ROBOTSTXT/two-factor-extended
ROBOTSTXT/two-factor-extended
1
0
Fork 0
Code Issues Pull requests Releases 1 Activity
1 release 1 tag
  • 1.0.0 212d64abfa

    v1.0.0 Stable

    javier released this 2026-02-17 14:21:41 +00:00 | 0 commits to main since this release

    1.0.0

    Release date: 2026-02-17

    Initial Production Release

    This is the first comprehensive release of Two Factor Extended, implementing enterprise-level two-factor authentication management for WordPress.

    Core Features

    • Role-Based 2FA Requirements (Phase 3) - Require specific 2FA methods for each user role, multiple methods support, custom role support
    • Provider Visibility Control (Phase 4) - Control which 2FA methods are visible to each role, required providers always visible, union logic for multiple roles
    • Grace Period Enforcement (Phase 3) - Configurable grace period (0-365 days), automatic tracking, user warnings, login blocking after expiration
    • WordPress Multisite Support (Phase 5) - Network-wide enforcement, super admin requirements, site override control, inheritance notices
    • Consolidated Admin Interface - Single settings page with tabs for Settings, Audit Log, and Compliance
    • Reset Plugin Functionality - Complete settings reset with user grace period cleanup and audit logging

    Advanced Features

    • Audit Logging (Phase 6) - Comprehensive event logging (2FA changes, settings changes, login failures), filtering by action/user/date, CSV export, automatic cleanup (1000 logs max, 90-day retention), IP and actor tracking
    • Compliance Reporting (Phase 6) - Real-time compliance statistics, by-role breakdown, non-compliant user identification, grace period status tracking, CSV export, network-wide reports, email reporting
    • Bulk Operations (Phase 7) - Bulk "Require 2FA Setup" and "Reset Grace Period" actions on Users page with success notifications and audit logging
    • WP-CLI Commands (Phase 7) - Complete CLI interface: status, enforce, report, reset (with table, JSON, CSV output formats and progress bars)
    • REST API Endpoints (Phase 7) - Full authentication and authorization: GET status, GET users, POST enforce, POST reset, GET report (JSON and CSV formats)
    • Import/Export Settings (Phase 7) - Export settings as JSON with timestamp, import with validation/sanitization, confirmation dialogs, file size limits (1MB), audit logging

    User Interface

    • Settings Page - Clean interface with grace period configuration, role requirements matrix, provider visibility matrix, data management section
    • Admin Notices - Grace period warnings (yellow), non-compliance errors (red), days remaining countdown, "Configure 2FA Now" buttons
    • Audit Log Tab - Recent activity overview, statistics display, filterable log table, export functionality, last 50 logs display
    • Compliance Tab - Overview statistics, by-role breakdown table, non-compliant users table, status indicators, export functionality

    Security & Quality (Phase 8)

    • Grade A Security Audit - All capability checks verified, complete nonce verification, comprehensive input validation/sanitization, output escaping
    • Security Protections - SQL injection protection (no direct SQL), XSS protection, CSRF protection, file access protection, error handling without information disclosure
    • Input Constraints - Form field validation (client & server), file size/type limits, required field indicators, ARIA labels for accessibility
    • 28 Unit Tests - PHPUnit test coverage for core classes (Role Manager, Enforcement, Audit Log)
    • WCAG 2.1 Level AA Compliant - Fully accessible administration interface
    • WordPress Coding Standards - 100% PHPCS compliant with WordPress Coding Standards 3.3
    • Performance Optimized - Efficient database queries and caching for large user bases

    Documentation (Phase 9)

    • Comprehensive security audit report (docs/SECURITY-AUDIT.md)
    • Manual testing matrix with 200+ test cases (docs/TESTING-MATRIX.md)
    • WCAG 2.1 Level AA compliance documentation (docs/ACCESSIBILITY.md)
    • Performance testing procedures (docs/PERFORMANCE.md)
    • Plugin compatibility report (docs/COMPATIBILITY.md)
    • User guide with examples (docs/USER-GUIDE.md)
    • Developer guide with API documentation (docs/DEVELOPER-GUIDE.md)
    • Troubleshooting guides and FAQ sections

    Core Classes Added

    • class-two-factor-extended.php - Main plugin class (singleton)
    • class-dependency-checker.php - Dependency validation
    • class-role-manager.php - Role utilities
    • class-provider-detector.php - Provider detection
    • class-enforcement.php - 2FA enforcement logic
    • class-provider-filter.php - Provider visibility control
    • class-network-settings.php - Multisite support
    • class-settings.php - Settings API implementation with tabbed interface
    • class-audit-log.php - Audit logging
    • class-compliance-report.php - Compliance reporting
    • class-bulk-actions.php - Bulk operations
    • class-rest-api.php - REST API endpoints
    • class-cli-commands.php - WP-CLI commands

    Bug Fixes

    • Fixed provider visibility filter applying globally (now only applies on user profile pages, not admin settings)
    • Fixed compliance report data structure access for user and email columns
    • Fixed cache issues in role requirements and provider visibility fields by adding direct provider detection
    • Fixed log_event() parameter handling in reset functionality

    Compatibility

    • WordPress: 6.7 - 6.9
    • PHP: 8.2 - 8.5
    • MariaDB: 10.6+
    • Two Factor Plugin: 0.15.0 (tested)
    • Multisite: Fully supported (Network: true)

    Testing Environment

    • WordPress: 6.9
    • PHP: 8.2
    • MariaDB: 10.6
    • Testing: Plugin detection verified, dependency checks working, PHPCS passing, unit tests passing

    Development Tools

    • PHP_CodeSniffer: 3.13
    • WordPress Coding Standards: 3.3
    • PHPCompatibility: 9.3
    • PHPCompatibilityWP: 2.1
    • WP-Since: 1.4
    • PHPUnit with WordPress test suite
    Downloads