From 7714eba30822e2fcdb75085af624b84fcb822bbd Mon Sep 17 00:00:00 2001 From: Nol de Roos <108540791+nolderoos@users.noreply.github.com> Date: Thu, 21 May 2026 23:46:02 +0200 Subject: [PATCH] chore: reset to 1.0.0 for the initial release MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Nothing has ever been tagged or released, so the prior 1.0.0/1.1.0 history is a phantom. Collapse everything currently in main into a single 1.0.0 initial release: - Version set to 1.0.0 in the plugin header, MAGICAUTH_VERSION, and the readme stable tag. - Remove the readme Changelog section — there is no shipped history to document on a debut release; a changelog returns when 1.1.0 is cut. --- magicauth.php | 4 ++-- readme.txt | 12 +----------- 2 files changed, 3 insertions(+), 13 deletions(-) diff --git a/magicauth.php b/magicauth.php index d404ee2..21db5cb 100644 --- a/magicauth.php +++ b/magicauth.php @@ -3,7 +3,7 @@ * Plugin Name: MagicAuth * Plugin URI: https://github.com/EtticDevelopment/magicauth * Description: Passwordless WordPress sign-in via email magic link or 6-character code. - * Version: 1.1.0 + * Version: 1.0.0 * Requires at least: 6.4 * Requires PHP: 8.0 * Author: Ettic @@ -26,7 +26,7 @@ return; } -define( 'MAGICAUTH_VERSION', '1.1.0' ); +define( 'MAGICAUTH_VERSION', '1.0.0' ); define( 'MAGICAUTH_DB_VERSION', 1 ); define( 'MAGICAUTH_FILE', __FILE__ ); define( 'MAGICAUTH_DIR', plugin_dir_path( __FILE__ ) ); diff --git a/readme.txt b/readme.txt index 93a429f..905f51e 100644 --- a/readme.txt +++ b/readme.txt @@ -4,7 +4,7 @@ Tags: login, passwordless, magic link, authentication, security Requires at least: 6.4 Tested up to: 7.0 Requires PHP: 8.0 -Stable tag: 1.1.0 +Stable tag: 1.0.0 License: GPL-2.0-or-later License URI: https://www.gnu.org/licenses/gpl-2.0.html @@ -71,13 +71,3 @@ Yes. Templates can be overridden by copying them into `your-theme/magicauth/`. F == Privacy == MagicAuth registers a WordPress privacy exporter and eraser. Personal data stored is limited to: `user_id`, an HMAC of the user's email and IP, and timestamps for each sign-in attempt. Verifiers are not exportable; only metadata about issued/consumed tokens. - -== Changelog == - -= 1.1.0 = -* Security: new "Fix WordPress salts" wizard under Settings > MagicAuth > Diagnostics & recovery. Fetches fresh keys from the official api.wordpress.org generator (with a local `random_bytes` fallback for offline sites) and writes them to `wp-config.php` automatically (atomic temp-file swap, no readable backup left in the web root). Falls back to a copy-and-paste block when `wp-config.php` is not writable. -* Security: the weak-salt admin notice now offers a one-click "Fix it for me" button and explains the impact before any change. The wizard never enables the branded login replacement — it only clears the block. -* Security: weak-salt detection now covers all eight key/salt constants (previously the four `*_KEY` constants only). - -= 1.0.0 = -* Initial public release.