v2.8

What's Changed

• [Added] Native honeypot protection for Magic Login forms.
• [Updated] Dependencies.
  • Bump flatted from 3.4.1 to 3.4.2 by @dependabot[bot] in #70
  • Bump picomatch by @dependabot[bot] in #71
  • Bump node-forge from 1.3.3 to 1.4.0 by @dependabot[bot] in #72
  • Bump lodash-es from 4.17.23 to 4.18.1 by @dependabot[bot] in #73
  • Bump lodash from 4.17.23 to 4.18.1 by @dependabot[bot] in #75
  • Bump basic-ftp from 5.2.0 to 5.2.2 by @dependabot[bot] in #76
  • Bump axios from 1.13.6 to 1.15.0 by @dependabot[bot] in #77
  • Bump follow-redirects from 1.15.11 to 1.16.0 by @dependabot[bot] in #78
  • Bump dompurify from 3.3.3 to 3.4.0 by @dependabot[bot] in #79

Full Changelog: 2.7.1...2.8

v2.7.1

[Fixed] Settings import failing on some sites due to restricted MIME type filters when uploading JSON files.

v2.7

What's Changed

• [Added] Friendly captcha. (UI)
• [Improved] Load fonts locally to enhance privacy.
• [Improved] Added nonce validation to AJAX-based login requests.
• [Improved] Added final login redirect validation for both standard and AJAX login flows.
• [Improved] Strengthened the randomness used for generated email login codes.
• [Added] Added a per-user safeguard to limit repeated login emails for the same account.
• [Updated] Dependencies.
  • Bump basic-ftp from 5.0.5 to 5.2.0 by @dependabot[bot] in #65
  • Bump dompurify from 3.3.0 to 3.3.2 by @dependabot[bot] in #69
  • Bump svgo from 3.3.2 to 3.3.3 by @dependabot[bot] in #67
  • Bump immutable from 5.1.4 to 5.1.5 by @dependabot[bot] in #66
  • Bump @tootallnate/once and @wordpress/scripts by @dependabot[bot] in #68
• Tested with WP 7.0

Full Changelog: 2.6.3...2.7

v2.6.3

What's Changed

• Bump js-yaml by @dependabot[bot] in #55
• Bump node-forge from 1.3.1 to 1.3.2 by @dependabot[bot] in #56
• Bump lodash from 4.17.21 to 4.17.23 by @dependabot[bot] in #60
• Bump lodash-es from 4.17.21 to 4.17.23 by @dependabot[bot] in #59
• Bump qs and express by @dependabot[bot] in #58
• Bump phpunit/phpunit from 9.6.16 to 9.6.33 by @dependabot[bot] in #62
• Bump qs and body-parser by @dependabot[bot] in #61
• Bump qs from 6.14.1 to 6.14.2 by @dependabot[bot] in #64
• Bump webpack from 5.102.1 to 5.105.0 by @dependabot[bot] in #63

Full Changelog: 2.6.2...2.6.3

v2.6.2

• [Added] Admin notice when placeholder encryption keys/salts are in use.
• [Fixed] Added capability checks for the settings page.
• [Fixed] Improved validation of $_SERVER variables.
• [Improved] Settings import file validation.

Full Changelog: 2.6.1...2.6.2

v2.6.1

What's Changed

• Tested with WP 6.9
• [Updated] Dependencies.
  • Bump axios from 1.10.0 to 1.11.0 by @dependabot[bot] in #50
  • Bump tar-fs from 3.1.0 to 3.1.1 by @dependabot[bot] in #52
  • Bump tmp and inquirer by @dependabot[bot] in #53
  • Bump playwright and @playwright/test by @dependabot[bot] in #54

Full Changelog: 2.6...2.6.1

v2.6

• [Added] Ability to override TTL and token validity on a per-user basis.
• [Updated] Dependency packages to latest versions.
• Read the full update: Magic Login PRO 2.6

v2.5.1

• [Added] No-cache headers for magic login links to prevent caching issues.

v2.5

• [New] Tools Section – Added reset, export, and import options in the settings panel. Learn more
• [Updated] Settings UI – Visual and structural improvements to reflect new PRO features.
• [Updated] Dependencies.
• [Changed] Minimum PHP version raised to 7.4.
• Read the full update: Magic Login 2.5

v2.4.2

• [Added] New filter magic_login_email_placeholders to customize email placeholders.
• [Updated] Dependencies.
• Tested with WP 6.8