Submit Changelog
Track Changelogs

MksDdn Reddy Auth

Changelog

1.0.0

  • Do not require Bearer on HTTP OPTIONS when REST API content lock is enabled (CORS preflight for cross-origin SPAs).
  • Stable 1.0.0 release.

0.1.4

  • Admin settings for bot message texts: OTP template ({code}, {ttl}) and connection test message.
  • Filter mksddn_reddy_otp_message still overrides the final OTP text after the admin template is applied.
  • Filter mksddn_reddy_bot_test_message for customizing the connection test message.

0.1.3

  • REST login no longer sets a WordPress cookie by default. Optional issue_session parameter (default false); use issue_token for Bearer auth. Shortcode login still sets a cookie.
  • Protect site content uses cookie sessions only; Protect all REST API content requires Bearer tokens. Documented split between monolith and REST protection.
  • Revoke all Bearer tokens and destroy WordPress sessions when a WordPress user is deleted.
  • Bearer token validation requires an active _mksddn_reddy_id user meta mapping.
  • Site and REST content lock: WP staff with edit_posts (administrator, editor) bypass Reddy-only lock without OTP.
  • Filter mksddn_reddy_content_lock_bypass to customize lock bypass per user.
  • More reliable login page detection for monolith content lock (configured page, URL path, shortcode fallback).
  • REST content lock respects existing authentication errors before enforcing Reddy check.

0.1.2

  • Direct Reddy terms of use and privacy policy links in External services readme section.
  • Require cookie session or Bearer token authentication for POST /auth/logout REST endpoint.

0.1.1

  • External services disclosure in readme for Reddy bot API (OTP delivery).
  • Safer defaults: site and REST protection disabled until explicitly enabled in settings.
  • Monolith content lock skipped until a login page or shortcode page is configured.
  • Admin setup notice after activation pointing to Settings > Reddy Auth.
  • Uninstall cleanup removes plugin-owned transients (OTP and rate-limit state).
  • Optional Allowed request sources for plugin REST endpoints (Origin/Referer allowlist, HTTP 403 when mismatched).
  • Updated plugin metadata (GitHub URIs, license, WordPress and PHP requirements).
  • Tested up to WordPress 7.0.
  • Hardened REST middleware: sanitize request URI before route checks.
  • Clearer rate limit labels and field descriptions in settings.
  • Improved uninstall cleanup and WPCS compliance across core files.
  • Removed redundant textdomain loader (WordPress auto-loads plugin translations).

0.1.0

  • Initial MVP release.

Plugin Website
Visit website

Author
Max
Version:
1.0.0
Last Updated
June 3, 2026
Requires
WordPress 6.2
Tested Up To
WordPress 7.0
Requires PHP
7.4

Share Post

Join our newsletter.

Get insights into what’s happening at ChangelogWP right in your inbox. We don’t believe in spam.