Stay up to Date with Our News and Releases

Today I released version 3.2.7 of WP OAuth Server. This updated contains some mostly enhancments and 1 security patch: Added wo_authorization_code_authorize action. Passed user_id as a single parameter. Added wo_restrict_single_access_token filter. Returns true or false / Defaults to false. Added wo_auth_code_lifetime filter. Defaults to 30. Fixed possible XSS issue with client description. It is recommended […]

Today I released version 3.2.6 of WP OAuth Server. This updated contains some mostly enhancments including: Localization. WP OAuth Server now has the ability  to support multiple languages. If you are up to the task, I will give a free 1 year license to WP OAuth Server for each language you translate the plugin to. Ability […]

WP OAuth Server 3.2.4 has been released. This update is available to all valid license holders. Simply update WP OAuth Server in the plugin area as normal. Security Issues Patched wo_create_client It is possible that a hacker could hijack the action wo_create_client and run malicious code. This was because the action was ran before the capabilities checks […]

We have released version 3.2.0 of WP OAuth Server. There is some HUGE changes with the plugin this time around. As of this morning, we have updated how our license works and how the plugin is delivered. Version 3.2.0 and greater will now be hosted on our servers. Our servers will deliver updates directly instead of […]

Today we released WP OAuth Server 3.1.93. This version of WP OAuth Server is mainly a minor release. The OAuth2 Library used was updated and then ported into the WP OAuth2 project. This release utilizes better handling of id_tokens as well as allows for non-expiring refresh tokens. Next scheduled release is version 3.2.0. If there is any […]

Today we released WP OAuth Server 3.1.92. This update is super exciting because it introduces new actions so that extensions can be built easier than ever before. Along with the version 3.1.92 release, we have released the very first extension “Brute Protect“. Check out Brute Protect’s download page for more information. In the 3.1.92 release, we have decided […]

Last night we wrapped up our tests and push 3.1.8 out the door. WP OAuth Server is now available in the WordPress repo. You can update manually or by using the update feature in WordPress. New features and bug fixes: Bug – fixed refresh token not being issued with refresh token Feature Push – Access tokens and […]

Recently we was approached by a public sector team that provided detail of a vulnerability in version prior to 3.1.5. The vulnerability was a label as major but in reality it was a tad smaller. The issue was that 2 functions that generated auth codes and access token was not secure, other wise meaning that in […]

It has been brought to our attention that access_tokens have been registering for 10+ years and not being set to the correct value. Although this is not a major security issue we are pushing a new update to the repo. Please update to the latest version (3.1.2) as soon as possible. What is the issue? Access […]

Hallo! Earlier this week, WordPress OAuth Server 3.0.3 was released in the WordPress Plugin Repository. The changes/enhancements that have been made are as follows: Added Simple API Firewall capabilities to help secure the API New method and layout for Adding and modifying clients in the backend There is no known compatibility issues with upgrading from […]