Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3359559

Timestamp:

09/11/2025 05:13:29 AM (7 months ago)

Author:

melapress

Message:

Uploading 2.9.3

Location:

wp-2fa

Files:

: 251 added
: 10 edited

tags/2.9.3 (added)
tags/2.9.3/dist (added)
tags/2.9.3/dist/css (added)
tags/2.9.3/dist/css/admin-style.css (added)
tags/2.9.3/dist/css/select2.min.css (added)
tags/2.9.3/dist/css/setup-wizard.css (added)
tags/2.9.3/dist/css/styles.css (added)
tags/2.9.3/dist/images (added)
tags/2.9.3/dist/images/authy-logo.png (added)
tags/2.9.3/dist/images/duo-logo.png (added)
tags/2.9.3/dist/images/free-otp-logo.png (added)
tags/2.9.3/dist/images/google-logo.png (added)
tags/2.9.3/dist/images/lastpass-logo.png (added)
tags/2.9.3/dist/images/login-security.jpeg (added)
tags/2.9.3/dist/images/melapress-role-editor-logo-full-colour-horiz-rgb.svg (added)
tags/2.9.3/dist/images/microsoft-logo.png (added)
tags/2.9.3/dist/images/okta-logo.png (added)
tags/2.9.3/dist/images/website-file-changes-monitor.png (added)
tags/2.9.3/dist/images/wizard-logo.png (added)
tags/2.9.3/dist/images/wp-2fa-color_opt.png (added)
tags/2.9.3/dist/images/wp-2fa-square.png (added)
tags/2.9.3/dist/images/wp-2fa-white-icon20x28.svg (added)
tags/2.9.3/dist/images/wp-2fa-white.svg (added)
tags/2.9.3/dist/images/wp-activity-log.jpeg (added)
tags/2.9.3/dist/js (added)
tags/2.9.3/dist/js/admin.js (added)
tags/2.9.3/dist/js/micromodal.js (added)
tags/2.9.3/dist/js/select2.min.js (added)
tags/2.9.3/dist/js/wp-2fa.js (added)
tags/2.9.3/includes (added)
tags/2.9.3/includes/classes (added)
tags/2.9.3/includes/classes/Admin (added)
tags/2.9.3/includes/classes/Admin/Controllers (added)
tags/2.9.3/includes/classes/Admin/Controllers/class-api-login.php (added)
tags/2.9.3/includes/classes/Admin/Controllers/class-endpoints.php (added)
tags/2.9.3/includes/classes/Admin/Controllers/class-methods.php (added)
tags/2.9.3/includes/classes/Admin/Controllers/class-settings.php (added)
tags/2.9.3/includes/classes/Admin/Controllers/index.php (added)
tags/2.9.3/includes/classes/Admin/Fly-Out (added)
tags/2.9.3/includes/classes/Admin/Fly-Out/assets (added)
tags/2.9.3/includes/classes/Admin/Fly-Out/assets/css (added)
tags/2.9.3/includes/classes/Admin/Fly-Out/assets/css/flyout.css (added)
tags/2.9.3/includes/classes/Admin/Fly-Out/assets/js (added)
tags/2.9.3/includes/classes/Admin/Fly-Out/assets/js/flyout.js (added)
tags/2.9.3/includes/classes/Admin/Fly-Out/class-flyout.php (added)
tags/2.9.3/includes/classes/Admin/Fly-Out/index.php (added)
tags/2.9.3/includes/classes/Admin/Helpers (added)
tags/2.9.3/includes/classes/Admin/Helpers/class-ajax-helper.php (added)
tags/2.9.3/includes/classes/Admin/Helpers/class-classes-helper.php (added)
tags/2.9.3/includes/classes/Admin/Helpers/class-file-writer.php (added)
tags/2.9.3/includes/classes/Admin/Helpers/class-methods-helper.php (added)
tags/2.9.3/includes/classes/Admin/Helpers/class-php-helper.php (added)
tags/2.9.3/includes/classes/Admin/Helpers/class-user-helper.php (added)
tags/2.9.3/includes/classes/Admin/Helpers/class-wp-helper.php (added)
tags/2.9.3/includes/classes/Admin/Helpers/index.php (added)
tags/2.9.3/includes/classes/Admin/Methods (added)
tags/2.9.3/includes/classes/Admin/Methods/Traits (added)
tags/2.9.3/includes/classes/Admin/Methods/Traits/class-login-attempts.php (added)
tags/2.9.3/includes/classes/Admin/Methods/Traits/class-methods-wizards-trait.php (added)
tags/2.9.3/includes/classes/Admin/Methods/Traits/index.php (added)
tags/2.9.3/includes/classes/Admin/Methods/class-backup-codes.php (added)
tags/2.9.3/includes/classes/Admin/Methods/class-email-wizard-steps.php (added)
tags/2.9.3/includes/classes/Admin/Methods/class-email.php (added)
tags/2.9.3/includes/classes/Admin/Methods/class-totp-wizard-steps.php (added)
tags/2.9.3/includes/classes/Admin/Methods/class-totp.php (added)
tags/2.9.3/includes/classes/Admin/Methods/index.php (added)
tags/2.9.3/includes/classes/Admin/SettingsPages (added)
tags/2.9.3/includes/classes/Admin/SettingsPages/class-settings-page-email.php (added)
tags/2.9.3/includes/classes/Admin/SettingsPages/class-settings-page-general.php (added)
tags/2.9.3/includes/classes/Admin/SettingsPages/class-settings-page-policies.php (added)
tags/2.9.3/includes/classes/Admin/SettingsPages/class-settings-page-render.php (added)
tags/2.9.3/includes/classes/Admin/SettingsPages/class-settings-page-white-label.php (added)
tags/2.9.3/includes/classes/Admin/SettingsPages/index.php (added)
tags/2.9.3/includes/classes/Admin/Views (added)
tags/2.9.3/includes/classes/Admin/Views/class-first-time-wizard-steps.php (added)
tags/2.9.3/includes/classes/Admin/Views/class-grace-period-notifications.php (added)
tags/2.9.3/includes/classes/Admin/Views/class-passord-reset-2fa.php (added)
tags/2.9.3/includes/classes/Admin/Views/class-re-login-2fa.php (added)
tags/2.9.3/includes/classes/Admin/Views/class-wizard-steps.php (added)
tags/2.9.3/includes/classes/Admin/Views/index.php (added)
tags/2.9.3/includes/classes/Admin/class-help-contact-us.php (added)
tags/2.9.3/includes/classes/Admin/class-plugin-updated-notice.php (added)
tags/2.9.3/includes/classes/Admin/class-premium-features.php (added)
tags/2.9.3/includes/classes/Admin/class-settings-page.php (added)
tags/2.9.3/includes/classes/Admin/class-setup-wizard.php (added)
tags/2.9.3/includes/classes/Admin/class-user-listing.php (added)
tags/2.9.3/includes/classes/Admin/class-user-notices.php (added)
tags/2.9.3/includes/classes/Admin/class-user-profile.php (added)
tags/2.9.3/includes/classes/Admin/class-user-registered.php (added)
tags/2.9.3/includes/classes/Admin/index.php (added)
tags/2.9.3/includes/classes/App (added)
tags/2.9.3/includes/classes/App/grace-period (added)
tags/2.9.3/includes/classes/App/grace-period/class-grace-period.php (added)
tags/2.9.3/includes/classes/App/grace-period/index.php (added)
tags/2.9.3/includes/classes/App/index.php (added)
tags/2.9.3/includes/classes/Authenticator (added)
tags/2.9.3/includes/classes/Authenticator/assets (added)
tags/2.9.3/includes/classes/Authenticator/assets/user-login.js (added)
tags/2.9.3/includes/classes/Authenticator/class-authentication.php (added)
tags/2.9.3/includes/classes/Authenticator/class-login.php (added)
tags/2.9.3/includes/classes/Authenticator/class-open-ssl.php (added)
tags/2.9.3/includes/classes/Authenticator/class-reset-password.php (added)
tags/2.9.3/includes/classes/Authenticator/index.php (added)
tags/2.9.3/includes/classes/Shortcodes (added)
tags/2.9.3/includes/classes/Shortcodes/class-shortcodes.php (added)
tags/2.9.3/includes/classes/Shortcodes/index.php (added)
tags/2.9.3/includes/classes/Utils (added)
tags/2.9.3/includes/classes/Utils/class-abstract-migration.php (added)
tags/2.9.3/includes/classes/Utils/class-date-time-utils.php (added)
tags/2.9.3/includes/classes/Utils/class-debugging.php (added)
tags/2.9.3/includes/classes/Utils/class-generate-modal.php (added)
tags/2.9.3/includes/classes/Utils/class-migration.php (added)
tags/2.9.3/includes/classes/Utils/class-request-utils.php (added)
tags/2.9.3/includes/classes/Utils/class-settings-utils.php (added)
tags/2.9.3/includes/classes/Utils/class-user-utils.php (added)
tags/2.9.3/includes/classes/Utils/class-validator.php (added)
tags/2.9.3/includes/classes/Utils/class-white-label.php (added)
tags/2.9.3/includes/classes/Utils/index.php (added)
tags/2.9.3/includes/classes/bacon (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Common (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Common/BitArray.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Common/BitMatrix.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Common/BitUtils.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Common/CharacterSetEci.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Common/EcBlock.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Common/EcBlocks.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Common/ErrorCorrectionLevel.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Common/FormatInformation.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Common/Mode.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Common/ReedSolomonCodec.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Common/Version.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Encoder (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Encoder/BlockPair.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Encoder/ByteMatrix.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Encoder/Encoder.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Encoder/MaskUtil.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Encoder/MatrixUtil.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Encoder/QrCode.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Exception (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Exception/ExceptionInterface.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Exception/InvalidArgumentException.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Exception/OutOfBoundsException.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Exception/RuntimeException.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Exception/UnexpectedValueException.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Exception/WriterException.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Color (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Color/Alpha.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Color/Cmyk.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Color/ColorInterface.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Color/Gray.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Color/Rgb.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Eye (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Eye/CompositeEye.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Eye/EyeInterface.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Eye/ModuleEye.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Eye/SimpleCircleEye.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Eye/SquareEye.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Image (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Image/EpsImageBackEnd.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Image/ImageBackEndInterface.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Image/ImagickImageBackEnd.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Image/SvgImageBackEnd.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Image/TransformationMatrix.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/ImageRenderer.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Module (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Module/DotsModule.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Module/EdgeIterator (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Module/EdgeIterator/Edge.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Module/EdgeIterator/EdgeIterator.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Module/ModuleInterface.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Module/RoundnessModule.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Module/SquareModule.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Path (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Path/Close.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Path/Curve.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Path/EllipticArc.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Path/Line.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Path/Move.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Path/OperationInterface.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/Path/Path.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/PlainTextRenderer.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/RendererInterface.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/RendererStyle (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/RendererStyle/EyeFill.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/RendererStyle/Fill.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/RendererStyle/Gradient.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/RendererStyle/GradientType.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Renderer/RendererStyle/RendererStyle.php (added)
tags/2.9.3/includes/classes/bacon/bacon-qr-code/src/Writer.php (added)
tags/2.9.3/includes/classes/class-email-template.php (added)
tags/2.9.3/includes/classes/class-wp2fa.php (added)
tags/2.9.3/includes/classes/dasprid (added)
tags/2.9.3/includes/classes/dasprid/enum (added)
tags/2.9.3/includes/classes/dasprid/enum/src (added)
tags/2.9.3/includes/classes/dasprid/enum/src/AbstractEnum.php (added)
tags/2.9.3/includes/classes/dasprid/enum/src/EnumMap.php (added)
tags/2.9.3/includes/classes/dasprid/enum/src/Exception (added)
tags/2.9.3/includes/classes/dasprid/enum/src/Exception/CloneNotSupportedException.php (added)
tags/2.9.3/includes/classes/dasprid/enum/src/Exception/ExceptionInterface.php (added)
tags/2.9.3/includes/classes/dasprid/enum/src/Exception/ExpectationException.php (added)
tags/2.9.3/includes/classes/dasprid/enum/src/Exception/IllegalArgumentException.php (added)
tags/2.9.3/includes/classes/dasprid/enum/src/Exception/MismatchException.php (added)
tags/2.9.3/includes/classes/dasprid/enum/src/Exception/SerializeNotSupportedException.php (added)
tags/2.9.3/includes/classes/dasprid/enum/src/Exception/UnserializeNotSupportedException.php (added)
tags/2.9.3/includes/classes/dasprid/enum/src/NullValue.php (added)
tags/2.9.3/includes/classes/index.php (added)
tags/2.9.3/includes/functions (added)
tags/2.9.3/includes/functions/core.php (added)
tags/2.9.3/includes/functions/index.php (added)
tags/2.9.3/includes/functions/login-header.php (added)
tags/2.9.3/includes/index.php (added)
tags/2.9.3/index.php (added)
tags/2.9.3/languages (added)
tags/2.9.3/languages/index.php (added)
tags/2.9.3/languages/wp-2fa-de_DE.mo (added)
tags/2.9.3/languages/wp-2fa.pot (added)
tags/2.9.3/license.txt (added)
tags/2.9.3/readme.txt (added)
tags/2.9.3/vendor (added)
tags/2.9.3/vendor/arcturial (added)
tags/2.9.3/vendor/arcturial/clickatell (added)
tags/2.9.3/vendor/arcturial/clickatell/src (added)
tags/2.9.3/vendor/arcturial/clickatell/src/ClickatellException.php (added)
tags/2.9.3/vendor/arcturial/clickatell/src/Rest.php (added)
tags/2.9.3/vendor/autoload.php (added)
tags/2.9.3/vendor/composer (added)
tags/2.9.3/vendor/composer/ClassLoader.php (added)
tags/2.9.3/vendor/composer/InstalledVersions.php (added)
tags/2.9.3/vendor/composer/LICENSE (added)
tags/2.9.3/vendor/composer/autoload_classmap.php (added)
tags/2.9.3/vendor/composer/autoload_namespaces.php (added)
tags/2.9.3/vendor/composer/autoload_psr4.php (added)
tags/2.9.3/vendor/composer/autoload_real.php (added)
tags/2.9.3/vendor/composer/autoload_static.php (added)
tags/2.9.3/vendor/composer/installed.json (added)
tags/2.9.3/vendor/composer/installed.php (added)
tags/2.9.3/vendor/composer/platform_check.php (added)
tags/2.9.3/vendor/firebase (added)
tags/2.9.3/vendor/firebase/php-jwt (added)
tags/2.9.3/vendor/firebase/php-jwt/src (added)
tags/2.9.3/vendor/firebase/php-jwt/src/BeforeValidException.php (added)
tags/2.9.3/vendor/firebase/php-jwt/src/ExpiredException.php (added)
tags/2.9.3/vendor/firebase/php-jwt/src/JWK.php (added)
tags/2.9.3/vendor/firebase/php-jwt/src/JWT.php (added)
tags/2.9.3/vendor/firebase/php-jwt/src/Key.php (added)
tags/2.9.3/vendor/firebase/php-jwt/src/SignatureInvalidException.php (added)
tags/2.9.3/vendor/scoper.inc.php (added)
tags/2.9.3/wp-2fa.php (added)
trunk/includes/classes/Admin/Helpers/class-wp-helper.php (modified) (3 diffs)
trunk/includes/classes/Admin/SettingsPages/class-settings-page-general.php (modified) (6 diffs)
trunk/includes/classes/Authenticator/class-reset-password.php (modified) (1 diff)
trunk/includes/classes/class-wp2fa.php (modified) (1 diff)
trunk/languages/wp-2fa.pot (modified) (13 diffs)
trunk/readme.txt (modified) (2 diffs)
trunk/vendor/autoload.php (modified) (1 diff)
trunk/vendor/composer/autoload_real.php (modified) (2 diffs)
trunk/vendor/composer/autoload_static.php (modified) (2 diffs)
trunk/wp-2fa.php (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed

wp-2fa/trunk/includes/classes/Admin/Helpers/class-wp-helper.php

-                      r3337002
+                      r3359559
 namespace WP2FA\Admin\Helpers;
+use WP2FA\Utils\Settings_Utils;
 defined( 'ABSPATH' ) || exit; // Exit if accessed directly.
 …
             if ( self::is_multisite() ) {
                 \add_action( 'network_admin_notices', array( __CLASS__, 'show_critical_admin_notice' ) );
+                \add_action( 'network_admin_notices', array( __CLASS__, 'show_2025_security_survey_admin_notice' ) );
             } else {
                 \add_action( 'admin_notices', array( __CLASS__, 'show_critical_admin_notice' ) );
+            }
+                \add_action( 'admin_notices', array( __CLASS__, 'show_2025_security_survey_admin_notice' ) );
+            }
+            \add_action( 'wp_ajax_dismiss_survey_notice', array( __CLASS__, 'dismiss_survey_notice' ) );
+        }
 …
                 \do_action( WP_2FA_PREFIX . 'critical_notice' );
+            }
+        }
+        /**
+         * Shows critical notices to the admin.
+         *
+         * @return void
+         *
+         * @since 2.2.0
+         */
+        public static function show_2025_security_survey_admin_notice() {
+            if ( User_Helper::is_admin() && true === Settings_Utils::string_to_bool(Settings_Utils::get_option( 'wp_2fa_survey_notice_needed', true ))
+ ) {
+                global $current_screen;
+                if ( isset( $current_screen->id ) && in_array(
+                    $current_screen->id,
+                    array(
+                        'wp-2fa_page_wp-2fa-settings',
+                        'wp-2fa_page_wp-2fa-settings-network',
+                        'toplevel_page_wp-2fa-policies',
+                        'toplevel_page_wp-2fa-policies-network',
+                        'wp-2fa_page_wp-2fa-reports',
+                        'wp-2fa_page_wp-2fa-reports-network',
+                        'wp-2fa_page_wp-2fa-help-contact-us',
+                        'wp-2fa_page_wp-2fa-help-contact-us-network',
+                        'wp-2fa_page_wp-2fa-premium-features',
+                        'wp-2fa_page_wp-2fa-premium-features-network',
+                        'wp-2fa_page_wp-2fa-policies-account',
+                        'wp-2fa_page_wp-2fa-policies-account-network',
+                    ),
+                    true
+                ) ) {
+                    ?>
+                <div style="border-left-color: #3660FF !important;" id="dismiss_survey_notice" class="notice notice-success is-dismissible" data-dismiss-nonce="<?php echo \esc_attr( \wp_create_nonce( 'wp_2fa_dismiss_survey_notice_nonce' ) ); ?>">
+                    <h4><?php \esc_html_e( 'Want to know what the state of WordPress security is in 2025?', 'wp-2fa' ); ?></h4>
+                    <p><?php \esc_html_e( 'Discover the latest insights in our 2025 WordPress Security Survey Report.', 'wp-2fa' ); ?></p>
+                    <button type="button" class="notice-dismiss">
+                        <span class="screen-reader-text"><?php \esc_html_e( 'Dismiss this notice.', 'wp-2fa' ); ?></span>
+                    </button>
+                    <p>
+                    <?php
+                    printf(
+                    /* Translators: survey link */
+                        esc_html__( '%1$sRead the survey%2$s', 'wp-2fa' ),
+                        '<a class="button" style="color:white !important;background:#3660FF" href="https://melapress.com/wordpress-security-survey-2025/?&utm_source=plugin&utm_medium=wp2fa&utm_campaign=survey+promo+banner" target="_blank">',
+                        '</a>'
+                    );
+                    ?>
+                    </p>
+                    <script type="text/javascript">
+                        //<![CDATA[
+                        jQuery(document).ready(function( $ ) {
+                            jQuery( 'body' ).on( 'click', '#dismiss_survey_notice .notice-dismiss', function ( e ) {
+                                e.preventDefault();
+                                var nonce  = jQuery( '#dismiss_survey_notice' ).data( 'dismiss-nonce' );
+                                jQuery.ajax({
+                                    type: 'POST',
+                                    url: '<?php echo \esc_url( \admin_url( 'admin-ajax.php' ) ); ?>',
+                                    data: {
+                                        action: 'dismiss_survey_notice',
+                                        nonce : nonce,
+                                    },
+                                    success: function ( result ) {
+                                        jQuery( '#dismiss_survey_notice' ).slideUp( 300 );
+                                    }
+                                });
+                            });
+                        });
+                        //]]>
+                    </script>
+                </div>
+                    <?php
+                }
+            }
+        }
+        /**
+         * Handle notice dismissal.
+         *
+         * @since 2.9.3
+         *
+         * @return void
+         */
+        public static function dismiss_survey_notice() {
+            // Grab POSTed data.
+            $nonce_check = \check_ajax_referer( 'wp_2fa_dismiss_survey_notice_nonce', 'nonce' );
+            if ( ! $nonce_check ) {
+                \wp_send_json_error( esc_html__( 'Nonce Verification Failed.', 'wp-2fa' ) );
+            }
+            // $nonce = isset( $_POST['nonce'] ) ? \sanitize_text_field( \wp_unslash( $_POST['nonce'] ) ) : false;
+            // Check nonce.
+            if ( ! \current_user_can( 'manage_options' ) ) {
+                \wp_send_json_error( esc_html__( 'Not enough privileges.', 'wp-2fa' ) );
+            }
+            Settings_Utils::update_option( 'wp_2fa_survey_notice_needed', 0 );
+            \wp_send_json_success( \esc_html__( 'Complete.', 'wp-2fa' ) );
+        }

wp-2fa/trunk/includes/classes/Admin/SettingsPages/class-settings-page-general.php

-                      r3343451
+                      r3359559
             self::disable_brute_force_settings();
             self::limit_settings_access();
+            self::disable_rest();
             self::enable_rest();
             self::remove_data_upon_uninstall();
 …
                 'limit_access',
                 'enable_rest',
+                'disable_rest',
                 'brute_force_disable',
                 'delete_data_upon_uninstall',
 …
                 'limit_access',
                 'enable_rest',
+                'disable_rest',
                 'brute_force_disable',
                 'delete_data_upon_uninstall',
 …
                 if ( ! in_array( $simple_setting, $settings_to_turn_into_bools, true ) ) {
                     // Is item is not one of our possible settings we want to turn into a bool, process.
                     $output[ $simple_setting ] = ( isset( $input[ $simple_setting ] ) && ! empty( $input[ $simple_setting ] ) ) ? trim( (string) sanitize_text_field( $input[ $simple_setting ] ) ) : false;
+                    $output[ $simple_setting ] = ( isset( $input[ $simple_setting ] ) && ! empty( $input[ $simple_setting ] ) ) ? trim( (string) \sanitize_text_field( $input[ $simple_setting ] ) ) : false;
                 } else {
                     // This item is one we treat as a bool, so process correctly.
                     $output[ $simple_setting ] = ( isset( $input[ $simple_setting ] ) && ! empty( $input[ $simple_setting ] ) ) ? true : false;
+                }
+            }
+            if ( true === $output['disable_rest'] ) {
+                $output['enable_rest'] = false;
+            }
 …
          * @since 2.9.1
          */
+        private static function disable_rest() {
+            ?>
+            <br>
+            <h3><?php \esc_html_e( 'Disable the REST API endpoints for 2FA', 'wp-2fa' ); ?></h3>
+            <p class="description">
+                <?php \esc_html_e( 'The WP 2FA REST API endpoints are enabled by default. They are used for integrations and do not impact your website’s performance, functionality, or security. If you prefer, you can disable these endpoints by using this setting.', 'wp-2fa' ); ?>
+            </p>
+            <table class="form-table">
+                <tbody>
+                    <tr>
+                        <th><label for="disable_rest"></label></th>
+                        <td>
+                            <fieldset>
+                                <input type="checkbox" id="disable_rest" name="wp_2fa_settings[disable_rest]" value="disable_rest"
+                                <?php \checked( true, Settings_Utils::string_to_bool( WP2FA::get_wp2fa_general_setting( 'disable_rest' ) ) ); ?>
+                                >
+                                <label for="disable_rest"><?php \esc_html_e( 'disable the REST API endpoints', 'wp-2fa' ); ?></label>
+                            </fieldset>
+                        </td>
+                    </tr>
+                </tbody>
+            </table>
+                    <script type="text/javascript">
+                        //<![CDATA[
+                        jQuery(document).ready(function( $ ) {
+                            jQuery( 'body' ).on( 'click', '#disable_rest', function ( e ) {
+                                // e.preventDefault();
+                                if ( jQuery(this).is(":checked"))  {
+                                    jQuery('#select_verification_method').addClass('disabled');
+                                } else {
+                                    jQuery('#select_verification_method').removeClass('disabled');
+                                }
+                            });
+                        });
+                        //]]>
+                    </script>
+            <?php
+        }
+        /**
+         * Enable REST API
+         *
+         * @return void
+         *
+         * @since 2.9.1
+         */
         private static function enable_rest() {
             ?>
             <br>
+            <h3><?php \esc_html_e( 'Enable the REST API endpoints for 2FA', 'wp-2fa' ); ?></h3>
+            <div id="select_verification_method" class=<?php echo \esc_attr( true === Settings_Utils::string_to_bool( WP2FA::get_wp2fa_general_setting( 'disable_rest' ) ) ? 'disabled' : '' ); ?>>
+            <h3><?php \esc_html_e( 'Select the 2FA verification mechanism', 'wp-2fa' ); ?></h3>
             <p class="description">
                 <?php \esc_html_e( 'Choose how WP 2FA verifies the 2FA by default. The native method works for most setups, but you can switch to REST API verification if needed. Only change this setting if you are experiencing issues with the default method.', 'wp-2fa' ); ?>
 …
                 </tbody>
             </table>
+        </div>
             <?php
+        }

wp-2fa/trunk/includes/classes/Authenticator/class-reset-password.php

r3343451	r3359559
43	43	* @var string
44	44	*
45		* @since 2.9.2
	45	* @since 2.9.3
46	46	*/
47	47	private static $logging_attempts_meta_key = WP_2FA_PREFIX . 'api-reset-password-attempts';

wp-2fa/trunk/includes/classes/class-wp2fa.php

-                      r3343451
+                      r3359559
             self::add_actions();
+            Endpoints::init();
+            if ( false === Settings_Utils::string_to_bool( self::get_wp2fa_general_setting( 'disable_rest' ) ) ) {
+                Endpoints::init();
+            }
             // Inits all the additional free app extensions.

wp-2fa/trunk/languages/wp-2fa.pot

-                      r3343451
+                      r3359559
 msgid ""
 msgstr ""
 "Project-Id-Version: WP 2FA - Two-factor authentication for WordPress 2.9.2\n"
+"Project-Id-Version: WP 2FA - Two-factor authentication for WordPress 2.9.3\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/wp-2fa\n"
 "Last-Translator: WP White Security <[email protected]>\n"
 …
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "POT-Creation-Date: 2025-08-12T09:20:19+00:00\n"
+"POT-Creation-Date: 2025-09-10T20:34:17+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.11.0\n"
 …
 #: extensions/twilio/class-twilio.php:349
 #: extensions/yubico/class-yubico.php:299
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:147
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:154
 #: includes/classes/Admin/SettingsPages/class-settings-page-policies.php:563
 #: includes/classes/Admin/SettingsPages/class-settings-page-white-label.php:37
 …
 #: extensions/out-of-band/class-out-of-band.php:638
 #: includes/classes/Admin/class-setup-wizard.php:634
 #: includes/classes/class-wp2fa.php:582
 #: includes/classes/class-wp2fa.php:596
 #: includes/classes/class-wp2fa.php:606
+#: includes/classes/class-wp2fa.php:584
+#: includes/classes/class-wp2fa.php:598
+#: includes/classes/class-wp2fa.php:608
 msgid "Email sent by"
 msgstr ""
 …
 #: extensions/out-of-band/class-out-of-band.php:639
 #: includes/classes/Admin/class-setup-wizard.php:635
 #: includes/classes/class-wp2fa.php:583
+#: includes/classes/class-wp2fa.php:585
 msgid "WP 2FA plugin."
 msgstr ""
 …
 #: extensions/settings-import-export/class-settings-import-export.php:240
 #: includes/classes/Admin/class-plugin-updated-notice.php:130
+#: includes/classes/Admin/Helpers/class-wp-helper.php:237
 msgid "Nonce Verification Failed."
 msgstr ""
 …
 #: includes/classes/Admin/class-plugin-updated-notice.php:135
+#: includes/classes/Admin/Helpers/class-wp-helper.php:247
 msgid "Complete."
 msgstr ""
 …
 #: includes/classes/Admin/Helpers/class-ajax-helper.php:401
 #: includes/classes/Admin/Helpers/class-ajax-helper.php:417
+#: includes/classes/Admin/Helpers/class-wp-helper.php:183
 msgid "Dismiss this notice."
 msgstr ""
 …
 msgstr ""
+#: includes/classes/Admin/Helpers/class-wp-helper.php:180
+msgid "Want to know what the state of WordPress security is in 2025?"
+msgstr ""
+#: includes/classes/Admin/Helpers/class-wp-helper.php:181
+msgid "Discover the latest insights in our 2025 WordPress Security Survey Report."
+msgstr ""
+#. Translators: survey link
+#: includes/classes/Admin/Helpers/class-wp-helper.php:189
+msgid "%1$sRead the survey%2$s"
+msgstr ""
+#: includes/classes/Admin/Helpers/class-wp-helper.php:242
+msgid "Not enough privileges."
+msgstr ""
 #: includes/classes/Admin/Methods/class-backup-codes.php:181
 #: includes/classes/Authenticator/class-login.php:1032
 …
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:194
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:201
 msgid "Do you want to delete the plugin data from the database upon uninstall"
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:196
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:203
 msgid "The plugin saves its settings in the WordPress database. By default the plugin settings are kept in the database so if it is installed again, you do not have to reconfigure the plugin. Enable this setting to delete the plugin settings from the database upon uninstall."
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:201
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:208
 msgid "Delete data"
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:207
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:214
 msgid "Delete data upon uninstall"
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:231
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:238
 msgid "Limit 2FA settings access"
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:233
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:240
 msgid "Use this setting to hide this plugin configuration area from all other admins."
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:238
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:245
 msgid "Limit access to 2FA settings"
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:244
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:251
 msgid "Hide settings from other administrators"
 msgstr ""
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:263
+msgid "Enable the REST API endpoints for 2FA"
+msgstr ""
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:265
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:270
+msgid "Disable the REST API endpoints for 2FA"
+msgstr ""
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:272
+msgid "The WP 2FA REST API endpoints are enabled by default. They are used for integrations and do not impact your website’s performance, functionality, or security. If you prefer, you can disable these endpoints by using this setting."
+msgstr ""
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:283
+msgid "disable the REST API endpoints"
+msgstr ""
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:318
+msgid "Select the 2FA verification mechanism"
+msgstr ""
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:320
 msgid "Choose how WP 2FA verifies the 2FA by default. The native method works for most setups, but you can switch to REST API verification if needed. Only change this setting if you are experiencing issues with the default method."
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:270
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:325
 msgid "Select the default 2FA verification mechanism"
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:276
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:331
 msgid "Native"
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:281
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:336
 msgid "REST API"
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:300
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:356
 msgid "Disable 2FA code brute force protection"
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:302
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:358
 msgid "When using email and SMS 2FA, the plugin sends the users a new one-time code whenever they enter the wrong code when logging in. This is a security enhancement, a sort of brute force protection. You can disable this feature from the below setting, however, it is not recommended."
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:307
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:363
 msgid "Disable one-time code brute force protection"
 msgstr ""
 #. translators: support email.
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:334
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:390
 msgid "Use this setting below to configure the properties of the two-factor authentication on your website and how users use it. If you have any questions send us an email at %1$s."
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:339
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:395
 msgid "What should the plugin do if the 2FA method used during a user login is unavailable"
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:341
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:397
 msgid "There may be cases in which the 2FA service is unavailable when a user is trying to log in. For example, the service is unreachable or there are no credits to complete the action. In this case you can configure the plugin to either block the login process, or allow the user to log in without 2FA authentication."
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:346
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:402
 msgid "Select action"
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:353
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:409
 msgid "Block the login."
 msgstr ""
 #: includes/classes/Admin/SettingsPages/class-settings-page-general.php:361
+#: includes/classes/Admin/SettingsPages/class-settings-page-general.php:417
 msgid "Allow the login without 2FA"
 msgstr ""
 …
 msgstr ""
 #: includes/classes/class-wp2fa.php:536
+#: includes/classes/class-wp2fa.php:538
 msgid "Your login confirmation code for {site_name}"
 msgstr ""
 #: includes/classes/class-wp2fa.php:538
 #: includes/classes/class-wp2fa.php:554
+#: includes/classes/class-wp2fa.php:540
+#: includes/classes/class-wp2fa.php:556
 msgid "Hello {user_display_name},"
 msgstr ""
 #: includes/classes/class-wp2fa.php:539
+#: includes/classes/class-wp2fa.php:541
 msgid "You are trying to log in to {site_name} using the username {user_login_name}. To complete your login, please enter the following one-time 2FA code:"
 msgstr ""
 #: includes/classes/class-wp2fa.php:540
+#: includes/classes/class-wp2fa.php:542
 msgid "{login_code}"
 msgstr ""
 #: includes/classes/class-wp2fa.php:541
+#: includes/classes/class-wp2fa.php:543
 msgid "Enter this code on the login page to finish the authentication process and access your account."
 msgstr ""
 #: includes/classes/class-wp2fa.php:542
 #: includes/classes/class-wp2fa.php:563
+#: includes/classes/class-wp2fa.php:544
+#: includes/classes/class-wp2fa.php:565
 msgid "This request was made from IP address {user_ip_address}. If you did not request this, please contact the site administrator at {admin_email}."
 msgstr ""
 #: includes/classes/class-wp2fa.php:543
+#: includes/classes/class-wp2fa.php:545
 msgid "If you encounter any other issues logging in, feel free to contact us at {admin_email}."
 msgstr ""
 #: includes/classes/class-wp2fa.php:544
+#: includes/classes/class-wp2fa.php:546
 msgid ""
 "Kind regards,\n"
 …
 msgstr ""
 #: includes/classes/class-wp2fa.php:552
+#: includes/classes/class-wp2fa.php:554
 msgid "Your 2FA Setup Verification Code for {site_name}"
 msgstr ""
 #: includes/classes/class-wp2fa.php:555
+#: includes/classes/class-wp2fa.php:557
 msgid "You have requested to set up two-factor authentication for your user {user_login_name} on the website {site_name} ({site_url})."
 msgstr ""
 #. translators: The login code provided from the plugin.
 #: includes/classes/class-wp2fa.php:559
+#: includes/classes/class-wp2fa.php:561
 msgid "Please enter the following code to complete your setup: %1$1s"
 msgstr ""
 #: includes/classes/class-wp2fa.php:564
 #: includes/classes/class-wp2fa.php:581
 #: includes/classes/class-wp2fa.php:596
+#: includes/classes/class-wp2fa.php:566
+#: includes/classes/class-wp2fa.php:583
+#: includes/classes/class-wp2fa.php:598
 msgid "Thank you."
 msgstr ""
 #: includes/classes/class-wp2fa.php:565
+#: includes/classes/class-wp2fa.php:567
 msgid "The {site_name} Team"
 msgstr ""
 #: includes/classes/class-wp2fa.php:569
+#: includes/classes/class-wp2fa.php:571
 msgid "Your user on {site_name} has been locked"
 msgstr ""
 #: includes/classes/class-wp2fa.php:571
+#: includes/classes/class-wp2fa.php:573
 msgid "Hello."
 msgstr ""
 #. translators: %2s - the name of the site.
 #: includes/classes/class-wp2fa.php:575
+#: includes/classes/class-wp2fa.php:577
 msgid "Since you have not enabled two-factor authentication for the user %1$1s on the website %2$2s within the grace period, your account has been locked."
 msgstr ""
 #: includes/classes/class-wp2fa.php:580
+#: includes/classes/class-wp2fa.php:582
 msgid "Contact your website administrator to unlock your account."
 msgstr ""
 #: includes/classes/class-wp2fa.php:587
+#: includes/classes/class-wp2fa.php:589
 msgid "Your user on {site_name} has been unlocked"
 msgstr ""
 #: includes/classes/class-wp2fa.php:590
 #: includes/classes/class-wp2fa.php:602
+#: includes/classes/class-wp2fa.php:592
+#: includes/classes/class-wp2fa.php:604
 msgid "Hello,"
 msgstr ""
 #: includes/classes/class-wp2fa.php:590
+#: includes/classes/class-wp2fa.php:592
 msgid "Your user"
 msgstr ""
 #: includes/classes/class-wp2fa.php:590
 #: includes/classes/class-wp2fa.php:602
+#: includes/classes/class-wp2fa.php:592
+#: includes/classes/class-wp2fa.php:604
 msgid "on the website"
 msgstr ""
 #: includes/classes/class-wp2fa.php:590
+#: includes/classes/class-wp2fa.php:592
 msgid "has been unlocked. Please configure two-factor authentication within the grace period, otherwise your account will be locked again."
 msgstr ""
 #: includes/classes/class-wp2fa.php:593
+#: includes/classes/class-wp2fa.php:595
 msgid "You can configure 2FA from this page:"
 msgstr ""
 #: includes/classes/class-wp2fa.php:596
 #: includes/classes/class-wp2fa.php:606
+#: includes/classes/class-wp2fa.php:598
+#: includes/classes/class-wp2fa.php:608
 msgid "WP 2FA plugin"
 msgstr ""
 #: includes/classes/class-wp2fa.php:599
+#: includes/classes/class-wp2fa.php:601
 msgid "2FA backup codes for user {user_login_name} on {site_name}"
 msgstr ""
 #: includes/classes/class-wp2fa.php:602
+#: includes/classes/class-wp2fa.php:604
 msgid "Below please find the 2FA backup codes for your user"
 msgstr ""
 #: includes/classes/class-wp2fa.php:602
+#: includes/classes/class-wp2fa.php:604
 msgid "The website's URL is"
 msgstr ""
 #: includes/classes/class-wp2fa.php:606
+#: includes/classes/class-wp2fa.php:608
 msgid "Thank you for enabling 2FA on your account and helping us keeping the website secure."
 msgstr ""
 #: includes/classes/class-wp2fa.php:751
+#: includes/classes/class-wp2fa.php:753
 msgid "Reconfigure"
 msgstr ""
 #: includes/classes/class-wp2fa.php:751
+#: includes/classes/class-wp2fa.php:753
 msgid "Configure"
 msgstr ""
 #. translators: The username.
 #: includes/classes/class-wp2fa.php:951
+#: includes/classes/class-wp2fa.php:953
 msgid "User %1$s logged in without 2FA"
 msgstr ""
 #. translators: the site name.
 #: includes/classes/class-wp2fa.php:961
+#: includes/classes/class-wp2fa.php:963
 msgid "2FA is enforced on the user %1$s on the website %2$s. However, since the WP 2FA plugin has not been configured properly it cannot enforce the user to configure 2FA, so the user logged in without 2FA."
 msgstr ""
 #. translators: the support e-mail.
 #: includes/classes/class-wp2fa.php:971
+#: includes/classes/class-wp2fa.php:973
 msgid "To enforce 2FA on users logging in from non default WordPress login pages please configure the %1$s. If you need assistance, please contact us at %2$s."
 msgstr ""
 #: includes/classes/class-wp2fa.php:1162
+#: includes/classes/class-wp2fa.php:1164
 msgid "For security reasons WP 2FA needs to store the private key in the wp-config.php file. However, it is unable to. This can happen because of restrictive permissions, or the file is not in the default location. To fix this you can:"
 msgstr ""
 #: includes/classes/class-wp2fa.php:1163
+#: includes/classes/class-wp2fa.php:1165
 msgid "Option A) allow the plugin to write to the wp-config.php file temporarily by changing the wp-config.php permissions to 755. Once ready, click the button to proceed."
 msgstr ""
 #: includes/classes/class-wp2fa.php:1164
+#: includes/classes/class-wp2fa.php:1166
 msgid "Option B) Add the encryption key to the wp-config.php file yourself by "
 msgstr ""
 #: includes/classes/class-wp2fa.php:1165
+#: includes/classes/class-wp2fa.php:1167
 msgid "following these instructions."
 msgstr ""
 #: includes/classes/class-wp2fa.php:1166
+#: includes/classes/class-wp2fa.php:1168
 msgid "Once you complete any of the above, please click the button below."
 msgstr ""
 #: includes/classes/class-wp2fa.php:1171
+#: includes/classes/class-wp2fa.php:1173
 msgid "Write key to file now / Check for the key in file"
 msgstr ""
 #: includes/classes/class-wp2fa.php:1173
+#: includes/classes/class-wp2fa.php:1175
 msgid "I am aware of the risks. Please do not alert me again about this."
 msgstr ""
 …
 msgstr ""
 #: wp-2fa.php:264
+#: wp-2fa.php:265
 msgid "This plugin requires OpenSSL. Contact your web host or website administrator so they can enable OpenSSL. Re-activate the plugin once the library has been enabled."
 msgstr ""

wp-2fa/trunk/readme.txt

-                      r3343451
+                      r3359559
 Requires at least: 5.5
 Tested up to: 6.8.2
 Stable tag: 2.9.2
+Stable tag: 2.9.3
 Requires PHP: 7.4.0
 …
 == Changelog ==
+= 2.9.2 (2025-08-12) =
+* **Plugin & functionality improvements**
+    * REST API endpoints are now enabled by default.
+    * Added a new setting to choose how OTP verification is handled — via the legacy (native) method or through REST API.
+    * Introduced a timeout/limit on the “Resend code” option in the “2FA required on password resets” feature to prevent email abuse.
+    * Enhanced email templates with more relevant content and improved anti-spam scoring.
+    * Added default WP 2FA branding to all email templates in the Free edition.
+    * Refined the help text descriptions in several areas of the plugin.
+* **Bug fixes**
+    * Removed an email template from the Free edition (reserved for Premium edition).
+    * Fixed an issue in the “2FA required on password resets” feature where the wrong email template was sent when using the “Resend code” button.
+= 2.9.1 (2025-08-01) =
+* **Plugin & functionality improvements**
+     * Switched 2FA operations back to native (pre 2.9.0).
+     * Added a setting to manually enable / disable the REST API endpoints.
+ * **Bug fixes**
+     * Fixed: configured user's 2FA methods not showing in the My Account WooCommerce portal.
+= 2.9.0 (2025-07-31) =
+* **New features**
+     * REST API endpoints for 2FA code verification and other operations, thus making it much easier to integrate the plugin in custom processes.
+     * Option to allow temporary login without 2FA for a specific user or number of users.
+     * New filter _wp_2fa_oob_redirect_url_ to assist with user redirection post-login when Link via email (OOB) 2FA method is in use.
+     * Quick Links section with useful inks.
+= 2.9.3 (2025-09-11) =
  * **Plugin & functionality improvements**
+     * Bumped up the minimum supported PHP version from 7.3 to 7.4.
+     * Bumped up the minimum supported WordPress Core version from  5.0 to 5.5.
+     * Better support for setups in which access to the wp-login.php file is restricted or denied.
+     * Plugin no longer supports 2FA enforcement on users without any role, to adhere to the new Wordpress core changes.
+     * Improved performance: plugin now better loads and handles it's files and scripts .
+     * Updated the 2FA setup wizard UI – available methods are now displayed vertically for improved readability and layout consistency.
+     * Changed the default template of the 2FA code email for improved email deliverability (new installs only).
+     * Tweaked the redirection of users on Woocommerce to cater for latest Woocommerce version, ensuing correct and consistent redirection flow post-login.
+     * White Labeling - added option to enable help text to assist users during 2FA configuration for all methods.
+     * White Labeling - Changed the placeholder title on the 2FA code page text to "Verification code" for consistency.
+     * White Labeling - added a new white labeling option to enable/disable our plugin's signature from the 2FA Frontend configuration page.
+     * White Labeling - made more wizard elements translatable by assisting with localizing text inside JS elements.
+     * White Labeling - Tweaked the 2FA page code elements by introducing new unique classes, to make it easier for users to customize their logo with the right size and format.
+     * Switched the default setting for HOTP to now allow users to use another email address during configuration.
+     * Removed old links and imagery related to Captcha 4WP plugin.
+     * Added [Melapress Role Editor](https://melapress.com/wordpress-user-roles-editor/) in the About Us page.
+     * Reviewed all links in the plugin; fixed few broken links and added UTM parameters.
+     * Tweaked the UI inside a few wizards and plugin pages to avoid orphaned words or hanging elements.
+     * When "Log out users after 2FA configuration" is enabled, users are no longer logged out after they configure a backup method only.
+     * Made the 2FA notice regarding WP 2FA Encrypt key storage in wp-config.php dismissable.
+     * Authy method was removed from the setup wizard - service is being decommissioned by Twilio.
+     * Added our own custom libraries for Twilio integration, replacing the official SDK for improved performance and reduced dependencies.
+     * Removed the "User licensing" tab from the Settings which was redundant (used by the old licensing model).
+     * Improved the code that retrieves the number of subsites on a multisite network.
+     * Woocommerce Integration - 2FA Configuration page from My Account dashboard is now correctly positioned above the Log Out button.
+     * Yubico method will now show up in 2FA method selection wizard even when it's the only method enabled.
+     * Removed a redundant wizard steps when only one method was active (Yubico) for a smoother process.
+     * Updated the text and layout of the Yubikey configuration wizard.
+ * **Bug fixes**
+     * Fixed a PHP Notice "Function _load_textdomain_just_in_time" which could constantly occur in certain site setups .
+     * Translations: Fixed an edge case where Admin settings switch to Dutch once .po files are loaded, preventing the inheritance of actual site language.
+     * Fixed a bug causing the WordPress logo to be hidden on the 2FA code page in the Premium edition of WP 2FA.
+     * Fixed a scenario where users could see the "Remove 2FA" button on their profile page even though 2FA was enforced and no grace period was allowed.
+     * Fixed a handful of user role Inheritance issues which were causing some 2FA policies to not be correctly enforced to certain roles.
+     * Fixed an error which could occur when redirecting a user to a non-existent URL after configuring 2FA.
+     * Fixed a variety of PHP warnings related to Yubico, the out of band 2FA method, and the Reports page.
+     * Fixed a bug which could prevent users with SMS via Clickatell to use a backup code via email to log in.
+     * Fixed a bug which was causing the "grace period time left" shortcode to always show time in UTC format instead of site's timezone.
+     * Fixed a bug in which users using Yubico as primary method were unable to configure the email backup method.
+     * Added a check to avoid the plugin from writing multiple comments inside the wp-config.php file when the file is refreshed by third parties.
+     * Fixed a PHP deprecation: Function _print_emoji_styles_ which occured on fresh installations.
+     * Fixed a user reported edge case error involving WP 2FA and Paid Membership plugin when Authy 2FA method was in use.
+     * Fixed a scenario where the user could get locked out even though the setting to lock users with exceeded grace period was disabled.
+     * Fixed a user-reported PHP error - Uncaught Error: Call to a member function get_page_permastruct() on null.
+     * Fixed a some user-reported PHP errors that could occur inside Reports page under very specific circumstances.
+     * Fixed a UI glitch which could cause users to be prompted with "This page is asking you to confirm that you want to leave - information you've entered may not be saved." when configuring 2FA.
+     * Fixed a PHP 8.4 Deprecated notice: WP2FA_Vendor\BaconQrCode\Encoder\Encoder::chooseMode().
+     * Fixed a number of issues on how the 2FA frontend configuration pages are created on each subsite on a multisite nework.
+     * Fixed a shortcode behavior _{from_email}_ which was pulling the site admin email instead of the actual From email address.
+     * Fixed a user-reported edge case that could intermittently cause the wrong 2FA method to be selected during configuration, loading OTP via email wizard instead of the Authenticator app.
+     * Fixed a scenario where users with multiple roles on multiple websites have 2FA removed if "No role for this website" is selected.
+     * Added a new setting to disable the REST API endpoints.
 Refer to the complete [plugin changelog](https://melapress.com/support/kb/wp-2fa-plugin-changelog/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WP2FA&utm_content=plugin+repos+description) for more detailed information about what was new, improved and fixed in previous version updates of WP 2FA.

wp-2fa/trunk/vendor/autoload.php

r3343451	r3359559
20	20	require_once __DIR__ . '/composer/autoload_real.php';
21	21
22		return ComposerAutoloaderInit2~~3271~~::getLoader();
	22	return ComposerAutoloaderInit28365::getLoader();

wp-2fa/trunk/vendor/composer/autoload_real.php

-                      r3343451
+                      r3359559
 // autoload_real.php @generated by Composer
 class ComposerAutoloaderInit23271
+class ComposerAutoloaderInit28365
+{
     private static $loader;
 …
         require __DIR__ . '/platform_check.php';
         spl_autoload_register(array('ComposerAutoloaderInit23271', 'loadClassLoader'), true, true);
+        spl_autoload_register(array('ComposerAutoloaderInit28365', 'loadClassLoader'), true, true);
         self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(__DIR__));
         spl_autoload_unregister(array('ComposerAutoloaderInit23271', 'loadClassLoader'));
+        spl_autoload_unregister(array('ComposerAutoloaderInit28365', 'loadClassLoader'));
         require __DIR__ . '/autoload_static.php';
         call_user_func(\Composer\Autoload\ComposerStaticInit23271::getInitializer($loader));
+        call_user_func(\Composer\Autoload\ComposerStaticInit28365::getInitializer($loader));
         $loader->register(true);

wp-2fa/trunk/vendor/composer/autoload_static.php

-                      r3343451
+                      r3359559
 namespace Composer\Autoload;
 class ComposerStaticInit23271
+class ComposerStaticInit28365
+{
     public static $prefixLengthsPsr4 = array (
 …
+    {
         return \Closure::bind(function () use ($loader) {
             $loader->prefixLengthsPsr4 = ComposerStaticInit23271::$prefixLengthsPsr4;
             $loader->prefixDirsPsr4 = ComposerStaticInit23271::$prefixDirsPsr4;
             $loader->classMap = ComposerStaticInit23271::$classMap;
+            $loader->prefixLengthsPsr4 = ComposerStaticInit28365::$prefixLengthsPsr4;
+            $loader->prefixDirsPsr4 = ComposerStaticInit28365::$prefixDirsPsr4;
+            $loader->classMap = ComposerStaticInit28365::$classMap;
         }, null, ClassLoader::class);

wp-2fa/trunk/wp-2fa.php

-                      r3343451
+                      r3359559
  * @wordpress-plugin
  * Plugin Name: WP 2FA - Two-factor authentication for WordPress
  * Version:     2.9.2
+ * Version:     2.9.3
  * Plugin URI:  https://melapress.com/
  * Description: Easily add an additional layer of security to your WordPress login pages. Enable Two-Factor Authentication for you and all your website users with this easy to use plugin.
 …
+}
+\add_action( 'doing_it_wrong_trigger_error', 'wp_2fa_trigger_error', 10, 4 );
+\add_action( 'doing_it_wrong_run', 'wp_2fa_action_doing_it_wrong_run', 0, 3 );
+\add_action( 'doing_it_wrong_run', 'wp_2fa_action_doing_it_wrong_run', 20, 3 );
+\add_action( 'aadvana_trigger_error_doing_it_wrong', 'wp_2fa_trigger_error', 0, 4 );
 // Useful global constants.
 if ( ! defined( 'WP_2FA_VERSION' ) ) {
     define( 'WP_2FA_VERSION', '2.9.2' );
+    define( 'WP_2FA_VERSION', '2.9.3' );
     define( 'WP_2FA_BASE', plugin_basename( __FILE__ ) );
     define( 'WP_2FA_URL', plugin_dir_url( __FILE__ ) );
 …
 );
-\add_action( 'doing_it_wrong_trigger_error', 'wp_2fa_trigger_error', 10, 4 );
-\add_action( 'doing_it_wrong_run', 'wp_2fa_action_doing_it_wrong_run', 0, 3 );
-\add_action( 'doing_it_wrong_run', 'wp_2fa_action_doing_it_wrong_run', 20, 3 );
 if ( ! function_exists( 'wp_2f_is_just_in_time_for_2fa_domain' ) ) {
     /**

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 3359559

Legend:

wp-2fa/trunk/includes/classes/Admin/Helpers/class-wp-helper.php

wp-2fa/trunk/includes/classes/Admin/SettingsPages/class-settings-page-general.php

wp-2fa/trunk/includes/classes/Authenticator/class-reset-password.php

wp-2fa/trunk/includes/classes/class-wp2fa.php

wp-2fa/trunk/languages/wp-2fa.pot

wp-2fa/trunk/readme.txt

wp-2fa/trunk/vendor/autoload.php

wp-2fa/trunk/vendor/composer/autoload_real.php

wp-2fa/trunk/vendor/composer/autoload_static.php

wp-2fa/trunk/wp-2fa.php

Download in other formats: