== Changelog ==

= 3.2.3 =
* Broadened MFA state cookie scope to the site root for wider path coverage.
* Fixed Active Lockouts counter not showing on the local Logs page.

= 3.2.2 =
* Improved MFA rescue link compatibility on hosts with external object cache enabled.

= 3.2.1 =
* Fixed rescue link behavior and updated the format.
* 2FA is pre-selected for administrators; when no user groups are selected, 2FA stays disabled.

= 3.2.0 =
* Improved WooCommerce registration protection in cloud mode.
* Refactored third-party integrations into a unified architecture (WooCommerce, MemberPress).

= 3.1.0 =
* Added technical details to the network issue notice.
* Fixed logo rendering in Gmail MFA notifications.
* Improved local risk indicator thresholds and refactored rendering.
* Improved compatibility with WPS Hide Login, WooCommerce, and MemberPress login flows; added WooCommerce cloud registration checks.

= 3.0.2 =
* Hardened admin tab parameter (whitelist, strict checks) before loading tab views.
* Onboarding: redirect to Dashboard when setup is incomplete and a tab other than Dashboard is opened.
* Failed-login email subject: numbered placeholders for translation-friendly word order (e.g. for Dutch).
* Onboarding popup: hide body scroll while open, restore on close; focus modal content.

= 3.0.1 =
* Hardened MFA security.
* MFA UI improved.
* Refactored the codebase.

= 3.0.0 =
* Implemented two-factor authentication.
* Refactored the codebase.

= 2.26.28 =
* Added user notification for failed /info API requests.
* Fixed the MC notice URL.
* First step of onboarding - UX improved.

= 2.26.27 =
* PHP 5.6 compatibility fix.

= 2.26.26 =
* Added login URL to notification emails for better debugging.

= 2.26.25 =
* Fixed MemberPress compatibility.
* Fixed a popup notice when a user was on the whitelist (local mode).
* Added the individual domain to the notification email subject.
* Updated formatting of the cloud login link.
* Improved onboarding popup behavior.

= 2.26.24 =
* Fixed: json_decode(): Passing null to parameter #1 ($json) of type string is deprecated warning.
* Help and extensions page visual changes.
* Assets cleanup.

= 2.26.23 =
* Fixed conflict with Hub and similar themes.
* Reorganized links.

= 2.26.22 =
* Fixed REMOTE_ADDR if server is misconfigured.
* Lint.

= 2.26.21 =
* Update notice position corrected.
* Debug tab - more info added.
* Lint.

= 2.26.20 =
* Fixed formatting issues for Safari on some pages.
* Added displaying of Customer ID.
* Menu minor fix.
* Onboarding process updated.

= 2.26.19 =
* Added links to the IP2Location page.

= 2.26.18 =
* Better displaying IPv6 in the log.

= 2.26.17 =
* Added default registration protection for cloud accounts (free and paid).

= 2.26.16 =
* Fixed GDPR message issue for some themes.

= 2.26.15 =
* Fixed translation compatibility with WordPress 6.7.
* Fixed GDPR message on the Woocommerce login page.
* Fix: load login-page-styles.css (on wp-login.php) only if it is necessary (thanks to georgejipa).
* CSS fixes.

= 2.26.14 =
* Improved compatibility with custom login pages, including WooCommerce and UltimateMember.
* Standardized display of login messages.
* A new Custom Error Message setting is added. The message is being appended to all asynchronous messages.
* Fixed translation compatibility with WordPress 6.7.
* CSS fixes.

= 2.26.13 =
* New "llar_admin" capability added to let other roles access the plugin.
* CSS fixes.
* Sticky headers added to the log tables.
* Small interface changes.

= 2.26.12 =
* Better displaying IPv6 in successful login attempts block.
* Possible intersections in tabs with other plugins fixed.
* PHP 8, 9 compatibility updates.
* Refactoring.

= 2.26.11 =
* Fixed possible style conflicts related to tables.
* Fixed possible PHP warnings.
* Fixed some I18N issues, thanks to alexclassroom!
* Better displaying multiple roles in login logs.

= 2.26.10 =
* Log of successful login attempts implemented for Micro Cloud (Free) and Premium users.
* Checklist of recommended actions implemented.
* Settings page reorganized.

= 2.26.9 =
* Chart library updated.

= 2.26.8 =
* Fixed possible WooCommerce conflict.

= 2.26.7 =
* Better informing on Micro Cloud.

= 2.26.6 =
* Micro Cloud API url fix.

= 2.26.5 =
* Better informing on cloud status.

= 2.26.4 =
* Added country translation.
* Better Micro Cloud API response handling.
* A link fixed.

= 2.26.3 =
* CSS issue fixed on Logs tab.

= 2.26.2 =
* CSS issue fixed.

= 2.26.1 =
* Micro Cloud link fixed.

= 2.26.0 =
* New design.
* Free Micro Cloud plan introduced.

= 2.25.29 =
* A link fixed.

= 2.25.28 =
* Improved cloud charts.

= 2.25.27 =
* Security improvement: Better shortcode escaping.
* Fixed date formatting on the logs page.
* Fixed top menu links on the front-end.
* Badge added to the top menu.

= 2.25.26 =
* Security improvement: Different nonce for each AJAX action.
* Security improvement: The toggle_auto_update_callback checks for the update_plugins cap.

= 2.25.25 =
* PHP 8.2/9 compatibility improved, thanks to Jer Turowetz!
* Button size and text typo fixed.

= 2.25.24 =
* Better loading of translations.
* Fixed PHP warning related to menu.

= 2.25.23 =
* Better side menu.
* Fixed I18N issues, thanks to alexclassroom!

= 2.25.22 =
* Interface changes.
* Tested with WP 6.3.

= 2.25.21 =
* Optimization: autoload for large options turned off.
* Interface changes.

= 2.25.20 =
* Fix against network requests caching removed b/c some misconfigured servers can't handle it.

= 2.25.19 =
* Better handling of network connection issues.
* Fixed responsive formatting on dashboard.
* Added fix against network requests caching.

= 2.25.18 =
* Fixed errors occurring in situations where two versions of the plugin are installed (which should not normally happen).

= 2.25.17 =
* Refactoring.
* Server load reducing optimization.

= 2.25.16 =
* Double slashes in paths removed.
* Better handling of cloud response codes.

= 2.25.15 =
* Error messages logic fixed.

= 2.25.14 =
* Multisite support improved.
* CSS outside of the plugin issue fixed.
* Better number formatting on the dashboard.
* Lockout email template updated.

= 2.25.13 =
* Ultimate Member compatibility.
* Fixed conflicting URL parameters in some rare cases.
* Updated attempts counter logic.

= 2.25.12 =
* Fixed IPv4 validation when passed with a port number.
* Fixed texts and translations.

= 2.25.11 =
* PHP 8 compatibility fixed.
* Logs loading issue fixed.
* Help and Extensions tabs added.
* Notification about auto updates added.
* Displaying of plugin version added.
* Text changes made.

= 2.25.10 =
* Tested with PHP 8.
* Small styles refactoring.
* Fixed a rare issue with events log not being displayed correctly.
* Chart library updated.

= 2.25.9 =
* Welcome page replaced with a modal.

= 2.25.8 =
* Email text, links updated.

= 2.25.7 =
* Country flags added to log.
* Refresh button added to log.
* Email text updated.

= 2.25.6 =
* Email links updated.

= 2.25.5 =
* Fixed Woocommerce integration.
* Updated some interface links.

= 2.25.4 =
* Fixed session error in rare cases.
* Access rules explained.
* Improved session behavior on the login page.
* Fixed warning on some GoDaddy installations.

= 2.25.3 =
* Improved compatibility with WordFence.
* Better handling of HTTP_X_FORWARDED_FOR on Debug tab.
* Added option to hide warning badge.

= 2.25.2 =
* Security indicator fixed for multisite.

= 2.25.1 =
* Added setting to turn the dashboard widged off.
* The widget is visible to admins only.

= 2.25.0 =
* Dashboard widged added.
* Security indicator added.

= 2.24.1 =
* Fixed E_ERROR occurring in rare cases when the log table is corrupted.

= 2.24.0 =
* Protection increased: bots can't parse lockout messages anymore.

= 2.23.2 =
* Cloud: better unlock UX.
* Litle cleanup.

= 2.23.1 =
* Added infinite scroll for cloud logs.

= 2.23.0 =
* Reduced plugin size by removing obsolete translations.
* Cleaned up the dashboard.
* Cloud: added information about auto/manually-blocked IPs.
* GDPR: added an option to insert a link to a Privacy Policy page via a shortcode, clarified GDPR compliance.

= 2.22.1 =
* IP added to the email subject.

= 2.22.0 =
* Added support of CIDR notation for specifying IP ranges.
* Texts updated.
* Refactoring.

= 2.21.1 =
* Fixed: Uncaught Error: Call to a member function stats()
* Cloud API: added block by country.
* Refactoring.

= 2.21.0 =
* GDPR compliance: IPs obfuscation replaced with a customizable consent message on the login page.
* Cloud API: fixed removing of blocked IPs from the access lists under certain conditions.
* Cloud API: domain for Setup Code is taken from the WordPress settings now.

= 2.20.6 =
* Multisite tab links fixed.

= 2.20.5 =
* Option to show and hide the top-level menu item.

= 2.20.4 =
* Sucuri compatibility verified.
* Wordfence compatibility verified.
* Better menu navigation.
* Timezones fixed for the global chart.

= 2.20.3 =
* More clear wording.
* Cloud API: fixed double submit in the settings form.
* Better displaying of stats.

= 2.20.2 =
* Updated email text.

= 2.20.1 =
* New dashboard more clear stats.

= 2.20.0 =
* New dashboard with simple stats.

= 2.19.2 =
* Texts and links updated.

= 2.19.1 =
* Welcome page.
* Image and text updates.

= 2.19.0 =
* Refactoring.
* Feedback message location fixed.
* Text changes.

= 2.18.0 =
* Cloud API: usage chart added.
* Text changes.

= 2.17.4 =
* Missing jQuery images added.
* PHP 5 compatibility fixed.
* Custom App setup link replaced with setup code.

= 2.17.3 =
* Plugin pages message.

= 2.17.2 =
* Lockout notification refactored.

= 2.17.1 =
* CSS cache issue fixed.
* Notification text updated.

= 2.17.0 =
* Refactoring.
* Email text and notification updated.
* New links in the list of plugins.

= 2.16.0 =
* Custom Apps functionality implemented. More details: https://limitloginattempts.com/app/

= 2.15.2 =
* Alternative method of closing the feedback message.

= 2.15.1 =
* Refactoring.

= 2.15.0 =
* Reset password feature has been removed as unwanted.
* Small refactoring.

= 2.14.0 =
* BuddyPress login error compatibility implemented.
* UltimateMember compatibility implemented.
* A PHP warning fixed.

= 2.13.0 =
* Fixed incompatibility with PHP < 5.6.
* Settings page layout refactored.

= 2.12.3 =
* The feedback message is shown for admins only now, and it can also be closed even if the site has issues with AJAX.

= 2.12.2 =
* Fixed the feedback message not being shown, again.

= 2.12.1 =
* Fixed the feedback message not being shown.

= 2.12.0 =
* Small refactoring.
* get_message() - fixed error notices.
* This is the first time we are asking you for a feedback.

= 2.11.0 =
* Blacklisted usernames can't be registered anymore.

= 2.10.1 =
* Fixed: GDPR compliance option could not be selected on the multisite installations.

= 2.10.0 =
* Debug information has been added for better support.

= 2.9.0 =
* Trusted IP origins option has been added.

= 2.8.1 =
* Extra lockout options are back.

= 2.8.0 =
* The plugin doesn't trust any IP addresses other than _SERVER["REMOTE_ADDR"] anymore. Trusting other IP origins make protection useless b/c they can be easily faked. This new version provides a way of secure IP unlocking for those sites that use a reverse proxy coupled with misconfigurated servers that populate _SERVER["REMOTE_ADDR"] with wrong IPs which leads to mass blocking of users.

= 2.7.4 =
* The lockout alerts can be sent to a configurable email address now.

= 2.7.3 =
* Settings page is moved back to "Settings".

= 2.7.2 =
* Settings are moved to a separate page.
* Fixed: login error message. https://wordpress.org/support/topic/how-to-change-login-error-message/

= 2.7.1 =
* A security issue inherited from the ancestor plugin Limit Login Attempts has been fixed.

= 2.7.0 =
* GDPR compliance implemented.
* Fixed: ip_in_range() loop $ip overrides itself causing invalid results. https://wordpress.org/support/topic/ip_in_range-loop-ip-overrides-itself-causing-invalid-results/
* Fixed: the plugin was locking out the same IP address multiple times, each with a different port. https://wordpress.org/support/topic/same-ip-different-port/

= 2.6.3 =
* Added support of Sucuri Website Firewall.

= 2.6.2 =
* Fixed the issue with backslashes in usernames.

= 2.6.1 =
* Plugin returns the 403 Forbidden header after the limit of login attempts via XMLRPC is reached.
* Added support of IP ranges in white/black lists.
* Lockouts now can be released selectively.
* Fixed the issue with encoding of special symbols in email notifications.

= 2.5.0 =
* Added Multi-site Compatibility and additional MU settings. https://wordpress.org/support/topic/multisite-compatibility-47/

= 2.4.0 =
* Usernames and IP addresses can be white-listed and black-listed now. https://wordpress.org/support/topic/banning-specific-usernames/ https://wordpress.org/support/topic/good-831/
* The lockouts log has been inversed. https://wordpress.org/support/topic/inverse-log/

= 2.3.0 =
* IP addresses can be white-listed now. https://wordpress.org/support/topic/legal-user/
* A "Gateway" column is added to the lockouts log. It shows what endpoint an attacker was blocked from. https://wordpress.org/support/topic/xmlrpc-7/
* The "Undefined index: client_type" error is fixed. https://wordpress.org/support/topic/php-notice-when-updating-settings-page/

= 2.2.0 =
* Removed the "Handle cookie login" setting as they are now obsolete.
* Added bruteforce protection against Woocommerce login page attacks. https://wordpress.org/support/topic/how-to-integrate-with-woocommerce-2/
* Added bruteforce protection against XMLRPC attacks. https://wordpress.org/support/topic/xmlrpc-7/

= 2.1.0 =
* The site connection settings are now applied automatically and therefore have been removed from the admin interface.
* Now compatible with PHP 5.2 to support some older WP installations.

= 2.0.0 =
* fixed PHP Warning: Illegal offset type in isset or empty https://wordpress.org/support/topic/limit-login-attempts-generating-php-errors
* fixed the deprecated functions issue https://wordpress.org/support/topic/using-deprecated-function
* Fixed error with function arguments: https://wordpress.org/support/topic/warning-missing-argument-2-5
* added time stamp to unsuccessful tries on the plugin configuration page.
* fixed .po translation files issue.
* code refactoring and optimization.
