LifterLMS
WordPress LMS plugin for creating and selling online courses with memberships, quizzes, and certificates.
After a feature-heavy 10.0, LifterLMS settled into a steady security-hardening cadence.
◆Recent moves
- 3d ago
Security hardening: quiz, add-ons, and REST API auth checks
A maintenance patch: one block-editor scrolling fix for WordPress 7.0, plus hardening checks on quiz start, the add-ons screen, and REST API authentication. Continues the post-10.0 security cadence.
View source ↗ - 8d ago
Security hardening: checkout, imports, and form-data checks
Security-only release adding validation checks to checkout order creation, user creation during course and membership imports, and account/registration form submissions—all credited to an external researcher. Pure hardening.
View source ↗ - 10d ago
Defer session cookies to keep anonymous views cacheable
The one substantive change in this stretch: anonymous visitors no longer receive a session cookie until session data is actually written, keeping their page views eligible for full-page caching. A real performance win, bundled with the usual security checks.
View source ↗ - 14d ago
Quiz-question security check and added E2E tests
A near-empty point release: added E2E tests and a single quiz-question update check. Maintenance only.
View source ↗ - 25d ago
Deprecate legacy quiz-question query method
Deprecates a legacy quiz-question query method now that the Course Builder handles question search via its own AJAX flow. Internal cleanup.
View source ↗ - 29d ago
Add AGENTS.md/CLAUDE.md; REST API permission checks
Adds AGENTS.md and CLAUDE.md to orient AI coding agents working in the repo, plus REST API permission and Course Builder save checks. The AI-onboarding files are a small forward-looking note; the rest is hardening.
View source ↗