You deserve a pat on the back for choosing to record user actions and changes on your website. That is the first step towards better user accountability, easier troubleshooting of website security, and many other benefits of issues.

 

Below are the two ways to install WP Activity Log on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for WP Activity Log.

Download the WP Activity Log plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP 2FA as a zip file in WordPress
WP 2FA in the WordPress plugin repository
Close

Installing WP 2FA Free

Congratulations on taking the first step towards enhancing your WordPress site's security with WP 2FA Free! You're now on your way to protecting your valuable data and ensuring peace of mind. No coding or technical knowledge is required.

 

Below are two ways to install WP 2FA on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for WP 2FA.

Download the WP 2FA plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2