Loginizer 1.6.4 Security Fix

Hi,

We released Loginizer 1.6.4 on 16th October 2020 which includes two security issues fixed.

Please check if you are running running 1.6.4, if not we recommend you to upgrade to 1.6.4 immediately.

We did not disclose the details about security fix earlier so the users get time to upgrade the plugin in their WordPress installations.

WordPress team helped auto upgrading Loginizer plugin to 1.6.4 for a large percentage of users even for users who did not enable auto upgrade because this was a security fix. We also pushed the security upgrade via Softaculous so the WordPress installations done by Softaculous and having Loginizer were upgraded automatically. These two options helped upgrade a large portion of installations.

Following is the list of security issues fixed in Loginizer 1.6.4:

1) [Security Fix] : A properly crafted username used to login could lead to SQL injection. This has been fixed by using the prepare function in PHP which prepares the SQL query for safe execution.

2) [Security Fix] : If the IP HTTP header was modified to have a null byte it could lead to stored XSS. This has been fixed by properly sanitizing the IP HTTP header before using the same.

We would like to Thank Slavco from WPdeeply.com and WordPress.org Plugins team for helping us in this matter.

For any questions related to this version or upgrading difficulty feel free to contact us at support@loginizer.com

Regards,
The Loginizer Team

Loginizer 1.6.3 Launched

Hi,

The Loginizer Team has launched version 1.6.3 with the following changes :

1) [Fix] Fixed a PHP Notice that was caused by a change released yesterday.

More features will be coming in the next releases.

You can download the free version from WordPress Plugin directory :

Regards,
The Loginizer Team

Loginizer 1.6.2 Launched

Hi,

The Loginizer Team has launched version 1.6.2 with the following changes :

1) [Feature] Added option to send Password Less Login email as HTML.

2) [Fix] When reCAPTCHA was disabled on Woocommerce checkout page, Loginizer reported captcha error if a user tried to register on checkout page. This is fixed now.

3) [Fix] The email sent to admin for brute force login attempts will now contain the site url as well.

4) [Fix] Fixed PHP Notice on Two Factor Authentication page.

More features will be coming in the next releases.

You can download the free version from WordPress Plugin directory :

Regards,
The Loginizer Team

Loginizer 1.6.1 Launched

Hi,

The Loginizer Team has launched version 1.6.1 with the following changes :

1) [Fix] The captcha on Registration form when using WooCommerce was not being rendered if the “WooCommerce Checkout” captcha setting was disabled in Loginizer. This is fixed now and this captcha can be disabled with “Registration Form” captcha setting in Loginizer.

2) [Fix] Minor checkbox pre filling UI fix on Two Factor Authentication page.

More features will be coming in the next releases.

You can download the free version from WordPress Plugin directory :

Regards,
The Loginizer Team

Loginizer 1.6.0 Launched

Hi,

The Loginizer Team has launched version 1.6.0 with the following changes :

1) [Feature] Admin can white list an IP or an IP range for Two Factor Authentication.

2) [Fix] If the plugins or themes which are included in the default WordPress package were not updated, the Checksum reported that the files for such plugins and themes did not matched. This is fixed now.

More features will be coming in the next releases.

You can download the free version from WordPress Plugin directory :

Regards,
The Loginizer Team

Loginizer 1.5.9 Launched

Hi,

The Loginizer Team has launched version 1.5.9 with the following changes :

1) [Task] Admins can now customize email template for 2FA OTP via email.

2) [Task] Admins can now customize the 2FA messages on login screen.

3) [Fix] Changed the OTP via App field on login page to type password.

More features will be coming in the next releases.

You can download the free version from WordPress Plugin directory :

Regards,
The Loginizer Team

Loginizer 1.5.8 Launched

Hi,

The Loginizer Team has launched version 1.5.8 with the following changes :

1) [Task] Permission for / folder was suggested as 0755 and 0750 permission which is secure was reported as insecure. This is fixed now.

2) [Fix] Prevent PHP Deprecated Warning on plugin upgrade page on servers running PHP 7.3+

More features will be coming in the next releases.

You can download the free version from WordPress Plugin directory :

Regards,
The Loginizer Team

Loginizer 1.5.7 Launched

Hi,

The Loginizer Team has launched version 1.5.7 with the following changes :

1) [Fix] Prevent PHP Notice on 1st failed login attempt from an IP.

More features will be coming in the next releases.

You can download the free version from WordPress Plugin directory :

Regards,
The Loginizer Team

Loginizer 1.5.6 Launched

Hi,

The Loginizer Team has launched version 1.5.6 with the following changes :

1) [Task] Admins can now subscribe to our newsletter if they decide to opt in.

More features will be coming in the next releases.

You can download the free version from WordPress Plugin directory :

Regards,
The Loginizer Team