Compliance: renamed internal prefix from paad_ (4 characters) to pageauth_ (8 characters) across functions, constants, options, transients, user meta, nonces, AJAX actions, hooks, page slug, CSS classes, HTML IDs, and JavaScript data attributes. The new prefix is unique, brand-aligned, and far less likely to collide with any other plugin
Migration: existing allowlist, audit log, and login-blocking preference are migrated transparently on upgrade from either prior prefix (paad_ from 1.9.1 or aed_ from 1.9.0 and earlier)
Compatibility: both legacy settings URLs (users.php?page=aed-settings and users.php?page=paad-settings) now redirect to the current pageauth-settings slug
Cleanup: uninstall.php removes both the current and all legacy option, transient, and user-meta keys, so removal is clean regardless of which version was last installed
1.9.1
Compliance: renamed internal prefix from aed_ (3 characters) to paad_ (4 characters) across functions, constants, options, transients, nonces, AJAX actions, page slug, CSS classes, and HTML IDs to meet WordPress.org Plugin Directory naming requirements.
Migration: existing allowlist, audit log, and login-blocking preference are migrated transparently on upgrade.
Compatibility: legacy users.php?page=aed-settings URL now redirects to the new paad-settings slug.
Cleanup: rewrote uninstall.php to actually remove the options the plugin stores (the previous file targeted a key prefix that was never written), and added cleanup for legacy aed_* keys.
1.9.0
Security: nonce verification now runs before capability checks and before any input processing in the audit-domain-add and user-delete handlers
Security: programmatic user creation in admin context (admin-ajax, importers, REST in admin) is no longer silently allowed; only the user-edit/user-new screens defer to the inline error path
Performance: existing-user audit query is paginated to avoid loading every user into memory on large sites
Feature: deleting an unauthorized user who owns posts or pages now opens a confirmation modal with a dropdown of compliant users for content reassignment, or an explicit “delete content” option
Feature: success notice when a domain is added directly from the audit
Feature: clearer error notices for delete failures (missing user, current user, super admin, allowed-now, content-without-confirmation, invalid reassignment target)
Hardening: server-side failsafe refuses to delete a user with owned content unless reassignment or explicit content-delete is specified
Hardening: reassignment target is revalidated as a real, compliant user before deletion proceeds
Cleanup: removed dead query-parameter handling, consistent input handling throughout
1.8.15
Removed redundant GitHub plugin site link from the Plugins screen.
1.8.14
Added GitHub plugin metadata link on the WordPress Plugins screen.
Added Page Authority author URL metadata.
1.8.12
Cleaned and consolidated changelog entries
1.8.11
Updated WordPress.org plugin slug and text domain compatibility
Fixed automated scan compatibility issues
1.8.9
Renamed plugin to “Page Authority – Allowed Domains”
1.8.2
Added unauthorized user audit tools
Added quick actions for adding domains and deleting users
1.8.1
Added login enforcement protections for unauthorized domains
1.8.0
Added WooCommerce, REST API, and multisite enforcement support
1.7.0
Added GitHub update compatibility support
Improved admin navigation and documentation
1.6.0
Improved validation, admin UX, and security handling
1.5.0
Added uninstall cleanup and compatibility metadata
