Emergency Management

Adds email and TOTP-based two-factor authentication with optional enforcement and grace periods plus backup codes and trusted devices. Provides means to reset all or selectable passwords (roles, users) and/or to delete (the related) sessions, to define role-based password expiry, to renew security KEYs & SALTs and to define & monitor your required password complexity/strength and the password reuse limits. Session durations can be controlled for roles - with and without 'Remember Me'. Upon password reset, the related users will be informed by eMail. The eMail text can be edited easily through this plugin. When the password expiry function is set, users with the related roles will be required to renew their password upon login, once expired. When a certain password strength/complexity and reuse limits have been set, the password strength will be monitored and related hints will be displayed accordingly. This plugin is self explanatory and can be accessed through the users menu. Inspired by: Joe Sexton (PW-Check with Regular Expressions and related basic functions structure) Inspired by: andymoyle (Plugin "Emergency password reset V6.1" providing this as a kind of 'brute force' functionality) Inspired by: Miller Media (Plugin "Expire User Passwords", providing some basic ideas of functionality but in conflict with the plugin 'Theme My Login')

2.0.4.0

• (New) For convenience, in the user profile, backup code generation was as well tranferred to AJAX.
• (Tweak) Minimum password expiry days moved from 10 days to 1 day as per user request.

2.0.3.0

• (New) For a smoother UI/UX, AJAX is now being used for secret generation and TOTP activation.

2.0.2.0

• (New) Handling of multiple roles with different 2FA requirements added (strictest rule wins).
• (New) Introduction TOTP enforcement in case of TOTP only.
• (Tweak) 'Remember Me' warning fires only if the related tab is being saved. Authenticator App 'otpauth://totp/' data updated. Placeholder for issuer input added.

2.0.1.2

• (Fix) Input type for Backup Codes corrected.

2.0.1.1

• (Tweak) Also serving AJAX/JSON during login redirect.

2.0.1.0

• (New) Rendering a custom 2FA challenge form to achieve full independence from wp_login and other login-related plugins (e.g. Theme My Login), while also preventing potential conflicts.
• (Tweak) Convenient bidirectional navigation between Site Security and Two-Factor Authentication settings.

2.0.0.1

• (Fix) Avoid conflict with agressive plugins during menu registration.

2.0.0.0

• (New) Introduced Two-Factor Authentication (2FA), featuring: Email Codes, Authenticator Apps (TOTP), Backup Codes and Trusted Devices.
• (New) Introduced role related control of session duration (with and without 'Remember Me').
• (Tweak) Adjusted a few strings for better clarity.

1.4.5.1

• (Fix) Ensure in all cases that a password cannot be reused upon password expiry, even if password strength monitoring has been switched off.
• (Fix) Ensure that the password reuse limit is 0 if the password strength monitoring is switched off.
• (Tweak) Reorganized the use of hooks for stabile performance.
• (Tweak) Updated some messages and some minor fixes.

1.4.5.0

• (New) Added functionality to define the number of previous passwords not allowed to be reused.
• (Tweak) Re-engineered a few functions for better performance.
• (Tweak) Optimized names of functions, variables/constants, slugs and classes for robustness

1.4.4.0

• (New) Placeholders for email text may now be copied by a mouseclick or by <TAB> and <ENTER>.

1.4.3.0

• (New) {user-profile-url} added as placeholder for email text.
• Thorough test with WordPress 7.0 version.

1.4.2.0

• (Tweak) Adjusted the password maximum length limit.

1.4.1.0

• (Tweak) The role names will now be translated (as far as available).
• Tested successfully with WordPress 6.4.

1.4.0.3

• Minor language corrections

1.4.0.2

• Correction of version indication in help screen
• Minor language corrections

1.4.0.1

• Minor adjustments for wp-config.php
• Thorough test with Wordpress 6.1.1 version.

1.4.0.0

• Corrected erroneous password-strength-reset behaviour (introduced previously by error).
• Corrected password reset behaviour for roles under certain conditions.
• Added timestamp for KEYs & SALTs in config.php.
• Compatibility improvement #1 for PHP 8.0.
• Global strings translation optimized.
• Improved settings for email editing and added editor class 'mfem-email-editor' for CSS control.
• A few smaller improvements.
• Tested successfully with WordPress 5.7.2.

1.3.2.0

• Password changes by user profile are now fully covered as well

1.3.1.0

• Bug in password reset corrected: timestamp during user registration and password reset was not properly stored before

1.3.0.3

• Tooltips added
• Password expiry messages adapted (colors and content)

1.3.0.2

• Table format optimized for small screens (horizontal movability)

1.3.0.1

• Updated some text

1.3.0.0

• Added password expiry function by roles (password reuse is then prohibited as well)
• Compatibility with the plugin "Theme My Login" has been secured
• Optimized forms when using the key

1.2.2.1

• Removed unnecessary (direct) links to KEYs & SALTs renewal

1.2.2.0

• Tested ok with Wordpress 5.7
• Fixed issue with saving eMail text under certain conditions
• Changed German translation to default (informal)

1.2.1.2

• Tested ok with Wordpress 5.6.2

1.2.1.1

• Minor bug fix for correct version display in help tab area
• Minor bug fix to stay in selected admin tab upon action

1.2.1.0

• Admin Tabs added for a more structured administration

1.2.0.0

• Missing translation string added
• Admin submenu and plugin action link selection for SALTs renewal will delete all sessions as well (as recommended)

1.1.9.1

• Missing translation string added

1.1.9

• Added admin help sidebar

1.1.8

• Corrected behavior: in some cases, password wasn't reset (and eMail wasn't sent) when sessions were to be deleted in parallel.

1.1.7

• Tested successfully with WordPress Version 5.6.

1.1.6

• Prevent password lengths < 8 (security) and > 20 (WordPress database limit).
• Prevent inadvertent form submits by the RETURN key.

1.1.5

• Error in password check corrected!!
• Increasing the size of the special character subset for the password check.

1.1.4

• The detailed explanations and hints were moved to the standard admin 'help' tabs at the screen top.
• The 'help' tabs include the Q&As (to be extended regularly as they will be growing).

1.1.3

• Make sure that the local plugin translations are loaded, if they are provided with the plugin for the selected language. Otherwise, load the ones provided through the WordPress translations, if any. This is (was) due to my experience that the proper SVN version synchronization with the WordPress languages directory has been found failing... (--> Has been removed in 1.2.0.0)
• Minor code and translation improvements.

1.1.2

• Minor code improvements.

1.1.1

• Corrected the relative path to the translations.

1.1.0

• Added the ability to just delete selected roles' or user's sessions as a separate function.

1.0.2

• Minor code improvements.

1.0.1

• Improved checking and feedbacks regarding the email content.
• Prevent the password reset button from being pressed as long as the email text has not yet been set.
• Re-arranged the structure for the success, warning and error messages.
• Minor corrections in textual explanations and German translation.
• Improvements in the code to comply with WordPress coding standards.

1.0.0

• First stable version with all initial features.