Staging release – 2023/06/27
19:11:49 GMT+0000
Added high level method to enable VIP Integration Plugins
Added support to enable VIP Integration Plugins, starting with the VIP Block Data API plugin via the load_integration method.
https://github.com/Automattic/vip-go-mu-plugins/pull/4458
VaultPress Deprecation Preparations
Adds a mechanism to prevent loading VaultPress
https://github.com/Automattic/vip-go-mu-plugins/pull/4610
Plugin Updated: Security
We have a plugin that temporarily locks an account upon a certain number of failed login attempts as well as password recovery attempts.
This change changes defaults for the most common scenario of attempts from the same IP address from 5 failed attempts within 5 minutes to 3 failed attempts within 15 minutes. We also made the lock time 30 minutes.
We also made this plugin more configurable via filters. For example following configuration will change the behaviour to lock an account after 5 attempts within 2 minutes. The account then stays locked for 10 minutes.
add_filter( 'wpcom_vip_ip_username_login_threshold', fn() => 5 );
add_filter( 'wpcom_vip_invalid_login_window', fn() => MINUTE_IN_SECONDS * 2 );
add_filter( 'wpcom_vip_invalid_login_lock_period', fn() => MINUTE_IN_SECONDS * 10 );