Releases: WordPress/two-factor
Releases · WordPress/two-factor
Version 0.7.0-rc.1
- Update codebase to match the WordPress coding standards, see #340. Props @paulschreiber.
- Add tooling to run PHPUnit tests locally during development, see #355. Props @kasparsd.
Version 0.6.0
-
Security fix: escape the U2F key value when doing the key lookup in database during login. Props @mjangda from WordPress VIP. See #351.
-
New feature: invalidate email tokens 15 minutes after they were generated. Use the
two_factor_token_ttl
filter to override this time-to-live interval. See #352. -
Document some of the available filters.
Version 0.5.2
- Bugfix: saving standard user profile fields no longer resets the time-based-password key, see #341.
- Bugfix: remove spaces around authentication codes before verifying them, see #339 (props @paulschreiber).
- Bugfix: allow admins to configure FIDO U2F keys for other users, see #349.
- Enable the "Dummy" authenticator method only when
WP_DEBUG
is set since we don't want regular users using it. - New: Add an
two_factor_user_authenticated
action when the user is logged-in after the second factor has been verified, see #324 (props @Kubitomakita). - New: Add
two_factor_token_email_subject
andtwo_factor_token_email_message
filters to customize the email code subject and body, see #345 (props @christianc1). - Update the reference article URL in the readme files to account for domain change, see #332 (props @todeveni).
Version 0.5.1
Version 0.5.0
Version 0.4.8
- Mark as tested with WordPress 5.3.
- Add a screenshot with email code authentication prompt.
- Update development tooling versions.
Version 0.4.7
- Introduce a
two_factor_totp_title
filter to allow TOTP title to be changed, see #294 (props @BrookeDot). - Mark as tested with WordPress 5.2.
Version 0.4.6
Version 0.4.5
Version 0.4.4
- Add the closing
</div>
to match the WP core login form structure, see #274 (props @claytoncollie).