This version includes significant changes to how passwords are handled so please review these release notes before updating:
Implemented the use of the standard WordPress password reset emails throughout rather than sending emails containing plain text passwords.
Due to an ongoing focus on best practices regarding data privacy and security ActiveMember360 has been modified to use the default WordPress reset password emails.
ActiveMember360 will still check to determine if it is appropriate to send a reset password email to a user. A reset password email will only be sent if the email submitted relates to an ActiveCampaign contact or WordPress user that satisfies the requirements to access the site as detailed within WordPress Login. ActiveMember360 will automatically create a WordPress user where required to enable sending to the reset password email.
To support these changes to password handling:
If ActiveMember360 triggers the generation of a password by whatever means it complies with the default WordPress password settings of:
- Password length of 24 characters
- Allowable password strength of Strong
- Allowable characters for use within the password
The Minimum password characters, Maximum password characters, Allowed character set have been removed from ActiveMember360, Settings, Passwords as these are no longer required.
The Password Reminder Email and New User Email have been removed from [ActiveMember360, Settings, Templates] as these are no longer required.
Standard WordPress emails will be sent where those were previously used.
Changes to the shortcode [mbr_password_send].
By default this is now used to send the default WordPress reset password email rather than an email containing the password stored within ActiveCampaign. However if the
automation_idparameter is used with this shortcode a choice of emails can be sent from the ActiveCampaign automation to the contact.
Please review the updated documentation at Shortcodes, Action Shortcodes,[mbr_password_send].
Changes to the shortcode [mbr_password_change].
New passwords must now meet the criteria of the WordPress strength meter before the change is applied.
Please review the updated documentation at Shortcodes, Action Shortcodes, [mbr_password_change].
Added a new webhook Contact Password Reset.
This provides a method to send a standard WordPress reset password email to any contact who satisfies the requirements to access the site as detailed within WordPress Login by using this webhook within an ActiveCampaign automation.
Please review the documentation at Contact Password Reset.
Added a new webhook User Create.
This provides a method to create a WordPress user for any contact who satisfies the requirements to access the site as detailed within WordPress Login by using this webhook within an ActiveCampaign automation.
Please review the documentation at User Create.
Updated documentation to reflect the changes to password handling. The articles updated include:
- Getting Started, First Steps
- Fundamentals, WordPress Users & ActiveCampaign Contacts, Passwords
- Fundamentals, WordPress Users & ActiveCampaign Contacts, Creating WordPress Users
- Fundamentals, WordPress Users & ActiveCampaign Contacts, Changing WordPress User & ActiveCampaign Contact Passwords
- Settings, Passwords
- Settings, Templates
- Modules, Payment, Use Cases, Purchasing Products & Subscriptions
Fix to the ActiveMember360 Payments module so if a purchaser only exists as a WordPress user, is not an ActiveCampaign contact and is not logged in when making the purchase they are not logged in after a successful purchase for security reasons.
button_styleparameter when used with the shortcode [mbr_tag].
Fix to creating BuddyPress/BuddyBoss Groups when using PHP 8.X