DB Solution – 2FA

16.0

• Fix: the custom login URL no longer replaces WordPress login URLs globally, so the hidden slug is not exposed by normal login redirects.
• Update: expanded the WordPress.org description with feature highlights and FAQ content.

15.13

• Fix: sanitized the AJAX option value in a way accepted by WordPress coding standards.
• Fix: preserved the login remember-me choice without reading unsanitized form data directly.
• Update: declared compatibility through WordPress 7.0 for the WordPress 7 test site.
• Update: rewrote the readme short description and description in standard English.

15.12

• Security: added a 5-attempt limit for each OTP code.
• Security: the remember-me cookie is used only when selected by the user.

15.11

• Fix: removed inline helper functions unavailable in the login context to avoid fatal errors.

15.10

• Update: added the countdown to the 2FA verification screen.
• Update: updated the email footer with the site name and plugin by Unicorn Designer.

15.9

• Update: main toggles and simple fields now save automatically without a general save button.
• Update: the manual save button remains only in the IP blocking card with the label Save blocked IPs.

15.8

• Update: redesigned the settings interface with custom cards, icons, and colors.
• Update: replaced classic WordPress tabs with pill navigation.
• Compatibility: kept the code compatible with PHP 8.3 and PHP 8.4 without PHP 8.5-only features.

15.7

• Update: removed the large header card from the settings page.
• Update: refreshed the settings design with lighter cards.
• New: added the access attempts tab with username or email, IP address, browser, date, and result.
• Security: attempted passwords are never stored in the log.

15.6

• Update: removed the global switch from the interface and public logic.
• New: added the IP blocking section with support for single IP addresses and CIDR networks.
• Update: refreshed the admin design for settings, guide, and credits.

15.5

• Update: declared compatibility through WordPress 6.9.
• Update: separated the global control from 2FA activation.
• New: added a dedicated Enable Email 2FA option.
• New: added a confirmation notice before enabling email-based 2FA.
• Fix: login monitoring works even when 2FA is not active.
• Update: rewrote guide and credits text.

15.4

• New: added Strict Mode security that locks OTP verification to IP address and user agent.
• New: added OTP expiration time setting.
• New: added settings saved confirmation message.
• Fix: sanitized server variables and inputs according to WordPress coding standards.

15.3

• Fix: moved CSS and JS to external files and enqueued them properly.
• Fix: removed the assets folder from the plugin ZIP.

15.2

• Update: renamed plugin slug, text domain, and prefixes to db-solution-2fa.

15.1.5

• Security improvements: strict sanitization and nonce checks.
• Removed the internal updater to comply with WordPress.org repository standards.

15.1.1

• Standard fix for WordPress.org compliance.

15.1.0

• Full integration into the DB Solution suite.
• New modular and modern user interface.
• Code refactoring for performance and security.

15.0.0

• Previous standalone version.