Improvement: Migrated all deprecated JavaScript libraries in use to a Vue-based infrastructure
Improvement: Better coverage of aria- accessibility attributes
Fix: WordPress 7.0 compatibility fixes
Note: The standalone Login Security plugin will be discontinued around July 1, 2026. Sites using it should install the full Wordfence plugin to retain this functionality
1.1.15 – January 15, 2025
Change: Reworked setting caching to avoid issues with some object caches
1.1.14 – January 2, 2025
Improvement: General compatibility improvements and better error handling for PHP 8+
1.1.12 – June 6, 2024
Change: Revised the formatting of TOTP app URLs to prioritize the site’s own URL for better sorting and display
Fix: Fixed the last captcha column in the users page so it no longer displays “(not required)” on 2FA users since that no longer applies
1.1.11 – April 3, 2024
Fix: Revised the behavior of the reCAPTCHA verification to use the documented expiration period of the token and response to avoid sending verification requests too frequently, which could artificially lower scores in some circumstances
1.1.10 – March 11, 2024
Change: Removed the extra site link from the CAPTCHA verification email message to avoid confusion with the verify link
Change: CAPTCHA verification when enabled now additionally applies to 2FA logins (may send an email verification on low scores) and no longer reveals whether a user exists for the submitted account credentials (credit: Raxis)
1.1.9 – February 14, 2024
Fix: Fixed an issue where user profiles with a selected locale different from the site itself could end up loading the site’s locale instead
1.1.8 – January 2, 2024
Fix: Fixed an issue where a login lockout on a WooCommerce login form could fail silently
1.1.7 – November 6, 2023
Fix: Compatibility fix for WordPress 6.4 on the login page styling
1.1.6 – October 30, 2023
Fix: Addressed an issue with multisite installations when the wp_options tables had different encodings/collations
1.1.5 – October 23, 2023
Fix: 2FA AJAX calls now use an absolute path rather than a full URL to avoid CORS issues on sites that do not canonicalize www and non-www requests
Fix: Addressed a race condition where multiple concurrent hits on multisite could trigger overlapping role sync tasks
Fix: Improved performance when viewing the user list on large multisites
Fix: Fixed a UI bug where an invalid code on 2FA activation would leave the activate button disabled
Fix: Reverted a change on error modals to bring back the additional close button for better accessibility
1.1.4 – July 12, 2023
Fix: Changed text domain to wordfence-login-security to match plugin slug as required by WordPress
Fix: Added translation support for additional strings
1.1.3 – June 21, 2023
Improvement: Added translation support for strings in JavaScript
Improvement: Updated JavaScript libraries
Improvement: Added “Text Domain” header to support translation functionality
1.1.2 – March 27, 2023
Fix: Prevent double-clicking when activating 2FA to avoid an “already set up” error
1.1.1 – March 1, 2023
Improvement: Further improved performance when viewing 2FA settings and hid user counts by default on sites with many users
Fix: Adjusted style inclusion and usage to prevent missing icons
Fix: Avoided using the ctype extension as it may not be enabled
1.1.0 – February 14, 2023
Improvement: Added 2FA management shortcode and WooCommerce account integration
Improvement: Improved performance when viewing 2FA settings on sites with many users
Fix: Ensured Captcha and 2FA scripts load on WooCommerce when activated on a sub-site in multisite
Fix: Prevented reCAPTCHA logo from being obscured by some themes
Fix: Enabled wfls_registration_blocked_message filter support for WooCommerce integration
1.0.12 – November 28, 2022
Improvement: Added feedback when login form is submitted with 2FA
Fix: Restored click support on login button when using 2FA with WooCommerce
Fix: Corrected display issue with reCAPTCHA score history graph
Fix: Prevented errors on PHP caused by corrupted login timestamps
1.0.11 – September 19, 2022
Improvement: Hardened 2FA login flow to reduce exposure in cases where an attacker is able to obtain privileged information from the database
1.0.10 – June 2, 2022
Improvement: Added option to toggle display of last login column on WP Users page
Improvement: Improved autocomplete support for 2FA code on Apple devices
Fix: Corrected issue that prevented reCAPTCHA scores from being recorded
Fix: Prevented invalid JSON setting values from triggering fatal errors
Fix: Made text domains consistent for translation support
Fix: Clarified that allowlisted IP addresses also bypass reCAPTCHA
1.0.9 – October 12, 2021
Fix: Prevented login errors with WooCommerce integration when manual username entry is enabled on the WooCommerce registration form
Fix: Corrected theme incompatibilities with WooCommerce integration
1.0.8 – July 19, 2021
Fix: WooCommerce integration notice can now be dismissed on any admin page
Change: Updated messaging around 2FA for WooCommerce roles
1.0.7 – July 8, 2021
Improvement: Added 2FA and reCAPTCHA support for WooCommerce login and registration forms
Improvement: Added option to require 2FA for any role
Improvement: Added logic to automatically disable NTP after repeated failures and option to manually disable NTP
Change: Updated reCAPTCHA setup note
Change: Updated plugin headers for compatibility with WordPress 5.8
1.0.6 – January 14, 2021
Improvement: Made a number of WordPress 5.6 and jQuery 3.x compatibility improvements.
Improvement: Replaced the terms whitelist and blacklist with allowlist and blocklist.
Fix: Sync roles to new sites in multisite configurations
Fix: Corrected 2FA config links in notices for multisite
Fix: Corrected inactive user count when users with 2FA have been deleted
Fix: reCAPTCHA will no longer block requests with missing tokens in test mode
1.0.5 – January 13, 2020
Changed: AJAX endpoints now send the application/json Content-Type header.
Changed: Added compatibility messaging for reCAPTCHA when WooCommerce is active.
Fixed: The “Require 2FA for all administrators” notice is now automatically dismissed if an administrator sets up 2FA.
1.0.4 – November 6, 2019
Fix: Added styling fix to the 2FA code prompt for WordPress 5.3.
Fix: Added compatibility tags for WP Tide.
1.0.3 – July 16, 2019
Improvement: Added additional information about reCAPTCHA to its setting control.
Improvement: Added a constant that may be overridden to customize the expiration time of login verification email links.
Improvement: reCAPTCHA keys are now tested on saving to prevent accidentally inputting a v2 key.
Improvement: Added a setting to control the reCAPTCHA human/bot threshold.
Improvement: Added an option to trigger removal of Login Security tables and data on deactivation.
Improvement: Reworked the reCAPTCHA implementation to trigger the token check on login/registration form submission to avoid the token expiring.
Fix: Widened the reCAPTCHA key fields to allow the full keys to be visible.
Fix: Addressed an issue when outbound UDP connections are blocked where the NTP check could log an error.
Fix: Added handling for reCAPTCHA’s JavaScript failing to load, which previously blocked logging in.
Fix: Fixed the functionality of the button to send 2FA grace period notifications.
Fix: Fixed a missing icon for some help links when running in standalone mode.
