ROBOTSTXT/two-factor-extended
ROBOTSTXT/two-factor-extended
1
0
Fork 0
Code Issues Pull requests Releases 5 Activity
5 releases 5 tags
  • 1.1.1 5add9b5e84

    v1.1.1 Stable

    javier released this 2026-03-28 10:06:57 +00:00 | 0 commits to main since this release

    1.1.1

    Release date: 2026-03-28

    Fixed

    • Version constant mismatch: TWO_FACTOR_EXTENDED_VERSION was 1.0.2 instead of 1.1.0.
    • Replaced current_time('timestamp') with time() in audit log and settings export to ensure UTC-correct timestamps.
    • Added wp_unslash() before sanitizing $_GET['tab'] in the settings page renderer.

    Compatibility

    • WordPress: 6.8, 6.9, 7.0
    • PHP: 8.2, 8.3, 8.4, 8.5
    • MariaDB: 10.6 or newer
    • Multisite: Supported
    • Two-Factor plugin: 0.16 or newer
    • Tested on WordPress 7.0, PHP 8.5.3; PHPUnit 9.6.34 — 28 unit tests, 64 assertions, all passing
    Downloads
  • 1.1.0 231ef59bb9

    v1.1.0 Stable

    javier released this 2026-03-28 10:06:05 +00:00 | 1 commits to main since this release

    1.1.0

    Release date: 2026-03-28

    Changed

    • Code quality: phpcbf auto-fixed 112 formatting issues across 12 files (operator alignment, array double arrows, pre-increment style).

    Compatibility

    • WordPress: 6.7, 6.8, 6.9
    • PHP: 8.2, 8.3, 8.4, 8.5
    • MariaDB: 10.6 or newer
    • Multisite: Supported
    • Two-Factor plugin: 0.16 or newer
    • Tested on WordPress 6.7.5, PHP 8.5.3; PHPUnit 9.6.34 — 28 unit tests, 64 assertions, all passing
    Downloads
  • 1.0.2 71b471e13e

    v1.0.2 Stable

    javier released this 2026-03-28 09:59:56 +00:00 | 2 commits to main since this release

    1.0.2

    Release date: 2026-03-28

    Changed

    • Plugin renamed from "Two Factor Extended" to "Two-Factor Extended" (hyphen added for consistency with the Two-Factor plugin naming convention).
    • get_required_providers_for_user() now intersects enforcement requirements with Two-Factor's globally-enabled providers list (two_factor_enabled_providers option, introduced in Two-Factor 0.16). Providers disabled site-wide by Two-Factor will no longer be enforced.
    • Added Catalan (ca) translation — 145 strings, 100% coverage.
    • Updated Spanish (es_ES) translation to reflect the new plugin name.

    Multisite

    • Two-Factor (base plugin) has no network-level settings — it is entirely per-site. Two-Factor Extended already provides the network layer on top of this with network-wide enforcement, super admin requirements, and site override controls. No changes required.

    Compatibility

    • WordPress: 6.7, 6.8, 6.9
    • PHP: 8.2, 8.3, 8.4, 8.5
    • MariaDB: 10.6 or newer
    • Multisite: Supported
    • Two-Factor plugin: 0.16 or newer
    • Tested on WordPress 6.7.5, PHP 8.5.3; PHPUnit 9.6.34 — 28 unit tests, 64 assertions, all passing
    Downloads
  • 1.0.1 b8e17df2db

    v1.0.1 Stable

    javier released this 2026-03-28 09:59:05 +00:00 | 3 commits to main since this release

    1.0.1

    Release date: 2026-03-28

    Changed

    • Settings menu now registered at admin_menu priority 20 to always appear after Two Factor plugin's Settings page (Two Factor 0.16+).
    • PHPUnit downgraded from 10.x to 9.6 for compatibility with the WordPress test library.
    • phpunit.xml.dist updated: uses PHPUnit 9 schema, <coverage> block replaces removed attributes, suffix=".php" for test directory discovery.
    • Test files renamed from test-*.php to Test_*.php to match PHPUnit 10/9 class name mapping (class names unchanged).
    • yoast/phpunit-polyfills downgraded to ^1.1 (matches WordPress core requirement).

    Fixed

    • PHPCS: spacing after parameter type in robotstxt-updater.php, class-enforcement.php, class-bulk-actions.php.
    • PHPCS: list<int> docblock type replaced with int[] to match array PHP type hint in class-bulk-actions.php.
    • PHPStan level 9: all errors resolved across all plugin files.

    Compatibility

    • WordPress: 6.7, 6.8, 6.9
    • PHP: 8.2, 8.3, 8.4, 8.5
    • MariaDB: 10.6 or newer
    • Multisite: Supported
    • Two-Factor plugin: 0.16 or newer
    • Tested on WordPress 6.7.5, PHP 8.5.3; PHPUnit 9.6.34 — 28 unit tests, 64 assertions, all passing
    Downloads
  • 1.0.0 212d64abfa

    v1.0.0 Stable

    javier released this 2026-02-17 14:21:41 +00:00 | 4 commits to main since this release

    1.0.0

    Release date: 2026-02-17

    Initial Production Release

    This is the first comprehensive release of Two Factor Extended, implementing enterprise-level two-factor authentication management for WordPress.

    Core Features

    • Role-Based 2FA Requirements (Phase 3) - Require specific 2FA methods for each user role, multiple methods support, custom role support
    • Provider Visibility Control (Phase 4) - Control which 2FA methods are visible to each role, required providers always visible, union logic for multiple roles
    • Grace Period Enforcement (Phase 3) - Configurable grace period (0-365 days), automatic tracking, user warnings, login blocking after expiration
    • WordPress Multisite Support (Phase 5) - Network-wide enforcement, super admin requirements, site override control, inheritance notices
    • Consolidated Admin Interface - Single settings page with tabs for Settings, Audit Log, and Compliance
    • Reset Plugin Functionality - Complete settings reset with user grace period cleanup and audit logging

    Advanced Features

    • Audit Logging (Phase 6) - Comprehensive event logging (2FA changes, settings changes, login failures), filtering by action/user/date, CSV export, automatic cleanup (1000 logs max, 90-day retention), IP and actor tracking
    • Compliance Reporting (Phase 6) - Real-time compliance statistics, by-role breakdown, non-compliant user identification, grace period status tracking, CSV export, network-wide reports, email reporting
    • Bulk Operations (Phase 7) - Bulk "Require 2FA Setup" and "Reset Grace Period" actions on Users page with success notifications and audit logging
    • WP-CLI Commands (Phase 7) - Complete CLI interface: status, enforce, report, reset (with table, JSON, CSV output formats and progress bars)
    • REST API Endpoints (Phase 7) - Full authentication and authorization: GET status, GET users, POST enforce, POST reset, GET report (JSON and CSV formats)
    • Import/Export Settings (Phase 7) - Export settings as JSON with timestamp, import with validation/sanitization, confirmation dialogs, file size limits (1MB), audit logging

    User Interface

    • Settings Page - Clean interface with grace period configuration, role requirements matrix, provider visibility matrix, data management section
    • Admin Notices - Grace period warnings (yellow), non-compliance errors (red), days remaining countdown, "Configure 2FA Now" buttons
    • Audit Log Tab - Recent activity overview, statistics display, filterable log table, export functionality, last 50 logs display
    • Compliance Tab - Overview statistics, by-role breakdown table, non-compliant users table, status indicators, export functionality

    Security & Quality (Phase 8)

    • Grade A Security Audit - All capability checks verified, complete nonce verification, comprehensive input validation/sanitization, output escaping
    • Security Protections - SQL injection protection (no direct SQL), XSS protection, CSRF protection, file access protection, error handling without information disclosure
    • Input Constraints - Form field validation (client & server), file size/type limits, required field indicators, ARIA labels for accessibility
    • 28 Unit Tests - PHPUnit test coverage for core classes (Role Manager, Enforcement, Audit Log)
    • WCAG 2.1 Level AA Compliant - Fully accessible administration interface
    • WordPress Coding Standards - 100% PHPCS compliant with WordPress Coding Standards 3.3
    • Performance Optimized - Efficient database queries and caching for large user bases

    Documentation (Phase 9)

    • Comprehensive security audit report (docs/SECURITY-AUDIT.md)
    • Manual testing matrix with 200+ test cases (docs/TESTING-MATRIX.md)
    • WCAG 2.1 Level AA compliance documentation (docs/ACCESSIBILITY.md)
    • Performance testing procedures (docs/PERFORMANCE.md)
    • Plugin compatibility report (docs/COMPATIBILITY.md)
    • User guide with examples (docs/USER-GUIDE.md)
    • Developer guide with API documentation (docs/DEVELOPER-GUIDE.md)
    • Troubleshooting guides and FAQ sections

    Core Classes Added

    • class-two-factor-extended.php - Main plugin class (singleton)
    • class-dependency-checker.php - Dependency validation
    • class-role-manager.php - Role utilities
    • class-provider-detector.php - Provider detection
    • class-enforcement.php - 2FA enforcement logic
    • class-provider-filter.php - Provider visibility control
    • class-network-settings.php - Multisite support
    • class-settings.php - Settings API implementation with tabbed interface
    • class-audit-log.php - Audit logging
    • class-compliance-report.php - Compliance reporting
    • class-bulk-actions.php - Bulk operations
    • class-rest-api.php - REST API endpoints
    • class-cli-commands.php - WP-CLI commands

    Bug Fixes

    • Fixed provider visibility filter applying globally (now only applies on user profile pages, not admin settings)
    • Fixed compliance report data structure access for user and email columns
    • Fixed cache issues in role requirements and provider visibility fields by adding direct provider detection
    • Fixed log_event() parameter handling in reset functionality

    Compatibility

    • WordPress: 6.7 - 6.9
    • PHP: 8.2 - 8.5
    • MariaDB: 10.6+
    • Two Factor Plugin: 0.15.0 (tested)
    • Multisite: Fully supported (Network: true)

    Testing Environment

    • WordPress: 6.9
    • PHP: 8.2
    • MariaDB: 10.6
    • Testing: Plugin detection verified, dependency checks working, PHPCS passing, unit tests passing

    Development Tools

    • PHP_CodeSniffer: 3.13
    • WordPress Coding Standards: 3.3
    • PHPCompatibility: 9.3
    • PHPCompatibilityWP: 2.1
    • WP-Since: 1.4
    • PHPUnit with WordPress test suite
    Downloads