All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
- Fix: Updated depreciated PHP function to make it compatible with the latest PHP version.
- Added: Login designer compatibility banner.
- Improvement: Implement few UI tweaks.
- Fixed - Disabled activity report by default.
- New: Added Password Activity Report to provide weekly insights on access attempts to your protected sites.
- New: Added Categoric Tabs and Sub-Tabs User Interface for easy navigation and better user experience.
- Ensured seamless compatibility with the latest WordPress version
- Fixed - Login Designer compatibility issues.
- Fixed - Added compatibility for PHP version 8.2
- Update - Feedback library updated
- Fix - Parse error related to PHP version 7.2
- New - Added Freemius SDK integration.
- New - Added functionality to login with transient if the cookies are blocked.
- Fix – Fixed Redirect Issue from excluded page to password protected page.
- Fix – Parse error related to PHP version 7.2
- Fix – Parse error related to PHP version 7.2
- Update - Link to official Google Re-captcha documentation
- Improved admin settings interface and introduced NEW tabs structure.
- NEW: Added Google Recaptcha v2 and v3 to make it more secure.
- NEW: Added Password Protected top-level admin menu for ease.
- NEW: Added option to add text above password Field.
- NEW: Added option to add text below password Field.
- Improved Settings HTML structure
- Added Note regarding compatibility with login designer within dashboard
Made compatibility with login designer; Now you can customize the password-protected screen with the customizer using login designer plugin.
- Deprecate
wp_no_robotsand replace withwp_robots_no_robotsfor WordPress 5.7+
2.4 - 2020-09-24
- Add a Nocache header to the login page redirect to prevent the browser from caching the redirect page. Props De'Yonte W.
- Remove ‘password-protected’ query from redirects on successful login or logout.
- Check "redirect_to" query var is set in hidden form field. Props Matthias Kittsteiner.
- Add favicon to password protected login page.
2.3 - 2020-05-17
- Adds
password_protected_cookie_namefilter for the cookie name. Props Jose Castaneda. - Let developers override the capability needed to see the options page via a
password_protected_options_page_capabilityfilter. Props Nicola Peluchetti.
- Don't use a "testcookie" POST query as it is blocked by Namecheap (and possibly other hosts).
- Fix warnings in W3 validator - script and style “type” attribute not required. Props @dianamurcia.
- Translations now via translate.wordpress.org.
- Updated URL references. Props Garrett Hyder.
2.2.5 - 2019-06-04
- Added
password_protected_login_password_titlefilter to allow customizing the "Password" label on the login form. Props Jeremy Herve.
- Fix stray "and" in readme. Props Viktor Szépe.
- Update Portuguese translation. Props Jonathan Hult.
- Update Russian translation. Props Alexey Chumakov.
2.2.4 - 2019-02-22
Check that $_SERVER['REMOTE_ADDR'] is set.
2.2.3 - 2019-01-10
- Restrict REST-API-access only if password protection is active.
- Added viewport meta tag to login page.
- Added
password_protected_show_loginfilter.
- Cookie name is not editable in the admin so display just for reference.
- Use default WordPress text domain for “Remember Me” and “Log In” buttons.
2.2.2 - 2018-05-29
- Change locked admin bar icon to green.
- Fix REST option and always allow access to REST API for logged in users.
2.2.1 - 2018-05-27
- Fixed PHP error when calculating cookie expiration date.
2.2 - 2018-05-25
- Admin bar icon to indicate wether password protection is enabled/disabled.
- Option to show "Remember me" checkbox. Props Christian Güdel.
- REST API access disabled if password not entered.
- Admin option to allow REST API access.
- More robust checking of password hashes.
2.1 - 2017-07-27
- Update caching notes for WP Engine and W3 Total Cache plugin.
- Tested up to WordPress 4.8
2.0.3 - 2015-03-23
- Show user's IP address beside "Allow IP Addresses" admin setting.
- Add CHANGELOG.md and README.md
- Declare methods as public or private and use PHP5 constructors.
2.0.2 - 2015-10-29
- Check allowed IP addresses are valid when saving.
- Only redirect to allowed domain names when logging out.
2.0.1 - 2015-07-24
- Split logout functionality into separate function.
- Use a more complex password hash for cookie key. Props Marcin Bury, Securitum.
2.0 - 2015-03-26
- Added password_protected_logout_link shortcode.
- Load 'password-protected-login.css' in theme folder if it exists.
- Added password_protected_stylesheet_file filter to specify alternate stylesheet location.
- Added is_user_logged_in(), login_url(), logout_url() and logout_link() methods.
- Added Basque, Czech, Greek, Lithuanian and Norwegian translations.
- Better handling of login/out redirects when protection is not active on home page.
1.9 - 2014-12-17
- Fixed "Allow Users" functionality with is_user_logged_in(). Props PatRaven.
- Added option for allowed IP addresses which can bypass the password protection.
- Added 'password_protected_is_active' filter.
1.8 - 2014-10-07
- Support for adding "password-protected-login.php" in theme directory.
- Allow filtering of the 'redirect to' URL via the 'password_protected_login_redirect_url' filter.
- Added 'password_protected_login_messages' action to output errors and messages in template.
- Updated translations.
- Use current_time( 'timestamp' ) instead of time() to take into account site timezone.
- Check login earlier in the template_redirect action.
1.7.2 - 2014-06-05
- Fix always allow access to robots.txt.
- Added 'password_protected_login_redirect' filter.
- Updated translations.
1.7.1 - 2014-03-17
- Fix login template compatibility for WordPress 3.9
1.7 - 2014-02-27
- Remove JavaScript that disables admin RSS checkbox.
- Added 'password_protected_theme_file' filter to allow custom login templates.
- Add option to allow logged in users.
1.6.2 - 2014-01-10
- Set login page not to index if privacy setting is on.
- Allow redirection to a different URL when logging out using 'redirect_to' query and full URL.
1.6.1 - 2013-11-13
- Language updates by wp-translations.org (Arabic, Dutch, French, Persian, Russian).
1.6 - 2013-07-04
- Robots.txt is now always accessible.
- Added support for Uber Login Logo plugin.
1.5 - 2013-02-21
- Added note about WP Engine compatibility to readme.txt
- Requires WordPress 3.1+
- Settings now have their own page.
- Fixed an open redirect vulnerability. Props Chris Campbell.
1.4 - 2013-02-10
- Add option to allow administrators to use the site without logging in.
- Use DONOTCACHEPAGE to try to prevent some caching issues.
- Added a contextual help tab for WordPress 3.3+.
- Updated login screen styling for WordPress 3.5 compatibility.
- Options are now on the 'Reading' settings page in WordPress 3.5
1.3 - 2012-10-01
- Added checkbox to allow access to feeds when protection is enabled.
- Prepare for WordPress 3.5 Settings API changes.
- Added 'password_protected_before_login_form' and 'password_protected_after_login_form' actions.
- Added 'password_protected_process_login' filter to make it possible to extend login functionality.
- Now possible to use 'pre_update_option_password_protected_password' filter to use password before it is encrypted and saved.
- Ready for translations.
1.2.2 - 2012-07-30
- Show login error messages.
- Escape 'redirect_to' attribute. Props A. Alagha.
1.2.1 - 2012-05-25
- Added a "How to log out?" FAQ.
- Only disable feeds when protection is active.
1.2 - 2012-04-14
- Use cookies instead of sessions.
1.1 - 2012-02-12
- Encrypt passwords in database.
1.0 - 2012-02-01
- First Release. If you spot any bugs or issues please log them here.