Release notes / BuddyPress Lock - Private Community
BuddyPress Add-on Plugin

BuddyPress Lock - Private Community

A public BuddyPress site exposes member profiles, groups, and activity to search engines and anonymous visitors who should not have access. BuddyPress Lock lets admins restrict any combination of BuddyPress components and WordPress pages to logged-in members only, with a custom restriction message for visitors who hit a locked page. No separate membership plugin required.

24 releases
v2.3.0 latest
July 6, 2026 shipped

v2.3.0 Latest

July 6, 2026
New 1 Improve 3 Fix 3 Security 1 Dev 1

New

  • Joined the shared WB Plugins hub dashboard so all Wbcom plugins share one clean entry point.

Improve

  • Rebuilt the admin settings screen with the modern Wbcom card-panel interface (sidebar navigation, cards, accessible toggles).
  • Replaced native browser confirm() dialogs with an accessible in-page confirmation modal and toast notifications.
  • Added theme-aware dark-mode styling so the members-only card and login/register form stay readable in dark themes.

Fix

  • Fixed protected pages rendering unstyled by falling back to the committed source assets when the minified build is absent.
  • Corrected the Font Awesome font path that returned a 404 on the login and register forms.
  • Corrected the default-locked-message filter name from bploc_default_locked_message to bplock_default_locked_message.

Security

  • Added a capability check to the get-all-pages admin AJAX handler.

Dev

  • Removed the legacy shared admin wrapper, the unused tab-save AJAX handler, and unused admin assets.

v2.2.0

Dev 5 Compat 1

Dev

  • Fixed all WordPress Coding Standards (WPCS) violations across 28 PHP files
  • Applied strict comparisons, Yoda conditions, and proper type casting throughout
  • Added ABSPATH direct access protection to all PHP files
  • Replaced deprecated functions (parse_url, serialize) with WordPress equivalents
  • Fixed all Plugin Check errors (0 errors)

Compat

  • Updated "Tested up to" to WordPress 6.9

v2.1.2

Improve 3 Fix 1 Security 3

Improve

  • Optimized script and style enqueuing to load only for logged-out users, preventing conflicts
  • Admin AJAX assets now properly load minified versions in production for better performance
  • Added wbcom assets to build process for complete minification and RTL support

Fix

  • All CSS/JS files now properly use minified versions when SCRIPT_DEBUG is disabled

Security

  • Fixed critical registration bypass vulnerability that allowed user registration without proper nonce verification
  • Hardened nonce verification with separate checks for presence and validity
  • Added WordPress registration setting validation to prevent unauthorized registrations

v2.1.1

Improve 2 Fix 2

Improve

  • Implemented BuddyPress-native detection for URL-structure agnostic handling
  • Added activation patterns to default whitelist template

Fix

  • Fixed BuddyPress activation pages being locked in both partial and full protection modes
  • Activation URLs now properly bypass protection to allow new user account activation

v2.1.0

Improve 7 Fix 7 Security 2 Dev 4

Improve

  • Improved login and registration popup display and functionality
  • Enhanced UI for login and register forms with better styling
  • Improved save settings button design and user experience
  • Enhanced locked message content display and formatting
  • Better form handling with custom content messages positioned above forms
  • Modernized CSS styling throughout the plugin
  • Advanced whitelist support with wildcard patterns for flexible URL protection

Fix

  • Fixed protection rules form submission and validation issues
  • Fixed line break rendering in restriction messages to display properly
  • Fixed custom content message positioning in login/registration forms
  • Fixed settings persistence to prevent data loss
  • Fixed duplicate entry prevention in protection rules
  • Fixed null post object handling to prevent PHP warnings
  • Fixed AJAX handler to properly preserve newlines and HTML formatting in rich text fields

Security

  • Implemented double sanitization for enhanced security across all inputs
  • Improved data validation and escaping

Dev

  • Enhanced translation system for better internationalization support
  • WordPress Coding Standards (WPCS) compliance improvements
  • Updated default content and messaging
  • Improved code quality and maintainability

v2.0.0

Major Update
Note 10

Note

  • Completely rebuilt from the ground up for better performance
  • New modern admin interface that's easier to use
  • Added Partial Protection mode for selective content locking
  • Added Full Protection mode for complete site privacy
  • URL patterns with wildcards now supported (/docs/*)
  • built-in form, custom shortcode, or redirect
  • Automatic brute force protection (5 login attempts per 15 minutes)
  • Works smoothly with sites having 1000+ pages
  • Fixed compatibility with PHP 8.2
  • Your existing settings are automatically migrated

v1.9.3

Improve 5 Fix 3

Improve

  • Managed register button style for better user experience.
  • Improved admin UI for a smoother workflow.
  • Ensured consistent and meaningful labels throughout the interface.
  • Changed label text to be more descriptive and consistent.
  • Used constants, consistent output functions, and correctly escaped attributes.

Fix

  • Resolved BP lock login page issue and removed tab for register option.
  • Addressed deprecation notices, including PHP deprecated implicit conversion from float to int.
  • Resolved PHP deprecated issue.

v1.9.1

Fix 4

Fix

  • (#55)Fixed notice on the logged-out template
  • (#56)Fixed deprecated notices with PHP 8.0
  • Compatibility fixes with BuddyPress 12.0
  • Compatibility fixes with WordPress 6.5

v1.9.1

Fix 2

Fix

  • add bp lock icon
  • (#52)fixed lock pages do not work

v1.9.0

Fix 3

Fix

  • Updated admin ui
  • Change enable/disable button style
  • Remove button in wrapper

v1.8.0

Fix 4

Fix

  • Added Buddypress Recaptcha support for login/register forms
  • updated welcome title
  • #49 Login UI Issue managed
  • Added hook for login and register form

v1.7.1

Fix 2

Fix

  • Backend Options Improve UI
  • removed BP Components tab

v1.7.0

Fix 3

Fix

  • Fixed phpcs issues
  • Removed install plugin button from wrapper and phpcs fixes
  • (#39) Update login/register form UI for logged-out mode

v1.6.0

Improve 2

Improve

  • Added redirect option for log out user
  • Update backend switch UI

v1.5.0

Fix 1

Fix

  • PHPCS Fixes

v1.3.0

Fix 3

Fix

  • Support to override template
  • Remove cpt functionality
  • Updated admin notice

v1.2.0

Improve 1 Fix 2

Improve

  • Added select/unselect all options in page list admin settings. (#8)

Fix

  • Add condition for display registration form according to the 'Anyone can register' option. (#23)
  • Registration form input email style. (#26)

v1.1.1

Fix 1

Fix

  • Admin settings saving glitch.

v1.1.0

Improve 3 Fix 1

Improve

  • Added setting to use custom login registration form using shortcode.
  • Changed admin UI.
  • Compatibility with BuddyPress 4.3.0

Fix

  • Page lock issue.

v1.0.4

Improve 3 Fix 1

Improve

  • The locked page is not displayed in the archive.
  • Locked component and page will not be displayed in searched content.
  • Lock component single page if the component is blocked.

Fix

  • Lock custom post type.

v1.0.3

Note 3

Note

  • Plugin code structure changed
  • Added Multisite support
  • Lock Template file update

v1.0.2

Note 1

Note

  • Changed admin settings UI and a login/register form on the locked content template.

v1.0.1

Note 1

Note

  • Updated Labels.

v1.0.0

Note 1

Note

  • first version.