ROBOTSTXT/robotstxt-2fa
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Packages Wiki Activity Actions
6 releases 6 tags
  • 1.4.0 467560d420

    v1.4.0 Stable

    javier released this 2026-06-05 19:46:02 +00:00 | 0 commits to main since this release

    1.4.0

    Release date: 2026-06-05

    Added

    • Audit Dashboard — top-level admin page with summary cards (total users, 2FA-enabled, recent failed attempts), failed attempts table, and 2FA status column in Users list.
    • Failed attempts log — robotstxt_2fa_failed_log ring buffer (max 100 entries) populated on every failed verification; IPs anonymized.
    • Email notifications (each independently configurable):
      • Admin-enabled 2FA: user is notified when an administrator activates 2FA for them.
      • New location login: user is notified on first successful login from an unrecognised context.
      • Recovery code used: user (and optionally site admin) notified when a recovery code is consumed.
      • Activity digest: WP-Cron weekly or monthly summary sent to administrators.
    • Application Passwords exemption: REST API clients skip the 2FA browser challenge by default.
    • IP allow list: IPs/CIDR ranges that bypass 2FA (via robotstxt_2fa_skip_challenge).
    • IP deny list: IPs/CIDR ranges blocked from login entirely (via authenticate at priority 1).
    • IPv4 + IPv6 CIDR matching (pure PHP, no external dependency).

    Compatibility

    • WordPress: 6.4 – 7.1
    • PHP: 8.0 – 8.5

    Tests

    • PHP Coding Standards: PHP_CodeSniffer 3.13.5 / WPCS 3.3.0
    • PHPStan: level 9 — 0 errors
    • PHPCompatibility: 8.0–8.5 — 0 issues
    • PHPUnit: 9.6.34 — 42 tests, 109 assertions
    Downloads