== Changelog ==



= 3.3.1 =

* Fixed email digest behavior in cloud mode.



= 3.3.0 =

* Added daily, weekly, and monthly email digests summarizing lockouts and failed login attempts.



= 3.2.4 =

* Added compatibility with WordPress 7.



= 3.2.3 =

* Broadened MFA state cookie scope to the site root for wider path coverage.

* Fixed Active Lockouts counter not showing on the local Logs page.



= 3.2.2 =

* Improved MFA rescue link compatibility on hosts with external object cache enabled.



= 3.2.1 =

* Fixed rescue link behavior and updated the format.

* 2FA is pre-selected for administrators; when no user groups are selected, 2FA stays disabled.



= 3.2.0 =

* Improved WooCommerce registration protection in cloud mode.

* Refactored third-party integrations into a unified architecture (WooCommerce, MemberPress).



= 3.1.0 =

* Added technical details to the network issue notice.

* Fixed logo rendering in Gmail MFA notifications.

* Improved local risk indicator thresholds and refactored rendering.

* Improved compatibility with WPS Hide Login, WooCommerce, and MemberPress login flows; added WooCommerce cloud registration checks.



= 3.0.2 =

* Hardened admin tab parameter (whitelist, strict checks) before loading tab views.

* Onboarding: redirect to Dashboard when setup is incomplete and a tab other than Dashboard is opened.

* Failed-login email subject: numbered placeholders for translation-friendly word order (e.g. for Dutch).

* Onboarding popup: hide body scroll while open, restore on close; focus modal content.



= 3.0.1 =

* Hardened MFA security.

* MFA UI improved.

* Refactored the codebase.



= 3.0.0 =

* Implemented two-factor authentication.

* Refactored the codebase.



= 2.26.28 =

* Added user notification for failed /info API requests.

* Fixed the MC notice URL.

* First step of onboarding - UX improved.



= 2.26.27 =

* PHP 5.6 compatibility fix.



= 2.26.26 =

* Added login URL to notification emails for better debugging.



= 2.26.25 =

* Fixed MemberPress compatibility.

* Fixed a popup notice when a user was on the whitelist (local mode).

* Added the individual domain to the notification email subject.

* Updated formatting of the cloud login link.

* Improved onboarding popup behavior.



= 2.26.24 =

* Fixed: json_decode(): Passing null to parameter #1 ($json) of type string is deprecated warning.

* Help and extensions page visual changes.

* Assets cleanup.



= 2.26.23 =

* Fixed conflict with Hub and similar themes.

* Reorganized links.



= 2.26.22 =

* Fixed REMOTE_ADDR if server is misconfigured.

* Lint.



= 2.26.21 =

* Update notice position corrected.

* Debug tab - more info added.

* Lint.



= 2.26.20 =

* Fixed formatting issues for Safari on some pages.

* Added displaying of Customer ID.

* Menu minor fix.

* Onboarding process updated.



= 2.26.19 =

* Added links to the IP2Location page.



= 2.26.18 =

* Better displaying IPv6 in the log.



= 2.26.17 =

* Added default registration protection for cloud accounts (free and paid).



= 2.26.16 =

* Fixed GDPR message issue for some themes.



= 2.26.15 =

* Fixed translation compatibility with WordPress 6.7.

* Fixed GDPR message on the Woocommerce login page.

* Fix: load login-page-styles.css (on wp-login.php) only if it is necessary (thanks to georgejipa).

* CSS fixes.



= 2.26.14 =

* Improved compatibility with custom login pages, including WooCommerce and UltimateMember.

* Standardized display of login messages.

* A new Custom Error Message setting is added. The message is being appended to all asynchronous messages.

* Fixed translation compatibility with WordPress 6.7.

* CSS fixes.



= 2.26.13 =

* New "llar_admin" capability added to let other roles access the plugin.

* CSS fixes.

* Sticky headers added to the log tables.

* Small interface changes.



= 2.26.12 =

* Better displaying IPv6 in successful login attempts block.

* Possible intersections in tabs with other plugins fixed.

* PHP 8, 9 compatibility updates.

* Refactoring.



= 2.26.11 =

* Fixed possible style conflicts related to tables.

* Fixed possible PHP warnings.

* Fixed some I18N issues, thanks to alexclassroom!

* Better displaying multiple roles in login logs.



= 2.26.10 =

* Log of successful login attempts implemented for Micro Cloud (Free) and Premium users.

* Checklist of recommended actions implemented.

* Settings page reorganized.



= 2.26.9 =

* Chart library updated.



= 2.26.8 =

* Fixed possible WooCommerce conflict.



= 2.26.7 =

* Better informing on Micro Cloud.



= 2.26.6 =

* Micro Cloud API url fix.



= 2.26.5 =

* Better informing on cloud status.



= 2.26.4 =

* Added country translation.

* Better Micro Cloud API response handling.

* A link fixed.



= 2.26.3 =

* CSS issue fixed on Logs tab.



= 2.26.2 =

* CSS issue fixed.



= 2.26.1 =

* Micro Cloud link fixed.



= 2.26.0 =

* New design.

* Free Micro Cloud plan introduced.



= 2.25.29 =

* A link fixed.



= 2.25.28 =

* Improved cloud charts.



= 2.25.27 =

* Security improvement: Better shortcode escaping.

* Fixed date formatting on the logs page.

* Fixed top menu links on the front-end.

* Badge added to the top menu.



= 2.25.26 =

* Security improvement: Different nonce for each AJAX action.

* Security improvement: The toggle_auto_update_callback checks for the update_plugins cap.



= 2.25.25 =

* PHP 8.2/9 compatibility improved, thanks to Jer Turowetz!

* Button size and text typo fixed.



= 2.25.24 =

* Better loading of translations.

* Fixed PHP warning related to menu.



= 2.25.23 =

* Better side menu.

* Fixed I18N issues, thanks to alexclassroom!



= 2.25.22 =

* Interface changes.

* Tested with WP 6.3.



= 2.25.21 =

* Optimization: autoload for large options turned off.

* Interface changes.



= 2.25.20 =

* Fix against network requests caching removed b/c some misconfigured servers can't handle it.



= 2.25.19 =

* Better handling of network connection issues.

* Fixed responsive formatting on dashboard.

* Added fix against network requests caching.



= 2.25.18 =

* Fixed errors occurring in situations where two versions of the plugin are installed (which should not normally happen).



= 2.25.17 =

* Refactoring.

* Server load reducing optimization.



= 2.25.16 =

* Double slashes in paths removed.

* Better handling of cloud response codes.



= 2.25.15 =

* Error messages logic fixed.



= 2.25.14 =

* Multisite support improved.

* CSS outside of the plugin issue fixed.

* Better number formatting on the dashboard.

* Lockout email template updated.



= 2.25.13 =

* Ultimate Member compatibility.

* Fixed conflicting URL parameters in some rare cases.

* Updated attempts counter logic.



= 2.25.12 =

* Fixed IPv4 validation when passed with a port number.

* Fixed texts and translations.



= 2.25.11 =

* PHP 8 compatibility fixed.

* Logs loading issue fixed.

* Help and Extensions tabs added.

* Notification about auto updates added.

* Displaying of plugin version added.

* Text changes made.



= 2.25.10 =

* Tested with PHP 8.

* Small styles refactoring.

* Fixed a rare issue with events log not being displayed correctly.

* Chart library updated.



= 2.25.9 =

* Welcome page replaced with a modal.



= 2.25.8 =

* Email text, links updated.



= 2.25.7 =

* Country flags added to log.

* Refresh button added to log.

* Email text updated.



= 2.25.6 =

* Email links updated.



= 2.25.5 =

* Fixed Woocommerce integration.

* Updated some interface links.



= 2.25.4 =

* Fixed session error in rare cases.

* Access rules explained.

* Improved session behavior on the login page.

* Fixed warning on some GoDaddy installations.



= 2.25.3 =

* Improved compatibility with WordFence.

* Better handling of HTTP_X_FORWARDED_FOR on Debug tab.

* Added option to hide warning badge.



= 2.25.2 =

* Security indicator fixed for multisite.



= 2.25.1 =

* Added setting to turn the dashboard widged off.

* The widget is visible to admins only.



= 2.25.0 =

* Dashboard widged added.

* Security indicator added.



= 2.24.1 =

* Fixed E_ERROR occurring in rare cases when the log table is corrupted.



= 2.24.0 =

* Protection increased: bots can't parse lockout messages anymore.



= 2.23.2 =

* Cloud: better unlock UX.

* Litle cleanup.



= 2.23.1 =

* Added infinite scroll for cloud logs.



= 2.23.0 =

* Reduced plugin size by removing obsolete translations.

* Cleaned up the dashboard.

* Cloud: added information about auto/manually-blocked IPs.

* GDPR: added an option to insert a link to a Privacy Policy page via a shortcode, clarified GDPR compliance.



= 2.22.1 =

* IP added to the email subject.



= 2.22.0 =

* Added support of CIDR notation for specifying IP ranges.

* Texts updated.

* Refactoring.



= 2.21.1 =

* Fixed: Uncaught Error: Call to a member function stats()

* Cloud API: added block by country.

* Refactoring.



= 2.21.0 =

* GDPR compliance: IPs obfuscation replaced with a customizable consent message on the login page.

* Cloud API: fixed removing of blocked IPs from the access lists under certain conditions.

* Cloud API: domain for Setup Code is taken from the WordPress settings now.



= 2.20.6 =

* Multisite tab links fixed.



= 2.20.5 =

* Option to show and hide the top-level menu item.



= 2.20.4 =

* Sucuri compatibility verified.

* Wordfence compatibility verified.

* Better menu navigation.

* Timezones fixed for the global chart.



= 2.20.3 =

* More clear wording.

* Cloud API: fixed double submit in the settings form.

* Better displaying of stats.



= 2.20.2 =

* Updated email text.



= 2.20.1 =

* New dashboard more clear stats.



= 2.20.0 =

* New dashboard with simple stats.



= 2.19.2 =

* Texts and links updated.



= 2.19.1 =

* Welcome page.

* Image and text updates.



= 2.19.0 =

* Refactoring.

* Feedback message location fixed.

* Text changes.



= 2.18.0 =

* Cloud API: usage chart added.

* Text changes.



= 2.17.4 =

* Missing jQuery images added.

* PHP 5 compatibility fixed.

* Custom App setup link replaced with setup code.



= 2.17.3 =

* Plugin pages message.



= 2.17.2 =

* Lockout notification refactored.



= 2.17.1 =

* CSS cache issue fixed.

* Notification text updated.



= 2.17.0 =

* Refactoring.

* Email text and notification updated.

* New links in the list of plugins.



= 2.16.0 =

* Custom Apps functionality implemented. More details: https://limitloginattempts.com/app/



= 2.15.2 =

* Alternative method of closing the feedback message.



= 2.15.1 =

* Refactoring.



= 2.15.0 =

* Reset password feature has been removed as unwanted.

* Small refactoring.



= 2.14.0 =

* BuddyPress login error compatibility implemented.

* UltimateMember compatibility implemented.

* A PHP warning fixed.



= 2.13.0 =

* Fixed incompatibility with PHP < 5.6.

* Settings page layout refactored.



= 2.12.3 =

* The feedback message is shown for admins only now, and it can also be closed even if the site has issues with AJAX.



= 2.12.2 =

* Fixed the feedback message not being shown, again.



= 2.12.1 =

* Fixed the feedback message not being shown.



= 2.12.0 =

* Small refactoring.

* get_message() - fixed error notices.

* This is the first time we are asking you for a feedback.



= 2.11.0 =

* Blacklisted usernames can't be registered anymore.



= 2.10.1 =

* Fixed: GDPR compliance option could not be selected on the multisite installations.



= 2.10.0 =

* Debug information has been added for better support.



= 2.9.0 =

* Trusted IP origins option has been added.



= 2.8.1 =

* Extra lockout options are back.



= 2.8.0 =

* The plugin doesn't trust any IP addresses other than _SERVER["REMOTE_ADDR"] anymore. Trusting other IP origins make protection useless b/c they can be easily faked. This new version provides a way of secure IP unlocking for those sites that use a reverse proxy coupled with misconfigurated servers that populate _SERVER["REMOTE_ADDR"] with wrong IPs which leads to mass blocking of users.



= 2.7.4 =

* The lockout alerts can be sent to a configurable email address now.



= 2.7.3 =

* Settings page is moved back to "Settings".



= 2.7.2 =

* Settings are moved to a separate page.

* Fixed: login error message. https://wordpress.org/support/topic/how-to-change-login-error-message/



= 2.7.1 =

* A security issue inherited from the ancestor plugin Limit Login Attempts has been fixed.



= 2.7.0 =

* GDPR compliance implemented.

* Fixed: ip_in_range() loop $ip overrides itself causing invalid results. https://wordpress.org/support/topic/ip_in_range-loop-ip-overrides-itself-causing-invalid-results/

* Fixed: the plugin was locking out the same IP address multiple times, each with a different port. https://wordpress.org/support/topic/same-ip-different-port/



= 2.6.3 =

* Added support of Sucuri Website Firewall.



= 2.6.2 =

* Fixed the issue with backslashes in usernames.



= 2.6.1 =

* Plugin returns the 403 Forbidden header after the limit of login attempts via XMLRPC is reached.

* Added support of IP ranges in white/black lists.

* Lockouts now can be released selectively.

* Fixed the issue with encoding of special symbols in email notifications.



= 2.5.0 =

* Added Multi-site Compatibility and additional MU settings. https://wordpress.org/support/topic/multisite-compatibility-47/



= 2.4.0 =

* Usernames and IP addresses can be white-listed and black-listed now. https://wordpress.org/support/topic/banning-specific-usernames/ https://wordpress.org/support/topic/good-831/

* The lockouts log has been inversed. https://wordpress.org/support/topic/inverse-log/



= 2.3.0 =

* IP addresses can be white-listed now. https://wordpress.org/support/topic/legal-user/

* A "Gateway" column is added to the lockouts log. It shows what endpoint an attacker was blocked from. https://wordpress.org/support/topic/xmlrpc-7/

* The "Undefined index: client_type" error is fixed. https://wordpress.org/support/topic/php-notice-when-updating-settings-page/



= 2.2.0 =

* Removed the "Handle cookie login" setting as they are now obsolete.

* Added bruteforce protection against Woocommerce login page attacks. https://wordpress.org/support/topic/how-to-integrate-with-woocommerce-2/

* Added bruteforce protection against XMLRPC attacks. https://wordpress.org/support/topic/xmlrpc-7/



= 2.1.0 =

* The site connection settings are now applied automatically and therefore have been removed from the admin interface.

* Now compatible with PHP 5.2 to support some older WP installations.



= 2.0.0 =

* fixed PHP Warning: Illegal offset type in isset or empty https://wordpress.org/support/topic/limit-login-attempts-generating-php-errors

* fixed the deprecated functions issue https://wordpress.org/support/topic/using-deprecated-function

* Fixed error with function arguments: https://wordpress.org/support/topic/warning-missing-argument-2-5

* added time stamp to unsuccessful tries on the plugin configuration page.

* fixed .po translation files issue.

* code refactoring and optimization.

