- 2.3.2-rc.1;

includes/admin/core/class-admin-notices.php

@@ -48,6 +48,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
 			$this->need_upgrade();
 			$this->check_wrong_licenses();
 
+			$this->lock_registration();
+
 			// removed for now to avoid the bad reviews
 			//$this->reviews_notice();
 
@@ -214,6 +216,30 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
 		}
 
 
+		/**
+		 * Checking if the "Membership - Anyone can register" WordPress general setting is active
+		 */
+		public function lock_registration() {
+			$users_can_register = get_option( 'users_can_register' );
+			if ( ! $users_can_register ) {
+				return;
+			}
+
+			$allowed_html = array(
+				'a'      => array(
+					'href' => array(),
+				),
+				'strong' => array(),
+			);
+
+			$this->add_notice( 'lock_registration', array(
+				'class'       => 'info',
+				'message'     => '<p>' . wp_kses( sprintf( __( 'The <strong>"Membership - Anyone can register"</strong> option on the general settings <a href="%s">page</a> is enabled. This means users can register via the standard WordPress wp-login.php page. If you do not want users to be able to register via this page and only register via the Ultimate Member registration form, you should deactivate this option. You can dismiss this notice if you wish to keep the wp-login.php registration page open.', 'ultimate-member' ), admin_url( 'options-general.php' ) . '#users_can_register' ), $allowed_html ) . '</p>',
+				'dismissible' => true,
+			), 10 );
+		}
+
+
 		/**
 		 * To store plugin languages
 		 */

includes/admin/core/class-admin-settings.php

@@ -3183,9 +3183,6 @@ Enable the Reset Password Limit:			<?php echo $this->info_value( UM()->options()
 Reset Password Limit: <?php echo UM()->options()->get('reset_password_limit_number') ?>
 Disable Reset Password Limit for Admins: <?php echo $this->info_value( UM()->options()->get('disable_admin_reset_password_limit'), 'yesno', true ) ?>
 <?php } ?>
-<?php $wpadmin_allow_ips = UM()->options()->get( 'wpadmin_allow_ips' ); if( ! empty( $wpadmin_allow_ips ) ) { ?>
-Whitelisted Backend IPs: 					<?php echo count( explode("\n",trim(UM()->options()->get('wpadmin_allow_ips') ) ) )."\n"; ?>
-<?php } ?>
 <?php $blocked_ips = UM()->options()->get('blocked_ips'); if( ! empty( $blocked_ips ) ){ ?>
 Blocked IP Addresses: 					<?php echo  count( explode("\n",UM()->options()->get('blocked_ips') ) )."\n"; ?>
 <?php } ?>

includes/core/um-filters-login.php

@@ -3,32 +3,6 @@
 }
 
 
-/**
- * Filter to allow whitelisted IP to access the wp-admin login
- *
- * @param $allowed
- *
- * @return int
- */
-function um_whitelisted_wpadmin_access( $allowed ) {
-	$ips = UM()->options()->get( 'wpadmin_allow_ips' );
-
-	if ( ! $ips ) {
-		return $allowed;
-	}
-
-	$ips     = array_map( 'rtrim', explode( "\n", $ips ) );
-	$user_ip = um_user_ip();
-
-	if ( in_array( $user_ip, $ips, true ) ) {
-		$allowed = 1;
-	}
-
-	return $allowed;
-}
-add_filter( 'um_whitelisted_wpadmin_access', 'um_whitelisted_wpadmin_access' );
-
-
 /**
  * Filter to customize errors
  *

readme.txt

@@ -7,7 +7,7 @@ Tags: community, member, membership, user-profile, user-registration
 Requires PHP: 5.6
 Requires at least: 5.0
 Tested up to: 5.9
-Stable tag: 2.3.0
+Stable tag: 2.3.1
 License: GNU Version 2 or Any Later Version
 License URI: http://www.gnu.org/licenses/gpl-3.0.txt
 
@@ -133,6 +133,14 @@ Yes. Ultimate Member will work with any properly coded theme. However, some them
 
 The plugin works with popular caching plugins by automatically excluding Ultimate Member pages from being cached. This ensures other visitors to a page will not see the private information of another user. However, if you add features of Ultimate Member to other pages you have to exclude those pages from being cached through your cache plugin settings panel. 
 
+= Does Ultimate Member restrict access to wp-login.php when the plugin is active? =
+
+The plugin does not restrict access to the wp-login.php page when active, so that our plugin does not interfere with the existing functionality of a website or other plugins that may utilise the default login page. If you wish to restrict access to the wp-login.php page you can use a plugin such as [WPS Hide Login](https://wordpress.org/plugins/wps-hide-login/) or another plugin that removes the ability to login via wp-login.php.
+
+= Are Ultimate Member Login/Registration pages required? =
+
+No, you do not need to use our plugin’s login or registration pages and can use another plugin or the default WordPress methods for user registration and login.
+
 == Screenshots ==
 
 1. Screenshot 1
@@ -155,6 +163,26 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
 * To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0)
 * UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin
 
+= 2.3.2: April xx, 2022 =
+
+* Enhancements:
+
+  - Added: wp-admin notice with reminder about locking WordPress native registration for guests
+  - Added: Users dropdown field for Ultimate Member settings fields in wp-admin. It supports AJAX lazy loading
+  - Added: JS confirm when redirection from User Profile links to the 3rd-party URL
+
+* Bugfixes:
+
+  - Fixed: PHP warning when there aren't proper user while login
+  - Fixed: Removing UM custom capabilities from global $wp_roles when uninstall
+  - Fixed: Removing UM custom roles from user roles after uninstall
+  - Fixed: Issue with echo XSS on User Profile
+  - Fixed: Sanitizing for the checkbox, radio, multiselect fields for PHP8 installations
+
+* Deprecated:
+
+  - `um_whitelisted_wpadmin_access` hook and `wpadmin_allow_ips` option. They were unused and redundant since the 2.x version
+
 = 2.3.1: February 9, 2022 =
 
 * Enhancements:

ultimate-member.php

@@ -3,7 +3,7 @@
 Plugin Name: Ultimate Member
 Plugin URI: http://ultimatemember.com/
 Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
-Version: 2.3.2-alpha
+Version: 2.3.2-rc.1
 Author: Ultimate Member
 Author URI: http://ultimatemember.com/
 Text Domain: ultimate-member