Force login to make the site private - Gozer — Full changelog

For each release, see the entries below. The latest version is always at the top.
The current release notes also live in readme.txt under "== Changelog ==".

= 1.0.4 =
* Fix: Security hardening of the access-control exceptions. Appending a query string such as `?x=wp-admin` or `?x=sitemap` to a protected URL could bypass the login requirement and expose the page to logged-out visitors. Login-page and sitemap detection now matches the parsed URL path only, never the raw request URI. Updating is strongly recommended for any site relying on Gozer to keep content private.

= 1.0.3 =
* Fix: Fixed promotional banner button alignment on WordPress 7.0 due to core CSS specificity changes
* Tested up to WordPress 7.0

= 1.0.2 =
* Improved: Better name to make it easier to find the plugin

= 1.0.1 =
* Improved: Tokens table layout for better responsiveness on smaller screens
* Improved: Copy tokens button moved to Actions column for a better user experience
* Improved: The recommendations banner now displays plugins and services randomly

= 1.0.0 =
* Initial release
* Force login functionality with configurable exceptions
* Admin bar indicator with quick toggle switch
* System exceptions (REST API, WP-Cron, WP-CLI, AJAX, XML-RPC)
* SEO exceptions (sitemaps, robots.txt, feeds, search bots)
* Technical exceptions (HEAD requests, static files)
* Custom exceptions (paths, IPs with CIDR/wildcards, user agents)
* Temporary bypass tokens with expiration
* Redirect options (login, 403, custom URL)
* Two-column settings layout
