Submit Changelog
Track Changelogs

Wapu Auth – Google Social Login for WordPress & WooCommerce

Changelog

1.1.0

  • Added: Magic Link passwordless login — customers sign in via a secure one-click link emailed to them, no password required
  • Added: Google One Tap — non-intrusive one-click sign-in overlay without leaving the page
  • Added: Two-Factor Authentication (email OTP) — 6-digit codes expire after 10 minutes; configurable as optional per-user, required for admins, or required for all users
  • Added: Trusted Devices — devices that skip 2FA verification for a configurable number of days
  • Added: Active Sessions management — customers can view and revoke individual sessions or sign out all other devices from My Account
  • Added: Built-in SMTP mailer — configure a custom SMTP server for magic link and OTP email delivery directly from plugin settings
  • Added: Smart redirect post-login — after signing in on the cart or checkout page, customers are returned to that page instead of My Account
  • Added: Unified Security tab in WooCommerce My Account — consolidates 2FA settings, active sessions, trusted devices, and connected Google account into a single page
  • Improved: Disconnect Google account uses an in-page modal confirmation instead of a separate page
  • Fixed: SMTP Send Test button now sends to the logged-in admin’s email address (previously used the site admin email)

1.0.3

  • Added: Smart email detection warns users about typos (gmial.com → gmail.com) and disposable emails, suggesting Google login for a verified email address
  • Security: Destroy any pre-existing session before issuing a new auth cookie after Google login to prevent session fixation
  • Security: Fire the standard wp_login action on Google logins so security and 2FA plugins can hook in uniformly
  • Security: Full JWT validation for Google ID tokens (iss, aud, exp, RS256 signature against cached JWKS) now integrated into the main OAuth flow with automatic fallback to the /userinfo endpoint
  • Security: Sensitive fields (tokens, secrets, passwords) are now redacted from plugin logs
  • Added: Google profile picture is now synced on every login — the avatar stays in sync when users update their Google account picture
  • Added: Optional “Google Account” page in WooCommerce My Account where customers can review their connection and disconnect their Google account from their WordPress account (opt-in from the Integration tab)
  • Added: Toggle to preserve or delete all plugin data on uninstall (defaults to preserve)
  • Added: Toggle for “Remember me” behavior on Google logins
  • Added: WooCommerce checkout autofill using Google profile data (first name, last name, email)
  • Added: Info row on the plugins list showing the current data-retention choice
  • Changed: Minimum PHP requirement raised from 7.4 to 8.0
  • Changed: Client secret field now shows a protected placeholder — click “Change secret” to replace it, preventing accidental overwrite
  • Changed: Admin-only notification when a new user is created via Google (previously also emailed the new user)
  • Improved: Google user listing in analytics now uses a single WP_User_Query (removes N+1 query pattern)
  • Improved: Popup strings (“Show password” / “Hide password”) are now translatable
  • Improved: GeoIP lookup timeout reduced from 5s to 3s to avoid slowing down logins when providers are unreachable
  • Improved: WooCommerce settings are now cached per request to avoid repeated option lookups
  • Fixed: Cache headers are now sent on OAuth callback responses to prevent intermediaries from caching them

1.0.2

  • Fixed: Admin notices now display correctly in all languages (translation keys were in Spanish)
  • Fixed: Plugin name unified across readme.txt and plugin header
  • Changed: WooCommerce checkout button enabled by default for new installations
  • Added: Plugin URI in plugin header pointing to WordPress.org listing
  • Improved: Translation loading now uses load_plugin_textdomain() for GlotPress / language-pack compatibility
  • Updated: Tested up to WordPress 6.9.4 and WooCommerce 9.8.0

1.0.1

  • Fix: Admin notices now correctly persist their dismissed state across page reloads
  • Dev: PHPCS/WPCS coding standards improvements throughout the codebase

1.0.0

  • Initial release
  • Google OAuth 2.0 social login and registration
  • Customizable Google login button with live visual editor
  • Admin dashboard with social login analytics
  • Activity log with optional GeoIP tracking
  • Domain restriction feature (whitelist and blacklist) for social login access control
  • Sandbox mode for safe pre-launch Google login testing
  • Custom login and register form templates: Classic, Modern, Compact
  • Free WooCommerce social login integration — automatic button placement on login, register, and checkout forms
  • Shortcode support: [wapu_auth_button], [wapu_auth_login_form], [wapu_auth_register_form]
  • Full internationalization: English and Spanish included

Plugin Website
Visit website

Author
Victor Flores
Version:
1.1.0
Last Updated
April 26, 2026
Active Installs
30
Requires
WordPress 6.0
Tested Up To
WordPress 6.9.4
Requires PHP
8.0

Share Post

Join our newsletter.

Get insights into what’s happening at ChangelogWP right in your inbox. We don’t believe in spam.