Plugin Change History

3.14.0 (2026-06-22)

• Security hardening: audit follow-up (defense-in-depth), incorporating the free plugin's REST and role-validation fixes plus plugin-updater robustness
• New password expiry warning emails: a configurable series of reminders sent to users in the days before their password expires
• New vendor-default account scanner: flags default/admin usernames and unchanged display names via a recurring scan, surfaced through a dashboard widget and a dedicated settings tab
• New leetspeak-aware matching option for the restricted words and phrases list
• Incorporate updates introduced in the free plugin (version 3.7.0)
• Settings page tabs are now reflected in the URL, so a tab can be bookmarked and shared
• Added a clear admin notice for unmet server requirements (minimum PHP/WordPress version, required extensions)
• Dependencies updated
• Code improvements

3.13.0 (2026-05-12)

• New password policy rule: block passwords found in known data breaches, verified live against the HaveIBeenPwned Pwned Passwords database. Uses k-anonymity (first 5 chars of the SHA-1 hash) – the full password never leaves your server.
• Incorporate updates introduced in the free plugin (version 3.6.3)
• Wording improvements re: "minimum unique characters" field
• Updated the notice behavior to display as "error" rather than a "message"
• Dependencies updated
• Code improvements

3.12.0 (2026-04-16)

• New integrations added: BBPress, BuddyPress, Sensei LMS, and Amelia Booking
• Compatibility with WordPress 7.0 confirmed
• Dependencies updated
• Formatting updates
• Code improvements

3.11.0 (2026-03-20)

• New integrations added: Tutor LMS, LearnPress, and LifterLMS
• Plugin icon and assets updated
• Security hardening – added missing escaping
• Incorporate updates introduced in the free plugin (version 3.6.1)
• Dependencies updated

3.10.0 (2026-03-14)

• Abilities API implemented: password policies are now available in WordPress MCP server
• Incorporate updates introduced in the free plugin (version 3.6.0)
• Direct access protection added to all PHP files
• Dependencies updated
• Formatting updates
• Do not hardcode `wp-login.php` path for login form
• Integrations module architecture refactored to share common components
• Code improvements

3.9.0 (2026-01-28)

• Support for restricting certain characters in passwords implemented
• Incorporate updates introduced in the free plugin (version 3.5.0)
• Dependencies updated
• Code improvements

3.8.5 (2026-01-19)

• Added defensive logic to prevent errors when third-party plugins interfere with the authentication flow

3.8.4 (2026-01-16)

• Fixed an issue with passwordless registration on WooCommerce forms

3.8.3 (2026-01-13)

• Improved WooCommerce integration: checkout forms without the "create an account" checkbox are now supported properly

3.8.2 (2026-01-12)

• Incorporate updates introduced in the free plugin (version 3.4.1)

3.8.1 (2026-01-06)

• Improved WooCommerce integration: Passwords entered during account creation at checkout are now validated against the configured password policies
• Dependencies updated

3.8.0 (2025-11-28)

• Compatibility with WordPress 6.9 confirmed
• User coverage component has been improved; it's now more performant (noticeable on sites with large number of users) and shows the user coverage details for each password policy
• Dependencies updated
• Code improvements

3.7.0 (2025-09-19)

• New feature: require users to provide their current password before changing it
• New feature: added the ability to exclude certain users from being covered by the password policy (through PHP filter); this is useful when certain users are managed externally and we don't want to enforce the password policy on them (for example: users who log in through an SSO provider)
• Compliance checks against the password policy refactored to avoid having duplicated logic in various modules
• Incorporate updates introduced in the free plugin (version 3.3.0)
• Dependencies updated
• Code improvements

3.6.0 (2025-07-24)

• Integration with Ultimate Member plugin implemented
• Integration with WooCommerce improved
• Incorporate updates introduced in the free plugin (version 3.2.2)
• Dependencies updated
• Code improvements

3.5.0 (2025-07-01)

• Issue with user role selector (duplicated Network Super Admin occurrences) fixed
• Password hints added to the WooCommerce form notices
• Plugin container loader optimized to avoid duplicated instantiations
• Plugin name updated to avoid confusion, now matching the project's name
• Incorporate updates introduced in the free plugin (version 3.2.0)
• Dependencies updated
• Code improvements

3.4.0 (2025-04-25)

• New password policy rule implemented: disallow passwords found in the weaklist containing 100.000 popular passwords
• Logic around past passwords store improved
• Settings screen style improvements
• Incorporate updates introduced in the free plugin (version 3.1.1)
• Dependencies updated
• Code improvements

3.3.0 (2025-04-04)

• Compatibility with WordPress 6.8 confirmed
• Issue of requesting the translated string too early fixed
• Ability to configure maximum password length introduced; allows to prevent denial-of-service attacks caused by hashing too long passwords
• Incorporate updates introduced in the free plugin (version 3.1.0)
• Dependencies updated
• Code improvements

3.2.0 (2025-02-21)

• Password policy reordering UI improved
• Dependencies updated
• Code improvements

3.1.0 (2025-01-24)

• Integration with WooCommerce user registration form implemented
• User registration note added
• Dependencies updated
• Code improvements

3.0.0 (2024-12-09)

• Requirements of using the free plugin removed – PRO version of the plugin is now fully self-contained
• Integration with the internal updates API improved
• Dependencies updated
• Code improvements

2.6.0 (2024-11-08)

• Compatibility with WordPress 6.7 confirmed
• Dependencies updated
• Code improvements

2.5.1 (2024-10-25)

• JS dependency map and tree-shaking optimized
• PHP 7.4 compatibility fixes implemented

2.5.0 (2024-10-17)

• Fix blog switching bug in WordPress Multisite (Network) installations
• Add caching to user roles getter function, along with proper cache invalidation, to improve the plugin's performance
• Language mapping file added for easier generation of JSON translation files
• Dependencies updated
• Code improvements

2.4.0 (2024-08-30)

• Compatibility with older version of PHP (7.4) implemented
• Dependencies updated
• Code improvements

2.3.0 (2024-08-20)

• Integration with WooCommerce implemented
• Required WordPress core version bumped to 6.6 to use the new React JSX runtime package
• Plugin container implementation improved
• Dependencies updated
• Code improvements

2.2.0 (2024-07-11)

• Settings page redesigned
• Dependencies updated
• Code improvements

2.1.2 (2024-05-24)

• Dependencies updated
• Code improvements

2.1.1 (2024-05-02)

• Plugin loader improved

2.1.0 (2024-04-26)

• Code improvements and dependency updates
• Improvements on plugin activation and deactivation hooks registration
• Components package integrated

2.0.0 (2024-03-08)

• Free and premium features separated
• Plugin container implemented

1.2.0 (2024-01-26)

• Internal dependency management improved
• Assets loading improved
• Unnecessary ABSPATH check removed
• Type check improved
• Settings and Fields configuration improved

1.1.2 (2023-12-22)

• Settings page build process improved
• Code organization improvements
• Dependency updates

1.1.1 (2023-11-24)

• Translations loading improved
• Dependency updates

1.1.0 (2023-11-10)

• User password expiry check implemented for logged-in users
• Confirmed support with WordPress 6.4
• Post-login notice updated for users whose password has expired
• Dependency updates

1.0.3 (2023-11-07)

• Logic for handling the maximum number of consecutive user symbols improved
• Dependency updates
• Typos fixed

1.0.2 (2023-10-27)

• All `site_url` functions replaced with `home_url`

1.0.1 (2023-10-26)

• Minimal supported WordPress version confirmed at 6.1
• Password compliance check on user account creation within a single-instance WordPress installation confirmed
• Fix typos
• Move uninstall hook into a separate file

1.0.0 (2023-10-25)

• The first stable release

3.7.0 (2026-06-22)

• Security hardening: tightened REST error responses and policy-context role validation (defense-in-depth audit follow-up)
• New "Restricted words and phrases" list: define site-wide words and phrases that passwords may not contain, with a per-policy on/off toggle
• Settings page tabs are now reflected in the URL, so a tab can be bookmarked and shared
• Added a clear admin notice for unmet server requirements (minimum PHP/WordPress version, required extensions)
• Dependencies updated
• Code improvements

3.6.3 (2026-05-12)

• Wording improvements re: "minimum unique characters" field
• Updated the notice behavior to display as "error" rather than a "message"
• Documented source code location in readme.txt (added FAQ entry)
• Dependencies updated
• Code improvements

3.6.2 (2026-04-16)

• Compatibility with WordPress 7.0 confirmed
• Dependencies updated
• Formatting updates
• Code improvements

3.6.1 (2026-03-20)

• Plugin icon and assets updated
• Security hardening – added missing escaping
• Dependencies updated

3.6.0 (2026-03-14)

• Abilities API implemented: password policies are now available in WordPress MCP server
• Direct access protection added to all PHP files
• Dependencies updated
• Formatting updates
• Unnecessary translation files removed since these are loaded from WordPress.org
• Do not hardcode `wp-login.php` path for login form
• Code improvements

3.5.0 (2026-01-28)

• Support for restricting certain characters in passwords implemented
• Dependencies updated
• Code improvements

3.4.1 (2026-01-12)

• Harden handling of the "allow_password_reset" filter to improve compatibility with third-party plugins

3.4.0 (2025-11-28)

• Compatibility with WordPress 6.9 confirmed
• Dependencies updated
• Code improvements

3.3.0 (2025-09-19)

• New feature: require users to provide their current password before changing it
• New feature: added the ability to exclude certain users from being covered by the password policy (through PHP filter); this is useful when certain users are managed externally and we don't want to enforce the password policy on them (for example: users who log in through an SSO provider)
• Compliance checks against the password policy refactored to avoid having duplicated logic in various modules
• Dependencies updated
• Code improvements

3.2.2 (2025-07-24)

• Dependencies updated
• Code improvements

3.2.1 (2025-07-04)

• Plugin's readme.txt file updated

3.2.0 (2025-07-01)

• Network activation process improved
• Password expiry check on user interaction improved
• Automated, conditional logout after plugin settings changes are saved implemented for current user affected by the new policy
• Plugin container loader optimized to avoid duplicated instantiations
• Plugin name updated to avoid confusion, now matching the project's name
• Dependencies updated
• Code improvements

3.1.1 (2025-04-25)

• Issue with nonce in the password reset form on password expiry fixed
• Settings screen style improvements
• Dependencies updated
• Code improvements

3.1.0 (2025-04-04)

• Compatibility with WordPress 6.8 confirmed
• Issue of requesting the translated string too early fixed
• Ability to configure maximum password length introduced; allows to prevent denial-of-service attacks caused by hashing too long passwords
• Dependencies updated
• Code improvements

3.0.0 (2025-02-21)

• The scenario where a user's password does not comply with the policy for reasons other than the minimum age, and the password age is unknown because the user has not changed the password since this plugin has been enabled, is now handled correctly
• Integration with new account registration form improved
• Password hint generation logic improved
• Dependencies updated
• Code improvements

2.7.1 (2024-11-25)

• Plugin now checks whether the PRO version is activated; in case if it is, it stops loading itself
• Uninstall file removed as it was out of date and could conflict with the PRO version of the plugin

2.7.0 (2024-11-08)

• Custom capabilities for managing the plugin settings implemented
• Compatibility with WordPress 6.7 confirmed
• Dependencies updated
• Code improvements

2.6.1 (2024-10-25)

• JS dependency map and tree-shaking optimized
• PHP 7.4 compatibility fixes implemented

2.6.0 (2024-10-17)

• Fix blog switching bug in WordPress Multisite (Network) installations
• Add caching to user roles getter function, along with proper cache invalidation, to improve the plugin's performance
• Language mapping file added for easier generation of JSON translation files
• Dependencies updated
• Code improvements

2.5.0 (2024-08-30)

• Compatibility with older version of PHP (7.4) implemented
• Dependencies updated
• Code improvements

2.4.0 (2024-08-20)

• Password reset validation improvements – now rendering an user-friendly error message rather than a "wp_die" screen
• Password hint logic improved
• Required WordPress core version bumped to 6.6 to use the new React JSX runtime package
• Plugin container implementation improved
• Dependencies updated
• Code improvements

2.3.0 (2024-07-11)

• Settings page redesigned
• Dependencies updated
• Code improvements

2.2.0 (2024-05-24)

• Dependencies updated
• Code improvements
• Basic onboarding process implemented

2.1.1 (2024-04-26)

• Plugin assets and descriptions updated

2.1.0 (2024-04-26)

• Code improvements and dependency updates
• Improvements on plugin activation and deactivation hooks registration

2.0.0 (2024-04-12)

• The first stable, public release