WP 2FA - Two-factor authentication for WordPress (Premium) 2.8.0 NULLED

= 2.8.0 (2024-07-17) =

**New features**
* Out of the box support for Yubico - [use any YubiKey hardware key by Yubico as a 2FA method to log in to your WordPress website](https://melapress.com/support/kb/wp-2fa-hardware-key/).

* **Plugin & functionality improvements**
* Bumped up the minimum supported PHP version from 7.2 to 7.3.
* Improved the default SMS messages to give the user more info / context.
* Updated a number of strings in the settings + improved help text.
* The names of debug log file in uploads directory are now randomized.
* Updated the default text in different sections of the wizard to simplify things and improve UX.
* Updated the order of methods in the 2FA plugin.
* Updated the white labelling settings strings and added new ones etc - clearer explanation and improved help text.
* The SMS templates in white labelling are now in a dedicated section for themselves (previously were part of the email templates).
* Improved the white labelling settings for the 2FA code page.
* Adjusted the order in which the 2FA methods are listed.
* Updated the features' page - added the new features etc.
* Updated the default methods names for the SMS providers to avoid confusion.
* Updated all UTM parameters in the plugin's URLs and links.

* **Bug fixes**
* White labelling option "Enable our CSS within user wizard" could not be unchecked once checked.
* Fixed: Changes in backup methods text via white labelling settings was not properly reflected in the wizard.
* Fixed: PHP fatal error in class-email-wizard-steps.php in some edge cases.
* Fixed: Apostrophe character shows up as ASCII in email subject.
* Fixed: Error with importing plugin's settings from one website to another in some edge cases.
* Fixed: The grace period expiration setting did not have a default value / setting.
* Removed reference to Premium backup methods in the free edition's wizard.
* Fixed: Redirecting to frontend 2FA page without permalinks set up does not work.
* Fixed: Some user profile 2FA buttons were not functioning properly when used on mobile.
* Fixed: Data was not always / all deleted when the setting "Delete data upon uninstall" was enabled.

2.6.4 (2024-03-07)​

Improvements​

• The default “From email address” used by the plugin now includes the website’s domain, thus improving email deliverability. Previously the plugin used the admin notifications email address configured in the WordPress settings.
• All one-time codes generated by the plugin are now 6 digits long.
• Applied some coding best practices in some sections to ensure better protection against timing base attacks.

Security fix​

• Fixed a sensitive information disclosure issue; users’ salts can only be potentially exposed if debug is enabled and the web server is not Apache.

Bug fixes​

• Fixed: Text changes in the “logged out users trying to access 2FA config” setting not saved.
• Fixed: User not redirected to the URL configured in the settings when all backup codes are disabled.
• Fixed: Formatting / layout of advert in the configuration, which in some cases it was showing over some of the help text.

= 2.5.0 (2023-07-20) =

Release notes: [2FA for password resets, more branding options for the 2FA code page & much more](https://melapress.com/wordpress-2fa/releases/)

* **New features**
* Require 2FA on user reset password.
* CSS editor for the 2FA code page, allowing users to also apply their CSS to the 2FA login page.
* Front-end 2FA support for multisite network - the plugin creates a front-end 2FA page for every subsite on the network.
* User licensing tab in the plugin settings, allowing admins to see the number of users and websites using user-activations.

* **Improvements**
* Disabled auto complete in the 2FA code placeholder.
* User private key is regenerated each time they start the 2FA setup process and they do not finish it.
* Backup code email template added to editable email templates.
* Email tags are populated even test emails.
* Updated the "user count" licensing logic on multisite networks - now the plugin counts the users on the network (more accurate).
* Full compatability with Flywheel's and WP Engine's seamless sign-on (no sign on is required).
* Revised and improved the text used in the 2FA SMS login process.
* Added all SMS 2FA text (used in wizards, login pages etc) to the whitelabelling options.
* Removed the 2FA plugin menu completely when access to the plugin is restricted to certain website admins.
* Added more strings to the Whitelabelling options.
* Removed a number of font files from the QR library since no text is used and it makes the plugin size smaller.
* Select2 library is now shipped directly with the plugin instead of it being downloaded from a CDN.
* Applied a number of performance improvements to the plugin - the loading mechanism is more efficient and determining when the plugin is needed and when not.
* Plugin no longer loads on the front-end part of the website - only on the shortcode page.
* Removed a number of JS and CSS scripts that were loading on the frontend and were made redundand.
* Full support for multsite networks using different domains for subsites - users are no longer required to access the network dashboad to set up 2FA.
* Improved the CSS in the whitelabelling settings so all the text in the 2FA code page can be edited, recoloured etc.
* Removed some code that was left in the plugin for backward compatability (no longer required at this stage).
* Removed all third party's admin notices from the plugin settings pages.
* The 2FA usage reports have also been improved so they report accurate numbers on a multsite network.
* Improved a number of error and users messages in the plugin.
* Updated the CSS of the backup codes wizard page to have the buttons all in one line.
* Plugin now automatically removes the extra space at the end of the one-time code if entered in the 2FA code prompt.
* Updated the CSS of the plugin's own admin notices so they fit better within the plugin's UI.
* Improved the text used in the wizards, especially the text used when setting up alternative 2FA methods.
* All plugin strings are now available on WPML.
* Plugin now displays the Twilio service error directly in the wizard when there are issues with the Twilio setup.

* **Bug fixes**
* Fixed: Cannot change the users phone number on Twilio unless you reset the 2FA configuration.
* Fixed: In some edge cases admins were unable to access the plugin settings, instead they were shown the policies page.
* Fixed: WP 2FA disconnects ManageWP sessions.
* Fixed: Rest 2FA configuration button in user profile missing when the license quota is reached.
* Fixed: Premium plugin ads still showing when Premium edition is activated on a multisite network.
* Fixed: The 2FA code page styling was not being saved when only changing the 2FA button colour.
* Fixed: Number of PHP warnings are triggered when WP 2FA is installed alongside Melapress Login Security.
* Fixed: Expired license on multisite network leads to a blockage of logins.
* Fixed: "Remember this device for 0 days" string shows up on the login page after rebranding the page (whitelabelling).
* Fixed: On some cases the users were not prompted for 2FA in the /my-account page on WooCommerce.
* Fixed: Plugin's private key not stored in wp-config.php file after permissions are updated.
* Fixed: Subscribers are not asked to set up 2FA even when 2FA is enforced when registering on a multisite network without subsites.
* Fixed a number of PHP notices when running the plugin on a multisite network with a specific PHP version (older versions).
* Fixed: Users can't set up SMS 2FA (over Twilio) after the grace period expires.