{"id":275627,"date":"2026-01-19T08:22:28","date_gmt":"2026-01-19T08:22:28","guid":{"rendered":"https:\/\/en-za.wordpress.org\/plugins\/basecloud-shield\/"},"modified":"2026-03-27T14:24:32","modified_gmt":"2026-03-27T14:24:32","slug":"basecloud-shield","status":"publish","type":"plugin","link":"https:\/\/it.wordpress.org\/plugins\/basecloud-shield\/","author":23342161,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.4.5","stable_tag":"1.4.5","tested":"6.9.4","requires":"5.0","requires_php":"7.4","requires_plugins":null,"header_name":"BaseCloud Shield","header_author":"BaseCloud Team","header_description":"Enterprise-grade 2FA security. Supports Central Manager Notifications, WP Email, and SendGrid API.","assets_banners_color":"0f3962","last_updated":"2026-03-27 14:24:32","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/www.basecloudglobal.com\/","rating":0,"author_block_rating":0,"active_installs":30,"downloads":957,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"basecloud","date":"2026-01-19 08:21:56"},"1.0.1":{"tag":"1.0.1","author":"basecloud","date":"2026-01-19 09:23:11"},"1.2.0":{"tag":"1.2.0","author":"basecloud","date":"2026-01-19 09:41:11"},"1.2.1":{"tag":"1.2.1","author":"basecloud","date":"2026-01-19 09:52:51"},"1.2.2":{"tag":"1.2.2","author":"basecloud","date":"2026-01-19 09:56:16"},"1.2.3":{"tag":"1.2.3","author":"basecloud","date":"2026-01-19 10:18:27"},"1.2.4":{"tag":"1.2.4","author":"basecloud","date":"2026-01-19 10:33:41"},"1.2.6":{"tag":"1.2.6","author":"basecloud","date":"2026-01-19 15:40:56"},"1.2.7":{"tag":"1.2.7","author":"basecloud","date":"2026-02-03 06:44:53"},"1.2.8":{"tag":"1.2.8","author":"basecloud","date":"2026-02-03 07:33:19"},"1.3.0":{"tag":"1.3.0","author":"basecloud","date":"2026-02-04 08:17:27"},"1.3.1":{"tag":"1.3.1","author":"basecloud","date":"2026-02-04 08:24:23"},"1.3.2":{"tag":"1.3.2","author":"basecloud","date":"2026-02-04 08:27:09"},"1.3.3":{"tag":"1.3.3","author":"basecloud","date":"2026-02-12 14:42:11"},"1.3.4":{"tag":"1.3.4","author":"basecloud","date":"2026-02-12 15:23:00"},"1.3.5":{"tag":"1.3.5","author":"basecloud","date":"2026-02-13 11:43:13"},"1.3.6":{"tag":"1.3.6","author":"basecloud","date":"2026-02-25 14:09:48"},"1.3.7":{"tag":"1.3.7","author":"basecloud","date":"2026-02-25 14:45:39"},"1.3.8":{"tag":"1.3.8","author":"basecloud","date":"2026-02-25 14:56:15"},"1.3.9":{"tag":"1.3.9","author":"basecloud","date":"2026-02-25 15:12:37"},"1.4.0":{"tag":"1.4.0","author":"basecloud","date":"2026-03-16 20:40:45"},"1.4.1":{"tag":"1.4.1","author":"basecloud","date":"2026-03-17 21:07:15"},"1.4.2":{"tag":"1.4.2","author":"basecloud","date":"2026-03-21 15:52:56"},"1.4.3":{"tag":"1.4.3","author":"basecloud","date":"2026-03-23 09:38:20"},"1.4.5":{"tag":"1.4.5","author":"basecloud","date":"2026-03-27 14:24:32"},"1.5.0":{"tag":"1.5.0","author":"basecloud","date":"2026-03-16 21:01:42"},"1.5.1":{"tag":"1.5.1","author":"basecloud","date":"2026-03-17 08:21:10"},"1.5.2":{"tag":"1.5.2","author":"basecloud","date":"2026-03-17 09:59:39"},"1.6.0":{"tag":"1.6.0","author":"basecloud","date":"2026-03-17 12:59:22"},"1.6.1":{"tag":"1.6.1","author":"basecloud","date":"2026-03-17 13:23:28"},"1.6.2":{"tag":"1.6.2","author":"basecloud","date":"2026-03-17 13:36:18"},"1.6.3":{"tag":"1.6.3","author":"basecloud","date":"2026-03-17 14:52:51"},"1.6.4":{"tag":"1.6.4","author":"basecloud","date":"2026-03-17 15:16:32"},"1.6.5":{"tag":"1.6.5","author":"basecloud","date":"2026-03-17 15:30:29"},"1.6.6":{"tag":"1.6.6","author":"basecloud","date":"2026-03-17 15:56:42"},"1.6.7":{"tag":"1.6.7","author":"basecloud","date":"2026-03-17 16:16:27"},"1.6.8":{"tag":"1.6.8","author":"basecloud","date":"2026-03-17 16:27:19"},"1.6.9":{"tag":"1.6.9","author":"basecloud","date":"2026-03-17 16:36:49"},"1.7.0":{"tag":"1.7.0","author":"basecloud","date":"2026-03-17 16:54:46"},"1.7.1":{"tag":"1.7.1","author":"basecloud","date":"2026-03-17 17:08:28"},"1.7.2":{"tag":"1.7.2","author":"basecloud","date":"2026-03-17 17:31:39"},"2.0.0":{"tag":"2.0.0","author":"basecloud","date":"2026-03-17 20:53:45"}},"upgrade_notice":[],"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3442297,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3442297,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3442297,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3442297,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.0.1","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.6","1.2.7","1.2.8","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.4.0","1.4.1","1.4.2","1.4.3","1.4.5","1.5.0","1.5.1","1.5.2","1.6.0","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.7.0","1.7.1","1.7.2","2.0.0"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"The Professional Settings Panel.","2":"The Secure OTP Verification Screen."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[9211,710,9210,600,9217],"plugin_category":[54],"plugin_contributors":[246295],"plugin_business_model":[],"class_list":["post-275627","plugin","type-plugin","status-publish","hentry","plugin_tags-2fa","plugin_tags-authentication","plugin_tags-otp","plugin_tags-security","plugin_tags-two-factor","plugin_category-security-and-spam-protection","plugin_contributors-basecloud","plugin_committers-basecloud"],"banners":{"banner":"https:\/\/ps.w.org\/basecloud-shield\/assets\/banner-772x250.png?rev=3442297","banner_2x":"https:\/\/ps.w.org\/basecloud-shield\/assets\/banner-1544x500.png?rev=3442297","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/basecloud-shield\/assets\/icon-128x128.png?rev=3442297","icon_2x":"https:\/\/ps.w.org\/basecloud-shield\/assets\/icon-256x256.png?rev=3442297","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>BaseCloud Shield is a lightweight yet powerful security plugin that enforces Two-Factor Authentication (2FA) on your WordPress login page. Unlike other bloat-heavy plugins, BaseCloud Shield focuses on reliability and flexibility in OTP delivery.<\/p>\n\n<p><strong>Key Features:<\/strong><\/p>\n\n<ul>\n<li><strong>Plug &amp; Play:<\/strong> Works immediately using standard WordPress email delivery.<\/li>\n<li><strong>Multi-Recipient System:<\/strong> Send OTPs to the logging-in user, a manager email, or selected users.<\/li>\n<li><strong>Multi-Channel Delivery:<\/strong> Choose multiple delivery methods simultaneously (Email, SendGrid, WhatsApp, SMS, Webhook).<\/li>\n<li><strong>WhatsApp Integration:<\/strong> Send OTPs directly via WhatsApp using Twilio API.<\/li>\n<li><strong>SMS Integration:<\/strong> Deliver OTPs via SMS using Twilio API.<\/li>\n<li><strong>SendGrid API V3:<\/strong> Native integration for high-deliverability emails.<\/li>\n<li><strong>Webhook Support:<\/strong> Connect to custom webhooks for advanced automation flows.<\/li>\n<li><strong>Secure OTPs:<\/strong> 6-digit one-time passwords that expire automatically.<\/li>\n<li><strong>Browser Trust:<\/strong> \"Remember this device\" functionality to reduce friction for authorized users.<\/li>\n<li><strong>Advanced Attack Protection (v1.4.2):<\/strong> Credential stuffing detection, progressive delays, username enumeration protection.<\/li>\n<\/ul>\n\n<h3>External Services<\/h3>\n\n<p>This plugin may connect to external third-party services depending on your configuration. Below is a detailed explanation of what services are used, what data is sent, and when:<\/p>\n\n<p><strong>SendGrid Email API (Optional)<\/strong><\/p>\n\n<p>If you select \"SendGrid API\" as your delivery method in the plugin settings, this plugin will send data to SendGrid's email service to deliver one-time password (OTP) codes.<\/p>\n\n<ul>\n<li><strong>Service<\/strong>: SendGrid by Twilio<\/li>\n<li><strong>What it's used for<\/strong>: Sending two-factor authentication codes via email with improved deliverability<\/li>\n<li><strong>When data is sent<\/strong>: Every time a user attempts to log in and 2FA is enabled<\/li>\n<li><strong>Data sent<\/strong>: \n\n<ul>\n<li>Recipient email address (user's email or manager email if configured)<\/li>\n<li>Sender email address (configured in plugin settings)<\/li>\n<li>Site name<\/li>\n<li>Username attempting to log in<\/li>\n<li>6-digit one-time password code<\/li>\n<li>Email subject and HTML body<\/li>\n<\/ul><\/li>\n<li><strong>API Endpoint<\/strong>: https:\/\/api.sendgrid.com\/v3\/mail\/send<\/li>\n<li><strong>Terms of Service<\/strong>: https:\/\/www.twilio.com\/legal\/tos<\/li>\n<li><strong>Privacy Policy<\/strong>: https:\/\/www.twilio.com\/legal\/privacy<\/li>\n<\/ul>\n\n<p><strong>Important<\/strong>: You must have a SendGrid account and API key to use this feature. You are responsible for complying with SendGrid's terms of service and ensuring proper data handling practices.<\/p>\n\n<p><strong>Twilio API for WhatsApp &amp; SMS (Optional)<\/strong><\/p>\n\n<p>If you select \"WhatsApp\" or \"SMS\" as delivery methods, the plugin will send data to Twilio's API to deliver one-time password codes.<\/p>\n\n<ul>\n<li><strong>Service<\/strong>: Twilio<\/li>\n<li><strong>What it's used for<\/strong>: Sending two-factor authentication codes via WhatsApp and\/or SMS<\/li>\n<li><strong>When data is sent<\/strong>: Every time a user attempts to log in and 2FA is enabled with WhatsApp\/SMS selected<\/li>\n<li><strong>Data sent<\/strong>:\n\n<ul>\n<li>Recipient phone number (from user meta field 'billing_phone')<\/li>\n<li>Sender phone number (WhatsApp number or SMS number configured in settings)<\/li>\n<li>Site name<\/li>\n<li>Username attempting to log in<\/li>\n<li>6-digit one-time password code<\/li>\n<li>Message body<\/li>\n<\/ul><\/li>\n<li><strong>API Endpoint<\/strong>: https:\/\/api.twilio.com\/2010-04-01\/Accounts\/{AccountSid}\/Messages.json<\/li>\n<li><strong>Terms of Service<\/strong>: https:\/\/www.twilio.com\/legal\/tos<\/li>\n<li><strong>Privacy Policy<\/strong>: https:\/\/www.twilio.com\/legal\/privacy<\/li>\n<\/ul>\n\n<p><strong>Important<\/strong>: You must have a Twilio account with WhatsApp and\/or SMS capabilities enabled. Phone numbers must be stored in user meta (field: 'billing_phone'). You are responsible for complying with Twilio's terms of service.<\/p>\n\n<p><strong>Custom Webhook (Optional)<\/strong><\/p>\n\n<p>If you select \"Webhook\" as a delivery method, the plugin will send login notification data to a webhook URL you configure.<\/p>\n\n<ul>\n<li><strong>Service<\/strong>: Custom webhook endpoint (configured by you)<\/li>\n<li><strong>What it's used for<\/strong>: Sending login notifications to external systems for custom processing<\/li>\n<li><strong>When data is sent<\/strong>: Every time a user attempts to log in and 2FA is enabled<\/li>\n<li><strong>Data sent<\/strong>:\n\n<ul>\n<li>Site name<\/li>\n<li>Username attempting to log in<\/li>\n<li>User email address<\/li>\n<li>6-digit one-time password code<\/li>\n<li>Recipient information array<\/li>\n<li>Timestamp of login attempt<\/li>\n<\/ul><\/li>\n<li><strong>Endpoint<\/strong>: User-configured webhook URL<\/li>\n<\/ul>\n\n<p><strong>Important<\/strong>: When using the webhook option, you are responsible for the security and privacy compliance of the endpoint you configure. Ensure your webhook endpoint uses HTTPS and follows proper data protection practices.<\/p>\n\n<p><strong>Standard WordPress Email (Default)<\/strong><\/p>\n\n<p>By default, this plugin uses WordPress's built-in <code>wp_mail()<\/code> function, which does not involve any external services unless your WordPress installation is configured to use a third-party SMTP service.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>basecloud-shield<\/code> folder to the <code>\/wp-content\/plugins\/<\/code> directory.<\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress.<\/li>\n<li>Go to the \"BC Shield\" menu item in your dashboard.<\/li>\n<li>Enable 2FA and choose your preferred Delivery Method.<\/li>\n<li>(Optional) Enter a \"Manager Email\" if you wish to centralize all login codes.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20work%20with%20custom%20login%20pages%3F\"><h3>Does this work with custom login pages?<\/h3><\/dt>\n<dd><p>Yes. BaseCloud Shield intercepts the authentication process at the core WordPress level, so it works with most standard login forms and custom themes.<\/p><\/dd>\n<dt id=\"what%20if%20i%20get%20locked%20out%3F\"><h3>What if I get locked out?<\/h3><\/dt>\n<dd><p>If you lose access to your email or the delivery method fails, you can disable the plugin by renaming the folder <code>basecloud-shield<\/code> to <code>basecloud-shield-disabled<\/code> via FTP\/SFTP.<\/p><\/dd>\n<dt id=\"is%20this%20compatible%20with%20woocommerce%3F\"><h3>Is this compatible with WooCommerce?<\/h3><\/dt>\n<dd><p>Yes, it protects the standard WordPress user authentication flow, which WooCommerce utilizes for customer logins.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.4.3<\/h4>\n\n<p><strong>Version bump \u2014 all version references unified to 1.4.3<\/strong><\/p>\n\n<p>\u2022 All version strings (plugin header, constant, readme, changelog, package.json) set to 1.4.3\n\u2022 No functional changes from 1.4.2<\/p>\n\n<h4>1.4.2<\/h4>\n\n<p><strong>Critical Security Hardening \u2014 Credential Stuffing &amp; OTP Abuse<\/strong><\/p>\n\n<p>This release addresses real-world credential stuffing attacks where attackers hold valid passwords for multiple accounts and use them to flood users with unsolicited OTP emails.<\/p>\n\n<p>SECURITY FIXES:\n\u2022 Credential stuffing now blocked after 2 accounts from same IP (was 3) \u2014 prevents attacker triggering OTP emails across multiple compromised accounts\n\u2022 Admin alert email sent when credential stuffing is blocked: lists attacking IP, compromised account names, and recommended actions\n\u2022 Individual compromise warning email sent to each affected user\n\u2022 Requesting IP address shown in every OTP email with password-change warning \u2014 users can instantly identify unsolicited logins\n\u2022 Account targeting alert now triggers after 2 OTP requests (was 5 + multiple IPs) \u2014 legitimate users log in once\n\u2022 Eliminated duplicate log spam: locked IPs no longer generate hundreds of redundant login_failed + auto_lockout entries per blocked attempt\n\u2022 Pre-OTP Attack Detection: tracks login attempts before OTP generation, blocks credential stuffing\n\u2022 Progressive Delay Mechanism: exponential backoff after 3 failed attempts (5s, 10s, 20s, 40s, max 2 minutes)\n\u2022 Username Enumeration Protection: masks login error messages, auto-locks IPs trying 5+ different usernames<\/p>\n\n<p>IMPORTANT: If users receive OTPs without logging in, their passwords are compromised. Force password reset immediately.<\/p>\n\n<h4>1.4.1<\/h4>\n\n<p><strong>Stable release \u2014 reverted to proven v1.4.0 base<\/strong><\/p>\n\n<p>\u2022 Reverted to the v1.4.0 codebase which has a reliable and working OTP authentication flow\n\u2022 Experimental v2.0.0 rebuild contained a critical error in the OTP success path that caused a PHP fatal on login \u2014 this release restores full stability\n\u2022 All v1.4.0 features intact: Security Webhooks, Audit Logs, IP Whitelist\/Blacklist, multi-channel OTP delivery (Email, SendGrid, Webhook, WhatsApp, SMS), split-digit OTP input, brute force protection, and rate limiting<\/p>\n\n<h4>1.4.0<\/h4>\n\n<p><strong>Major Update \u2014 Security Webhooks, Audit Logs &amp; UI Redesign<\/strong><\/p>\n\n<p>NEW FEATURES:\n\u2022 Security Event Webhook: Dedicated webhook that fires on every security event, sending IP address, user agent, event type, severity level, username, site URL and timestamp to any external endpoint (SIEM, Slack, alerting systems)\n\u2022 Security Logs Panel: Full audit log viewer inside the admin with 500-event retention, severity colour-coded badges (critical \/ high \/ medium \/ info), per-severity filtering, and one-click \"Clear Logs\" with confirmation\n\u2022 Split-digit OTP input: Verification screen now uses 6 individual digit boxes with auto-advance, backspace navigation, and paste support for a faster, more polished login experience\n\u2022 IP address and user agent now included in OTP Webhook payload<\/p>\n\n<p>BUG FIXES:\n\u2022 Fixed critical bug: ajax_unlock_ip handler was registered but never defined \u2014 Unlock IP button now works correctly\n\u2022 Fixed wildcard IP matching regex that could produce incorrect results\n\u2022 Fixed OTP remaining-validity calculation when incrementing failed attempts<\/p>\n\n<p>IMPROVEMENTS:\n\u2022 Redesigned admin UI using official BaseCloud brand logo and colour system (#52C25A green)\n\u2022 Tabbed admin interface: Configuration tab and Security Logs tab\n\u2022 Log retention increased from 100 to 500 events\n\u2022 Security event webhook fires asynchronously (non-blocking) to avoid login delays\n\u2022 OTP email template redesigned with per-digit display and BaseCloud branding\n\u2022 CIDR matching now validates mask range (0\u201332) before calculation\n\u2022 All wp_remote_post webhook calls now send JSON with Content-Type header<\/p>\n\n<h4>1.3.9<\/h4>\n\n<p><strong>Release Update<\/strong><\/p>\n\n<p>\u2022 Bug fixes and improvements\n\u2022 Updated version for deployment<\/p>\n\n<h4>1.3.8<\/h4>\n\n<p><strong>Release Update<\/strong><\/p>\n\n<p>\u2022 Bug fixes and improvements\n\u2022 Updated version for deployment<\/p>\n\n<h4>1.3.7<\/h4>\n\n<p><strong>Release Update<\/strong><\/p>\n\n<p>\u2022 Bug fixes and improvements\n\u2022 Updated version for deployment<\/p>\n\n<h4>1.3.6<\/h4>\n\n<p><strong>Release Update<\/strong><\/p>\n\n<p>\u2022 Bug fixes and improvements\n\u2022 Updated version for deployment<\/p>\n\n<h4>1.3.6<\/h4>\n\n<p><strong>Release Update<\/strong><\/p>\n\n<p>\u2022 Bug fixes and improvements\n\u2022 Updated version for deployment<\/p>\n\n<h4>1.3.5<\/h4>\n\n<p><strong>Logo &amp; Icon Fixes<\/strong><\/p>\n\n<p>\u2022 FIXED: Broken logo image in settings page header\n\u2022 FIXED: Broken menu icon - replaced with clean SVG shield icon\n\u2022 IMPROVED: Integrated official BaseCloud Shield logo from main assets\n\u2022 IMPROVED: Visual consistency across WordPress admin interface<\/p>\n\n<h4>1.3.4<\/h4>\n\n<ul>\n<li>FIXED: Logo display in admin panel<\/li>\n<li>IMPROVED: Updated logo assets to match UTM Tracker branding<\/li>\n<\/ul>\n\n<h4>1.3.3<\/h4>\n\n<ul>\n<li>NEW: Premium Glassmorphism Design with stunning glass-morphic effects<\/li>\n<li>NEW: Advanced animations (shimmer, float, glow-pulse, logo-pulse)<\/li>\n<li>IMPROVED: Enhanced logo with glowing effects and floating animation<\/li>\n<li>IMPROVED: Futuristic color scheme with deep space blues and neon green accents<\/li>\n<li>IMPROVED: Interactive elements with smooth hover effects<\/li>\n<li>IMPROVED: Matches BaseCloud UTM Tracker's premium design language<\/li>\n<\/ul>\n\n<h4>1.3.2<\/h4>\n\n<p><strong>Branding Update<\/strong><\/p>\n\n<p>\u2022 Replaced Lottie animation with official BaseCloud SVG logo\n\u2022 Removed Lottie player dependency for lighter plugin\n\u2022 Cleaner, faster admin interface<\/p>\n\n<h4>1.3.1<\/h4>\n\n<p><strong>UI\/UX Polish<\/strong><\/p>\n\n<p>\u2022 Removed placeholder text from IP Whitelist and Blacklist fields\n\u2022 Cleaner, empty textareas by default\n\u2022 Current IP info box remains for reference<\/p>\n\n<h4>1.3.0<\/h4>\n\n<p><strong>Release Update<\/strong><\/p>\n\n<p>\u2022 Bug fixes and improvements\n\u2022 Updated version for deployment<\/p>\n\n<h4>1.3.3<\/h4>\n\n<p><strong>Premium UI\/UX Overhaul - Glassmorphism Design<\/strong><\/p>\n\n<p><strong>UI\/UX REVOLUTION:<\/strong>\n\u2022 Premium Glassmorphism Design: Complete admin interface redesign with stunning glass-morphic effects and backdrop blur\n\u2022 Advanced Animations: Added shimmer, float, glow-pulse, and logo-pulse animations throughout interface\n\u2022 Enhanced Logo Display: Upgraded to animated BaseCloud logo with glowing effects and smooth floating animation\n\u2022 Futuristic Color Scheme: Deep space blues (#0a1628) with vibrant neon green accents (#4bc46a)\n\u2022 Interactive Elements: Smooth hover effects, transform animations, and enhanced visual feedback on all controls\n\u2022 Professional Polish: Refined typography, improved spacing, and enhanced visual hierarchy\n\u2022 Consistent Branding: Now matches BaseCloud UTM Tracker's premium design language\n\u2022 Modern Aesthetics: Rounded corners, gradient backgrounds, and sophisticated shadow effects\n\u2022 Enhanced Accessibility: Better contrast ratios and clearer visual states<\/p>\n\n<h4>1.3.0<\/h4>\n\n<p><strong>Advanced IP Management &amp; Security Controls<\/strong><\/p>\n\n<p><strong>NEW FEATURES:<\/strong>\n\u2022 IP Whitelist: Add trusted IPs that bypass lockout and rate limiting\n  - Support for exact IPs (169.0.79.28)\n  - Support for wildcards (192.168.<em>.<\/em>)\n  - Support for CIDR notation (10.0.0.0\/24)\n  - Current IP displayed for easy whitelisting\n\u2022 IP Blacklist: Permanently block malicious IPs from accessing site\n\u2022 Manual IP Unlock: Real-time lockout management\n  - View all currently locked IPs in admin panel\n  - See countdown timers for auto-unlock\n  - One-click manual unlock button\n  - Audit trail for all unlock actions<\/p>\n\n<p><strong>SECURITY IMPROVEMENTS:<\/strong>\n\u2022 Whitelisted IPs bypass all lockout checks and rate limiting\n\u2022 Blacklist check occurs before authentication processing\n\u2022 Enhanced logging for whitelist\/blacklist activities\n\u2022 Secure AJAX endpoint for IP unlock with nonce verification<\/p>\n\n<p><strong>UI\/UX ENHANCEMENTS:<\/strong>\n\u2022 New \"Security Controls\" section in admin settings\n\u2022 Real-time locked IP display with status indicators\n\u2022 Color-coded security interface\n\u2022 Improved admin panel organization<\/p>\n\n<h4>1.2.8<\/h4>\n\n<p><strong>Critical Hotfix - Login Issue Resolved<\/strong><\/p>\n\n<p><strong>CRITICAL FIX:<\/strong>\n\u2022 Fixed \"Suspicious session detected\" blocking legitimate logins\n\u2022 Session token now uses consistent secret (not time-based)\n\u2022 Users can now successfully complete login with OTP<\/p>\n\n<p><strong>Improvements:<\/strong>\n\u2022 Enhanced OTP lock mechanism to prevent duplicate generation\n\u2022 Existing valid OTP reused if login attempted multiple times\n\u2022 Better handling of page refreshes during OTP verification\n\u2022 Reduced false positive security alerts<\/p>\n\n<h4>1.2.7<\/h4>\n\n<p><strong>Critical Security &amp; Bug Fix Release<\/strong><\/p>\n\n<p><strong>CRITICAL FIX - Duplicate OTP Prevention:<\/strong>\n\u2022 Fixed issue causing multiple duplicate OTP emails to be sent\n\u2022 Implemented email deduplication across all delivery methods\n\u2022 Added phone number deduplication for WhatsApp\/SMS\n\u2022 Enhanced recipient list processing to prevent duplicate entries\n\u2022 Added 60-second OTP generation lock to prevent rapid duplicates<\/p>\n\n<p><strong>Enterprise-Grade Security Enhancements:<\/strong>\n\u2022 Brute Force Protection: Maximum 5 OTP attempts before 15-minute IP lockout\n\u2022 Rate Limiting: 3 OTP requests per 10-minute window per user\/IP\n\u2022 Cryptographically Secure OTP: Replaced rand() with random_bytes()\n\u2022 Session Binding: IP address validation, User-Agent fingerprinting\n\u2022 HMAC-SHA256 session tokens to prevent session fixation attacks\n\u2022 CSRF Protection: WordPress nonce validation on all OTP submissions\n\u2022 Enhanced Cookie Security: httponly and secure flags on all cookies\n\u2022 Security Event Logging: Comprehensive audit trail (last 100 events)\n\u2022 Real-Time Security Alerts: Email\/webhook alerts for suspicious activity\n\u2022 Timing Attack Protection: Constant-time comparisons using hash_equals()<\/p>\n\n<p><strong>Attack Prevention:<\/strong>\n\u2022 OTP Interception Prevention (IP binding)\n\u2022 Session Hijacking Detection (multi-factor validation)\n\u2022 CSRF Attack Protection (nonce tokens)\n\u2022 Replay Attack Prevention (one-time codes with metadata)\n\u2022 Rate Limit Abuse Prevention (throttling)\n\u2022 Brute Force Attack Blocking (auto-lockout)<\/p>\n\n<p><strong>Security Monitoring:<\/strong>\n\u2022 12 new security event types tracked and logged\n\u2022 IP mismatch detection and alerting\n\u2022 Session token mismatch detection\n\u2022 Failed attempt tracking with remaining attempt counter\n\u2022 Expired OTP usage attempt logging\n\u2022 Invalid trust cookie detection<\/p>\n\n<p><strong>Technical Improvements:<\/strong>\n\u2022 Enhanced IP detection (proxy, CloudFlare, load balancer support)\n\u2022 OTP metadata tracking (IP, User-Agent, timestamp, attempts)\n\u2022 Improved error messages with security context\n\u2022 Pattern validation for numeric OTP input\n\u2022 Better cookie management with expiration handling<\/p>\n\n<h4>1.2.6<\/h4>\n\n<p><strong>Release Update<\/strong><\/p>\n\n<p>\u2022 Bug fixes and improvements\n\u2022 Updated version for deployment<\/p>\n\n<h4>1.2.5<\/h4>\n\n<p><strong>SendGrid From Email Enhancement<\/strong><\/p>\n\n<p>\u2022 Added dedicated \"From Email Address\" field for SendGrid configuration\n\u2022 Allows customization of sender email specifically for SendGrid API\n\u2022 Improved email deliverability and branding control for SendGrid users\n\u2022 Defaults to site admin email if not configured<\/p>\n\n<h4>1.2.4<\/h4>\n\n<p><strong>Lottie Logo Fix<\/strong><\/p>\n\n<p>\u2022 Fixed Lottie player script loading order to display logo properly\n\u2022 Changed script loading from footer to header for immediate availability\n\u2022 Resolved warning icon display issue on page load<\/p>\n\n<h4>1.2.3<\/h4>\n\n<p><strong>Visual Enhancement<\/strong><\/p>\n\n<p>\u2022 Added animated BaseCloud logo (Lottie) to settings page header\n\u2022 Logo animation loops continuously for enhanced brand presence\n\u2022 Improved visual appeal and professional appearance<\/p>\n\n<h4>1.2.2<\/h4>\n\n<p><strong>WordPress.org Compliance<\/strong><\/p>\n\n<p>\u2022 Fixed tag limit compliance (reduced to 5 tags as per WordPress.org requirements)\n\u2022 Optimized tags for better plugin discoverability<\/p>\n\n<h4>1.2.1<\/h4>\n\n<p><strong>UI\/UX Improvements<\/strong><\/p>\n\n<p>\u2022 Enhanced select dropdown readability with bright green highlight for selected options\n\u2022 Improved multi-select list with visible selection states\n\u2022 Added hover effects and visual feedback for better user experience\n\u2022 Enhanced checkbox styling with BaseCloud green accent colors\n\u2022 Improved input field focus states with green border highlights\n\u2022 Added text selection styling with brand colors\n\u2022 Enhanced save button with glow effect and hover animation\n\u2022 Better contrast and readability across all form elements\n\u2022 More polished \"BaseCloud\" branded interface<\/p>\n\n<h4>1.2.0<\/h4>\n\n<p><strong>Major Feature Release - Multi-Recipient &amp; Multi-Channel Delivery<\/strong><\/p>\n\n<p>\u2022 Added Multi-Recipient System with 3 modes:\n  - Send to Logging-in User (default)\n  - Send to Manager Email (centralized notifications)\n  - Send to Selected Users (choose specific users from your site)\n\u2022 Added Multi-Channel Delivery - select multiple delivery methods simultaneously\n\u2022 Added WhatsApp integration via Twilio API\n\u2022 Added SMS integration via Twilio API\n\u2022 Enhanced UI with organized sections and dynamic form fields\n\u2022 User selection interface with multi-select dropdown\n\u2022 Auto-detection of all WordPress users on the site\n\u2022 Smart routing system sends OTP to all selected recipients via all selected methods\n\u2022 Phone number retrieval from user meta (billing_phone field)\n\u2022 Improved settings panel layout with collapsible configuration sections\n\u2022 Each delivery method now has dedicated configuration area\n\u2022 Backward compatible with existing configurations<\/p>\n\n<h4>1.1.0<\/h4>\n\n<p><strong>Internal Development Version<\/strong><\/p>\n\n<p>\u2022 Pre-release testing version<\/p>\n\n<h4>1.0.1<\/h4>\n\n<p><strong>UI Improvements<\/strong><\/p>\n\n<p>\u2022 Updated labels and placeholders to be more generic for broader use\n\u2022 Changed \"BaseCloud CRM Webhook\" to \"Webhook\" in delivery method options\n\u2022 Removed BaseCloud-specific email placeholders for wider audience compatibility\n\u2022 Updated version for deployment<\/p>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial Release.<\/li>\n<li>Added Central Manager Email routing.<\/li>\n<li>Added SendGrid API V3 integration.<\/li>\n<li>Added BaseCloud CRM Webhook integration.<\/li>\n<\/ul>","raw_excerpt":"Enterprise-grade Two-Factor Authentication (2FA) with support for Email, SendGrid API, Webhooks, WhatsApp, and SMS delivery.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/275627","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=275627"}],"author":[{"embeddable":true,"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/basecloud"}],"wp:attachment":[{"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=275627"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=275627"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=275627"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=275627"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=275627"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/it.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=275627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}