chore: multi-gitter-scripts/two-factor-install

[rivanuff]

• Clean Laravel-specific composer scripts if present.
• Require two-factor and generate-security-txt plugins, removes wordfence if present.
• Set PHP version and platform in composer.json. Defaults to 7.4, ups 8.1 to 8.2.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[github-actions]

🔌 WordPress Plugin Changelogs

cookie-law-info

View changelog

3.4.0

[Add] – Trial model experimentation
[Tweak] – Color customization is now a paid feature. Existing custom colors will continue to work.

3.3.9.1

[Fix] – BF & CM banner not removed after deadline.

3.3.9

[Fix] – Updated scanner API in legacy plugin.
[Add] – Redirect to plugin dashboard on Activate.
[Add] – Handled auth token expiry case in Web App connection.
[Enhancement] – Extra pageviews reporting in Pageviews graph.
[Tweak] – IAB TCF v2.3 related updates in UI.

3.3.8

[Compatibility] – Tested OK with WordPress version 6.9

3.3.7

[Enhancement] – Try Pro for free option in Upgrade nudges.
[Fix] – Minor fixes.
[Tweak] – Updated review banner behaviour.

3.3.6

[Fix] – Revisit icon text’s french translation.
[Enhancement] – GCM – Update consent based on cookie’s value.
[Enhancement] – Banner dark theme accessibility.
[Fix] – Admin screen translation not working.

3.3.5

[Fix] – Fixed minor security vulnerabilities.
[Enhancement] – UI/UX improvements.
[Fix] – Mismatch in consent chart data.

Earlier versions

For the changelog of earlier versions, please refer to the changelog.txt.

View full changelog on WordPress.org

generate-security-txt

View changelog

1.0.12

Capability filter added
Nonce checks added
Pubkey store changed to .well-known directory
Archive.org request only for public websites

1.0.11

New 1 month reminder email feature
Bugfix with for wrong canonical and security check when installation base url is not domain root
Updated dependencies

1.0.10

Updated dependencies

1.0.9

Updated dependencies

1.0.8

Updated internet.nl conform
New log feature
New file has verification feature

1.0.6

Normalize end of line characters

1.0

• Initial release version

View full changelog on WordPress.org

relay

View changelog

1.5.1: Sep 18, 2025

• Change: remove WP-CLI command to activate (can use wp plugin activate instead)
• Fix: WP-cli take multisite options into account
• Fix: return warning if the api key is not present

1.5.0: Sep 18, 2025

• Add: WP-cli command to get the current api key

1.4.0: Sep 18, 2025

• Add: apply 1 hour caching to directory sizes call
• Add: a WP-CLI command to activate the plugin and generate an api key
• Change: use the default WP transient for getting updates status
• Change: remove debug info attribute from directory sizes call

1.3.1: Jun 10, 2025

• Fix: use the correct option key on multisite installations

1.3.0: Jun 10, 2025

• Add: a settings page for inserting or generating an api key
• Change: rely on the custom api key instead of WordPress capabilities for api access
• Change: only allow plugin to be activated on the network of a multisite installation

1.2.0: Jun 5, 2025

• Add: info about directory sizes to the api
• Change: code improvements

1.1.0: May 11, 2025

• Add: support for multisite and subsite information

1.0.0: May 9, 2025

• Initial release

View full changelog on WordPress.org

stream

View changelog

4.1.2 – February 19, 2026

See: https://github.com/xwp/stream/blob/develop/changelog.md#412—february-19-2026

4.1.1 – February 3, 2025

See: https://github.com/xwp/stream/blob/develop/changelog.md##410—february-3-2025

4.1.0 – January 20, 2025

See: https://github.com/xwp/stream/blob/develop/changelog.md##410—january-15-2025

4.0.2 – August 22, 2024

See: https://github.com/xwp/stream/blob/develop/changelog.md#402—august-22-2024

4.0.1 – July 30, 2024

See: https://github.com/xwp/stream/blob/develop/changelog.md#401—july-30-2024

4.0.0 – January 9, 2024

See: https://github.com/xwp/stream/blob/develop/changelog.md#400—january-9-2024

3.10.0 – October 9, 2023

See: https://github.com/xwp/stream/blob/develop/changelog.md#3100—october-9-2023

3.9.3 – April 25, 2023

See: https://github.com/xwp/stream/blob/develop/changelog.md#393—april-25-2023

3.9.2 – January 10, 2023

See: https://github.com/xwp/stream/blob/develop/changelog.md#392—january-10-2023

3.9.1 – August 23, 2022

See: https://github.com/xwp/stream/blob/develop/changelog.md#391—august-23-2022

3.9.0 – March 8, 2022

See: https://github.com/xwp/stream/blob/develop/changelog.md#390—march-8-2022

See the full changelog here.

View full changelog on WordPress.org

two-factor

View changelog

0.16.0 – 2026-03-27

• Breaking Changes: Remove legacy FIDO U2F provider support by #439.
• New Features: Add a dedicated settings page for plugin configuration in wp-admin by #764.
• New Features: Add a support links filter so consumers can customize contextual recovery/help links by #615.
• New Features: Refresh backup codes UI styling and behavior by #804.
• Bug Fixes: Delete stored TOTP secrets when the TOTP provider is disabled by #802.
• Bug Fixes: Harden provider handling so login/settings checks do not fail open when expected providers disappear by #586.
• Bug Fixes: Ensure only configured providers are saved and enabled in user settings by #798.
• Bug Fixes: Improve settings-page accessibility and fix profile settings link behavior by #828 and #830.
• Bug Fixes: Resolve PHPCS violations in provider files by #851.
• Development Updates: Move login styles and provider scripts from inline output to enqueued/external assets by #807 and #814.
• Development Updates: Improve inline docs and static-analysis compatibility (WPCS/phpstan) by #810, #815, and #817.
• Development Updates: Improve unit test reliability and integrate CI code coverage reporting by #825, #841, and #842.
• Development Updates: Update readme docs and modernize CI workflow infrastructure by #835, #837, #843, and #849.
• Dependency Updates: Bump qs from 6.14.1 to 6.14.2 by #794.
• Dependency Updates: Bump basic-ftp from 5.0.5 to 5.2.0 by #816.
• Dependency Updates: Apply automatic lint/format updates and associated Composer package refreshes by View full changelog on WordPress.org

wp-seopress

View changelog

9.7.4

• INFO Add expand/collapse all buttons for Titles and metas settings
• FIX AI: logs, Mistral, Gemini, UX
• FIX Delete audit scans button
• FIX Instant indexing / Google Search Console
• FIX Add safeguard to getSocialKnowledgeUserId

9.7.3

• FIX Manual custom schema save
• FIX Video sitemap performance
• FIX GA4 auth button
• FIX Mistral multimodal detection and update model list
• FIX PHP templates warnings
• FIX CPTs list
• FIX Instant indexing generate key button

9.7.2

• FIX Toggle on PRO settings

9.7.1

• FIX Fatal error with White Label feature

9.7 Read the blog post update

• NEW Brand new React-based settings UI for a faster and more modern administration experience (first iteration) 🎉
• NEW Add Seznam.cz site verification support
• NEW Add Person knowledge graph user ID field for more granular author attribution
• NEW Detect transliterated keywords in permalink slugs for better multilingual support
• NEW [PRO] Add WP-CLI license commands: activate, deactivate, status, update, reset
• NEW [PRO] Rewrite PageSpeed tab to match pagespeed.web.dev with improved UI and print support
• NEW [PRO] Add custom site URL field for Google Search Console
• NEW [PRO] Add real-time validation for redirection URLs with loop detection
• NEW [PRO] Add REST API endpoints for automatic schemas
• NEW [PRO] Add REST API endpoint for SEO alerts
• NEW [PRO] Add Bingbot crawl-delay quick-insert button in robots.txt editor
• NEW [PRO] Add custom capabilities for Broken Links list
• NEW [PRO] Add ‘Add to category’ bulk action for redirections
• NEW [PRO] Add delete button for AI provider API keys
• NEW [PRO] Auto-detect CSV separator for redirections import with confirmation modal
• NEW [PRO] Include all public post types in llms.txt with {{latest_posts:X,(post_types)}} syntax
• NEW [PRO] Enrich Author schema with social profiles and E-E-A-T linking
• NEW [PRO] Exclude URLs from 404 log
• INFO Prevent license modal reminder from showing unexpectedly
• INFO Improved feature toggles reliability
• INFO Improved freeze post date feature with real-time warning
• INFO [PRO] Add deprecated label to FAQ, HowTo and Course schemas
• INFO [PRO] Remove Elementor FAQ schema integration (deprecated by Google)
• INFO [PRO] Remove retired GPT models
• INFO [PRO] Optimize bulk deletion for redirections (50+ entries)
• INFO [PRO] Refactor breadcrumb check
• INFO [PRO] Update WP-CLI update logic
• INFO [PRO] Improved CSV redirections import with row validation and post-import feedback
• INFO [PRO] Invalidate EDD updater cache on license change
• FIX Undo action with FAQ v2 block
• FIX Use slugs instead of names in product_cat rewrite rules
• FIX Fatal error if WC $product isn’t set
• FIX SEO score column showing stale data from previous analysis
• FIX Facebook ID field not saving correctly
• FIX Missing HTTP headers
• FIX REST settings endpoints returning null on fresh installs
• FIX Metabox preview failing with non-Latin slugs
• FIX Duplicate archive links in XML sitemap with Polylang multi-domain
• FIX Unsafe call_user_func_array with user-controlled input
• FIX PHP 8.5 compatibility
• FIX Custom schema detection in site audit
• FIX getPostTypes() and getTaxonomies() operator from ‘or’ to ‘and’ for publicly_queryable filtering
• FIX tagify.js.map missing from plugin package causing browser console 404 error
• FIX Undefined variable $seopress_r

  [...truncated]

  View full changelog on WordPress.org

[github-actions]

Composer package changes

Prod Packages	Operation	Base	Target	Link	License
wpackagist-plugin/generate-security-txt	New	-	1.0.12
wpackagist-plugin/two-factor	New	-	0.16.0