* **Improvements**
* The default "From email address" used by the plugin now uses the website's domain, thus improving email deliverability.
* All one-time codes generated by the plugin are now 6 digits long.
* Applied some coding best practices in some sections to ensure better protection against timing base attacks.
* **Security fix**
* Fixed a sensitive information disclosure issue - user salts can only be potentially exposed if debug is enabled and the web server is not Apache.
* **Bug fixes**
* Fixed: Text changes in the "logged out users trying to access 2FA config" setting not saved.
* Fixed: User not redirected to the URL configured in the settings when all backup codes are disabled.
* Fixed: Formatting / layout of advert in the configuration, which in some cases it was showing over some of the help text.
Refer to the complete [plugin changelog](https://melapress.com/support/kb/wp-2fa-plugin-changelog/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WP2FA&utm_content=plugin+repos+description) for more detailed information about what was new, improved and fixed in previous version updates of WP 2FA.
