Improvements to the user capability handling, as well as compatibility improvements related to WordPress 6.7, have been released for Password Reset Enforcement, Password Policy & Complexity Requirements, and Password Policy & Complexity Requirements PRO plugins and are available for download.
WordPress 6.7 compatibility
In preparation for the WordPress 6.7 release (scheduled for November 12), we implemented minor adjustments to ensure our plugins remain fully compatible with the most recent version of the WordPress core.
These adjustments were related to the change in how margins are handled in the core components since version 6.7. If you’re interested in the engineering context, see this Gutenberg issue on GitHub.
User capability (permission) improvements
Before accessing the plugin’s settings page and updating the settings itself, user logged in to the WordPress website must have a specific capability assigned to their role or profile. Originally, we used the core’s manage_options
for single-site installations and update_network_options
for network installations; it’s a common choice that ensures that only users with administrator
roles can manage the plugin’s settings, and serves well for a majority of the sites.
However, for sites with a larger number of administrator users or with custom roles like Site Manager, etc., this might not be sufficient, as you might want to allow the plugin settings management only to a very specific set of users, not for all admins.
To satisfy this use case, our plugins now require a custom, plugin-specific capability instead of generic, core ones. These capabilities are automatically assigned to users with the administrator
role and all Super Admins, so you don’t need to change anything if your site has no special requirements in terms of the user roles and capabilities.
If it does, however, you can now customize the following capability assignments to achieve more granular control over who can access and modify the plugin’s settings:
- For Password Policy & Complexity Requirements (both free & PRO) plugin:
password_requirements__manage_options
for single site installations, andpassword_requirements__manage_network_options
for network installations, - For Password Reset Enforcement plugin:
password_reset_enforcement__manage_options
for single site installations, andpassword_reset_enforcement__manage_network_options
for network installations.
Read more about the Roles and Capabilities in WordPress if you need more context about this change. As mentioned, this will not affect regular installations but brings more possibilities for advanced users.
For questions and help about these releases, please get in touch with our support team.