WebberZone Link Warnings

Changelog

1.4.0 (23 May 2026)

Version 1.4.0 Release Post

New Features

  • Excluded domains now support wildcard entries: *.example.com matches any subdomain of example.com but not the base domain itself. Plain entries (e.g. example.com) match that exact domain only. Add both to exclude a domain and all its subdomains.
  • Excluded domains are now honoured by the sitewide JavaScript scan, not just PHP content processing. Previously, links excluded in settings could still be flagged as external by the JS scan on navigation menus, footers, and widgets.
  • All four class settings (Suppress Icon Class, Suppress Icon Wrapper Class, Force External Class, Force External Wrapper Class) now accept comma-separated values, allowing multiple class names per setting.

Bug Fixes

  • Excluded domains with target=”_blank” in scope=both mode no longer incorrectly show a modal or redirect warning when processed by the JavaScript scanner. ARIA attributes are still applied for screen reader accessibility.

1.3.0 (1 May 2026)

Version 1.3.0 Release Post

New Features

  • Sitewide link processing: JavaScript now scans the full rendered page on load and applies warnings to links in navigation menus, footers, sidebars, widgets, and any other theme output — not just post content. All four CSS class rules (wzlw-force-external, wzlw-force-external-wrapper, wzlw-no-icon, wzlw-no-icon-wrapper) work everywhere on the page.

Bug Fixes

  • Links inside wzlw-no-icon-wrapper now correctly receive data-wzlw-* attributes so the redirect/modal warning still fires; only the visual icon is suppressed.

1.2.0 (14 April 2026)

Version 1.2.0 Release Post

New Features

  • Add wzlw-force-external / wzlw-force-external-wrapper class support to force links to be treated as external regardless of automatic detection. Both class names are configurable under Settings > Advanced.
  • The wzlw-no-icon and wzlw-no-icon-wrapper class names are now configurable under Settings > Advanced.

Security

  • Redirect endpoint now requires an HMAC signature on every URL. Unsigned or tampered URLs are rejected, preventing open-redirect abuse.

Bug Fixes

  • Redirect URLs with HMAC signatures were broken due to double-encoding of the & separator in HTML output.
  • Redundant URL encoding in get_redirect_url() caused malformed redirect URLs.
  • Same-host check now normalises hostnames before comparison, so variants like EXAMPLE.COM or example.com. are treated as internal.
  • Excluded domains now match correctly when entered with a scheme or trailing path.

1.1.0 (14 March 2026)

Version 1.1.0 Release Post

New Features

  • Add wzlw-no-icon-wrapper class support — add it to any wrapper element to exclude all links inside it from visual indicators.

Improvements

  • Enhanced modal accessibility: background content is now hidden from screen readers when the modal is open, URL display includes a screen reader label, buttons have fallback accessible names, and the Continue button announces “opens in a new window” for target=”_blank” links.

1.0.0 (7 March 2026)

Version 1.0.0 Release Post

  • Initial release.

Plugin Website
Visit website

Author
Ajay
Version:
1.4.0
Last Updated
May 23, 2026
Requires
WordPress 6.6
Tested Up To
WordPress 7.0
Requires PHP
7.4

Share Post

Join our newsletter.

Get insights into what’s happening at ChangelogWP right in your inbox. We don’t believe in spam.