Abilities API implemented: password policies are now available in WordPress MCP server
Direct access protection added to all PHP files
Dependencies updated
Formatting updates
Unnecessary translation files removed since these are loaded from WordPress.org
Do not hardcode wp-login.php path for login form
Code improvements
3.5.0 (2026-01-28)
Support for restricting certain characters in passwords implemented
Dependencies updated
Code improvements
3.4.1 (2026-01-12)
Harden handling of the “allow_password_reset” filter to improve compatibility with third-party plugins
3.4.0 (2025-11-28)
Compatibility with WordPress 6.9 confirmed
Dependencies updated
Code improvements
3.3.0 (2025-09-19)
New feature: require users to provide their current password before changing it
New feature: added the ability to exclude certain users from being covered by the password policy (through PHP filter); this is useful when certain users are managed externally and we don’t want to enforce the password policy on them (for example: users who log in through an SSO provider)
Compliance checks against the password policy refactored to avoid having duplicated logic in various modules
Dependencies updated
Code improvements
3.2.2 (2025-07-24)
Dependencies updated
Code improvements
3.2.1 (2025-07-04)
Plugin’s readme.txt file updated
3.2.0 (2025-07-01)
Network activation process improved
Password expiry check on user interaction improved
Automated, conditional logout after plugin settings changes are saved implemented for current user affected by the new policy
Plugin container loader optimized to avoid duplicated instantiations
Plugin name updated to avoid confusion, now matching the project’s name
