Two Factor

0.15.0 – 2026-02-13

• Breaking Changes: Trigger two-factor flow only when expected by @kasparsd in #660 and #793.
• New Features: Include user IP address and contextual warning in two-factor code emails by @todeveni in #728
• New Features: Optimize email text for TOTP by @masteradhoc in #789
• New Features: Add “Settings” action link to plugin list for quick access to profile by @hardikRathi in #740
• New Features: Additional form hooks by @eric-michel in #742
• New Features: Full RFC6238 Compatibility by @ericmann in #656
• New Features: Consistent user experience for TOTP setup by @kasparsd in #792
• Documentation: @since docs by @masteradhoc in #781
• Documentation: Update user and admin docs, prepare for more screenshots by @jeffpaul in #701
• Documentation: Add changelog & credits, update release notes by @jeffpaul in #696
• Documentation: Clear readme.txt by @masteradhoc in #785
• Documentation: Add date and time information above TOTP setup instructions by @masteradhoc in #772
• Documentation: Clarify TOTP setup instructions by @masteradhoc in #763
• Documentation: Update RELEASING.md by @jeffpaul in #787
• Development Updates: Pause deploys to SVN trunk for merges to master by @kasparsd in #738
• Development Updates: Fix CI checks for PHP compatability by @kasparsd in #739
• Development Updates: Fix Playground refs by @kasparsd in #744
• Development Updates: Persist existing translations when introducing new helper text in emails by @kasparsd in #745
• Development Updates: Fix missing_direct_file_access_protection by @masteradhoc in #760
• Development Updates: Fix mismatched_plugin_name by @masteradhoc in #754
• Development Updates: Introduce Props Bot workflow by @jeffpaul in #749
• Development Updates: Plugin Check: Fix Missing $domain parameter by @masteradhoc in #753
• Development Updates: Tests: Update to supported WP version 6.8 by @masteradhoc in #770
• Development Updates: Fix PHP 8.5 deprecated message by @masteradhoc in #762
• Development Updates: Exclude 7.2 and 7.3 checks against trunk by @masteradhoc in #769
• Development Updates: Fix Plugin Check errors: MissingTranslatorsComment & MissingSingularPlaceholder by @masteradhoc in #758
• Development Updates: Add PHP 8.5 tests for latest and trunk version of WP by @masteradhoc in #771
• Development Updates: Add phpcs:ignore for falsepositives by @masteradhoc in #777
• Development Updates: Fix(totp): otpauth link in QR code URL by @sjinks in #784
• Development Updates: Update deploy.yml by @masteradhoc in #773
• Development Updates: Update required WordPress Version by @masteradhoc in #765
• Development Updates: Fix: ensure execution stops after redirects by @sjinks in #786
• Development Updates: Fix WordPress.Security.EscapeOutput.OutputNotEscaped errors by @masteradhoc in #776
• Dependency Updates: Bump qs and express by @dependabot[bot] in #746
• Dependency Updates: Bump lodash from 4.17.21 to 4.17.23 by @dependabot[bot] in #750
• Dependency Updates: Bump lodash-es from 4.17.21 to 4.17.23 by @dependabot[bot] in #748
• Dependency Updates: Bump phpunit/phpunit from 8.5.44 to 8.5.52 by @dependabot[bot] in #755
• Dependency Updates: Bump symfony/process from 5.4.47 to 5.4.51 by @dependabot[bot] in #756
• Dependency Updates: Bump qs and body-parser by @dependabot[bot] in #782
• Dependency Updates: Bump webpack from 5.101.3 to 5.105.0 by @dependabot[bot] in #780

0.14.2 – 2025-12-11

• New Features: Add filter for rest_api_can_edit_user_and_update_two_factor_options by @gutobenn in #689
• Development Updates: Remove Coveralls tooling and add inline coverage report by @kasparsd in #717
• Development Updates: Update blueprint path to pull from main branch instead of a deleted f… by @georgestephanis in #719
• Development Updates: Fix blueprint and wporg asset deploys by @kasparsd in #734
• Development Updates: Upload release only on tag releases by @kasparsd in #735
• Development Updates: Bump playwright and @playwright/test by @dependabot[bot] in #721
• Development Updates: Bump tar-fs from 3.1.0 to 3.1.1 by @dependabot[bot] in #720
• Development Updates: Bump node-forge from 1.3.1 to 1.3.2 by @dependabot[bot] in #724
• Development Updates: Bump js-yaml by @dependabot[bot] in #725
• Development Updates: Mark as tested with the latest WP core version by @kasparsd in #730

0.14.1 – 2025-09-05

• Don’t URI encode the TOTP url for display. by @dd32 in #711
• Removed the duplicate Security.md by @slvignesh05 in #712
• Fixed linting issues by @sudar in #707
• Update development dependencies and fix failing QR unit test by @kasparsd in #714
• Trigger checkbox js change event by @gedeminas in #688

0.14.0 – 2025-07-03

• Features: Enable Application Passwords for REST API and XML-RPC authentication (by default) by @joostdekeijzer in #697 and #698. Previously this required two_factor_user_api_login_enable filter to be set to true which is now the default during application password auth. XML-RPC login is still disabled for regular user passwords.
• Features: Label recommended methods to simplify the configuration by @kasparsd in #676 and #675
• Documentation: Add WP.org plugin demo by @kasparsd in #667
• Documentation: Document supported versions of WP core and PHP by @jeffpaul in #695
• Documentation: Document the release process by @jeffpaul in #684
• Tooling: Remove duplicate WP.org screenshots and graphics from SVN trunk by @jeffpaul in #683

0.13.0 – 2025-04-02

• Add two_factor_providers_for_user filter to limit two-factor providers available to each user by @kasparsd in #669
• Update automated testing to cover PHP 8.4 and default to PHP 8.3 by @BrookeDot in #665

View the complete changelog details here.