Upcoming fixes and updates

Coming soon…



  • Security fix: Error message sanitization.



  • Fix: We will now delete the user avatar if the social media account which was used to set the avatar for the user gets unlinked.
  • Fix: Fixed an issue where an error was thrown whenever the download_url() function would return a WP_Error object during the unlinking process.
  • Fix: Fixed an issue where a plugin/theme force update check could cause a fatal error.
  • Feature: Global Settings – Added new “Unsupported WebView behaviour” option which determines what should happen to the social login buttons in WebView environments.
  • Improvement: Removed custom download_url() method, instead we will use the standard WordPress version, as it now works as expected.
  • Improvement: Google – Getting Started updated.
  • Improvement: Facebook – API call version updated from v13.0 to v19.0.



  • Fix: The default “Terms and conditions” text can now be translated with our language files.
  • Improvement: Facebook Getting Started Update
  • Improvement: Shortcode – customlabel shortcode parameter added, which can be used for specifying a custom label for the connect state of the social buttons rendered by the currently used shortcode. Also you can use the {{providerName}} placeholder to display the name of the given provider in your custom text.



  • Fix: Fixed a crash during login when “Support login restrictions” is enabled while WP 2FA plugin is installed.
  • Fix: Fixed a PHP Warning issue related to Ultimate Member when “Support login restrictions” is enabled.
  • Fix: Indeed Ultimate Affiliate Pro compatibility – registration with social login didn’t award rewards to the affiliates
  • Improvement: Twitter provider has been rebranded as X
  • Improvement: Facebook – Getting Started updated



  • Feature: Facebook provider – Added option to choose a custom profile image size.
  • Fix: renderButtonsWithContainerAndTitle() method will no longer render the connect buttons for the logged in users.
  • Fix: renderLinkAndUnlinkButtons() method will no longer render the link and unlink buttons for the logged out users
  • Improvement: Developers can now use the “nsl_autolink_error_redirect_url” filter to override the redirect URL when auto-linking fails.



  • Fix: In some cases we opened the login popup window in an incorrect position.
  • Fix: Some language files had wrong language codes in their names: es_LA > es_ES, zh_ZH > zh_CN
  • Improvement: Facebook Getting Started Update
  • Improvement: The HTML of the “Register” submit button in our Register flow can now be overridden over template files.
  • Improvement: Registration – if the provider has account select screen, then the user will be able to select another account if an error prevented the registration.
  • Improvement: Auto-linking security improvements.
  • Improvement: Google provider – new OAuth2 authorization and token endpoints.
  • Improvement: Developers can now use the “nsl_required_capability” filter to override the default capability ( manage_options ) that is required to be able to access the backend of Nextend Social Login.
  • Improvement: Japanese translation added.
  • Improvement: Hebrew translation added.
  • Feature: Twitter – option to choose whether we should use v1.1 or the v2.0 OAuth flow and credentials. ( The different versions have different App creation guides depending on the selected value. )



  • Fix: The !important CSS rules can cause problems for AMP validators, so we will use more specific selectors instead.
  • Fix: Some object cache might caused a PHP warning when the login happened with third party login forms.
  • Fix: There was a JavaScript error in WordPress-like login forms that didn’t fire any login specific actions
  • Improvement: Twitter Getting Started Update
  • Improvement: Support login restrictions – BuddyPress activation integration – in this case the actual registration is done by BuddyPress, not Nextend Social Login.
  • Improvement: Developers can now define the “NSL_DISABLE_IN_AMP_REQUESTS” constant, to disable the social buttons and its assets in the AMP requests.
  • Improvement: Developers can now use the “nsl_disabled_register_redirect_url” and “nsl_disabled_login_redirect_url” filters to override the redirects in most cases when the registration or login with social login fails for some reason
  • Improvement: Introduced some public PHP functions that developers can use to get some user data outside of our normal flow
  • Improvement: Avatar storing improvements
  • Feature: Option to allow the profile syncing separately for the registration, login and link actions



  • Fix: Google provider – Google OAuth no longer supports any kind of WebViews, so the Google button will be hidden in all WebView environments.
  • Fix: User selected language in the backend didn’t load our translations in certain cases.
  • Improvement: We will trigger the “wp_login_failed” action when the login with social login fails, so the login history plugins could display the failed login attempts happened with social login, too.
  • Improvement: The unlinked social media identifier will be now available from the “nsl_unlink_user” action parameters.



  • Fix: The Jetpack Boost plugin stopped our authentication flow
  • Fix: The “WP 2FA” plugin could prevent the login with social login even if our “Support login restrictions” feature was disabled
  • Fix: PHP error when other plugins tried to force WordPress to update the plugin update transients ( update_plugins ) with null parameter
  • Fix: The “Page Transitions” feature of Elementor Pro opened our links in the opener window, causing a redirect in both the popup and the popup opener window
  • Improvement: Introducing the “nsl_connect_button_custom_attributes”, “nsl_unlink_button_custom_attributes”, “nsl_link_button_custom_attributes” filters to add extra attributes on our button links
  • Improvement: Avatar storing – We won’t try to copy the avatar into our avatar folder if the same file is already there
  • Improvement: Avatar storing – If the earlier stored avatar file doesn’t exist, we will delete the associated attachment data the next time the user logs in
  • Improvement: Facebook provider – Graph API version of the used endpoints have been updated from v7.0 to v13.0



  • Fix: PHP Warning on redirects, when the “Host” header is not sent by the browser ( e.g when an action happens with CLI )
  • Fix: The redirect parameter of the shortcode didn’t work in AJAX requests
  • Fix: Provider order modification didn’t work in WordPress 5.9, as the version 5.9 was shipped with new jQuery UI Sortable library that didn’t support sorting floated elements.
  • Improvement: Google Getting Started Update
  • Improvement: Twitter Getting Started Update
  • Feature: Bypass cache on redirect – when enabled, it adds a GET parameter to the redirect URL, which can prevent caching in certain cases.





  • Improvement: If there is a slow server or a poor internet connection, the redirect after the authentication with social login might take longer. During this time we will display a loading spinner, so the visitor will know that something is about to happen.



  • Improvement: string paths from the language files have been removed.



  • Fix: Display error message for logged out users, when they try to login with a social media account that’s email address matches with a WordPress account email address, that has a linked provider from the same kind.
  • Fix: WooRewards will be able to generate points on registration with Nextend Social Login.
  • Improvement: nsl_already_linked_error_message filter added to modify the error message when a WordPress account with the same email address has another social media account already linked.
  • Improvement: Separate autologin from registerComplete function.
  • Improvement: nsl_autologin_priority filter added to control the priority of the autologin after the registration with Nextend Social Login.
  • Improvement: Facebook Getting Started Update
  • Improvement: WPML compatibility



  • Fix: We had to add clear: both; on the nsl-container class to make floated elements before the buttons not to mess up the layout.
  • Fix: Jetpack removed the Register button in our register flow when it was handled over the WordPress default login page.
  • Improvement: The social buttons with the Default style will try to go as wide as the longest button, if there is enough space in the social button container element.
  • Feature: Fullwidth style for the social buttons.



  • Fix: We didn’t display the disabled registration notification when the “OAuth redirect uri proxy page” feature was used.
  • Fix: Google provider – Social button didn’t appear in Opera Mini and iOS Opera Touch.
  • Fix: WordPress couldn’t download the avatars coming from the social media when the avatar URL was too long.
  • Fix: Our styles were missing from pages with AMP mode of “AMP for WP”.
  • Fix: There was an AMP validation error as earlier we didn’t load our styles into the unique style tag with the “amp-custom” attribute.
  • Fix: Database – There was a database error on MySQL 8.0.17 and above, as the display width attribute has been deprecated for integer data types.
  • Fix: Database – Default values of register_date, login_date and link_date have been changed from “0000-00-00 00:00:00” to NULL, since the old value could cause a database error when we tried to make database structure modifications in databases when NO_ZERO_DATE, NO_ZERO_IN_DATE values are set in sql_mode.
  • Improvement: Developers can now pass false value for the nsl_disabled_register_error_message filter for turning off our registration disabled notification.
  • Improvement: Google provider – The Google button will no longer be hidden in Line App WebView, as Google allows the authentication over the WebView of this App.
  • Improvement: Developers can now use the nsl_unlink_user action to run custom function when a user unlinks the social media account from the WordPress account.
  • Improvement: Twitter Getting Started Update
  • Improvement: Google Getting Started Update
  • Improvement: Facebook Getting Started Update
  • Improvement: The context “Register form submit button label” has been added to the Register button appearing in our register flow. So it can now be translated with language files separately.
  • Improvement: On the frontend we will use native JavaScript instead of jQuery.



  • Fix: Ultimate Member prevents our registration when we need to ask extra information before the registration.
  • Fix: post_mime_type PHP notice.
  • Improvement: Italian translation files added.
  • Improvement: Notice handling logic improvements.
  • Improvement: Twitter Getting Started Update
  • Improvement: Facebook Getting Started Update
  • Improvement: Facebook Warning for App replacing
  • Improvement: Google provider – using OAuth2 v2 endpoint
  • Improvement: 2 new filters for customizing the redirect url and error message when login is disabled.
  • Improvement: Database – new column for Primary Key
  • Improvement: PHP 8.0 compatibility
  • Improvement: Using the “pre_get_avatar_data” filter instead of “get_avatar” filter.



  • Fix: PHP notice when AMP plugin is enabled.
  • Fix: The orphan thumbnail sizes generated from the avatars will be deleted when the earlier stored avatar has been overridden by the provider.
  • Improvement: Hashed filenames for avatars to avoid tracking back the user avatars over the URL by User ID.
  • Improvement: Avatars are now stored in the dedicated folder called nsl_avatars. The name of the folder can be modified with the NSL_AVATARS_FOLDER constant.
  • Improvement: Ultimate Member – the registration date will appear in the info popup for users registered by social login.
  • Improvement: 2 new filters for developers
  • Improvement: nsl_disabled_register_error_message filter will also work when the OAuth flow is being handled over the default login page.
  • Improvement: Facebook provider – Getting Started update.
  • Feature: Custom label for buttons in register forms and new shortcode parameter to use the register labels.



  • Fix: WishList Member plugin prevents the strong redirects of Nextend Social Login.
  • Fix: Connect button – Url encoding in the redirect parameter to keep the URL parameters after login.
  • Fix: JavaScript errors on JavaScript minification with WP Hide & Security Enhancer
  • Fix: Delayed login caused by image optimization plugins, like EWWW Image Optimizer.
  • Fix: Social button styles will be loaded in AMP “Reader” template pages, too.
  • Improvement: Reactivate renamed to Analyze & Repair
  • Improvement: Notification at the backend, when there is at least one configured provider however it is not enabled.
  • Improvement: Facebook provider – updated steps and new video guide in the Getting Started section.
  • Improvement: Facebook provider – new default button color.
  • Improvement: Facebook provider – we will use Graph API v7.0 for the endpoints.
  • Improvement: Google provider – updated steps and new video guide in the Getting Started section.
  • Improvement: Allow redirect and error message overrides when registration is disabled.
  • Improvement: The Google button will no longer be hidden for Instagram, Twitter and Facebook App WebViews, as Google allows the authentication over the WebView of these Apps.
  • Feature: Facebook provider – button skin selector added.



  • Fix: BuddyPress 6.0 compatibility fix.



  • Fix: PHP error when BuddyPress – Activity is disabled.
  • Fix: Support login restrictions – delete persistent data when the registration was prevented by a third party plugin
  • Fix: Twitter – 48×48 avatars can be stored again



  • Fix: Updated language files.



Compatibility: PHP 7 or greater is required for the new version!

  • Fix: Icon style – Icons will be wrapped into multiple lines when there is no more room for them.
  • Fix: Social buttons will no longer be distorted when the page is translated with Google translator.
  • Fix: WPLMS theme – social button style and duplicated social buttons.
  • Fix: WP Rocket – Combine JavaScript files compatibility.
  • Fix: Popup target window when the social buttons appear in certain modals.
  • Fix: Ultimate Member avatars with social registration.
  • Fix: Avatars will be stored again, if there is an attachment set, but the file doesn’t exist.
  • Improvement: Database – Register, Link and Login date will be stored.
  • Improvement: Google – Light skin will be the default button skin.
  • Improvement: Pages which are being used by other plugins will be filtered out from Page for register flow and OAuth redirect uri proxy page.
  • Improvement: Getting Started ( Facebook, Google ) updated with new steps.
  • Improvement: New registrations happening with social login will also be displayed in the BuddyPress – Activity log.
  • Improvement: Shortcode “provider” parameter will also define the visibility of the link and unlink buttons.
  • Feature: Option to disable the Google account select prompt on each login.
  • For developers: The provider instance can now be accessed over nsl_registration_form_start and nsl_registration_form_end actions



  • Fix: Ultimate Member Auto Approve + Support Login Restriction – Avatars will be synchronized.
  • Fix: Error message didn’t show up when an “OAuth redirect uri proxy page” was selected.
  • Feature: Shortcode – Grid style
  • Feature: German translation files added.
  • Improvement: redirect_to URL parameter is stronger now than current page url
  • Improvement: nsl_registration_user_data filter can now be also used
    for preventing the registration.



  • Fix: Shortcode – align parameter notice
  • Fix: Social buttons didn’t show up properly when the action where we check jQuery was called multiple times.
  • Improvement: Google Select account modal before the login.



  • Fix: Google – G+ logo is replaced with simple G logo.
  • Fix: _nsl is not defined error when there was no provider configured.
  • Fix: The shortcode of Page for register flow will be rendered into the correct position.



  • Fix: Activation on specific domains.



  • Fix: Importing old Pro Addon licenses.



  • Fix: NSL Avatars used to override the selected BuddyPress avatars
  • Fix: 500 error when the Extended Profiles setting is disabled in BuddyPress.
  • Fix: By default, users won’t be redirected to the homepage after unlinking their accounts, instead will be redirected back to the page, where the unlink action has happened.
  • Fix: Nextend Social Login will now wait for jQuery before positioning the social buttons.
  • Fix: Getting Started section of some providers are updated with the new App creation steps.
  • Feature: Russian translation added.
  • Feature: Display avatars in “All media items” – Images can now load faster in Media Library – Grid view, when this option is enabled.
  • Feature: Social button alignment option for WordPress forms, shortcode and widget.
  • Feature: Membership – is now available in the FREE version and provides support for WordPress default membership as well.
  • Feature: new hook allows overriding the username and email before registration – nsl_registration_user_data
  • Facebook – Graph API v3.2 – old Facebook APP-s may require API Call version upgrade
  • Old Nextend Facebook/Twitter/Google Connect compatibility has been removed. (?loginFacebook=1 and similar parameters will no longer work, only ?loginSocial=provider)
  • Social buttons use flex-box layout now.
  • New activation system for the Pro Addon.



  • Fix: Conflict with Login with Ajax reset password.
  • Fix: BuddyPress related themes, that render the avatar with the bp_displayed_user_avatar() will be able to get the avatar of the user.
  • New email and profile Google scopes, since old ones became deprecated.
  • Woocommerce User Email Verification prevented users with NSL from logging in
  • Our registerComplete function is hooked later to let other plugins send their email notifications
  • Old Nextend Twitter/Google Connect – backwards compatibility cessation notice added. (?loginFacebook=1 and similar parameters won’t work from the next version, only ?loginSocial=provider)



  • Fix: Twitter Getting Started and Settings page updated according to the new Twitter App creation.
  • Fix: Won’t stuck on a blank page anymore when the login and registration is blocked by WP Cerber.
  • Fix: Infinite redirect loop when home page was selected as OAuth redirect uri proxy page.
  • Fix: Safari will no longer close the page automatically after logging in with NSL.
  • Feature: Login restriction – Some plugins are now able to prevent the login of NSL when admin approval or email verification is necessary!
  • Feature: Google button skins.
  • Feature: Portuguese (Brazilian) translation added.



  • Fix: Further changes to prevent some issues with Theme My Login 7.x
  • Fix: ‘profile_update’ WordPress hook won’t be triggered anymore upon a registration process.
  • Fix: Chrome and Android Facebook login issue via Facebook App.
  • Feature: Debug menu and option to test the connection of each provider.
  • Feature: Twitter – Selecting profile image size is possible now.
  • Feature: Blacklisted redirects
  • Feature: Nextend Social Login newsletters subscription!



  • Fix: Twitter – 32bit and Windows servers are lost the id precision
  • Feature: Added Debug menu and Provider connection test
  • Feature: Jetpack SSO login form extension
  • Feature: Prevent external redirect
  • Theme My Login version 7 breaks Nextend Social Login, so a notice will be displayed with details



  • Nextend Social Login now uses appsecret_proof to improve your Facebook app’s security
  • Fix: display_post_states is static now



  • Fix: Parse error for alternate login page



  • Feature: A page can be selected which handles the extra fields for Register flow.
  • Feature: A page can be selected which handles the OAuth flow.
  • Feature: Spanish (Latin America) translation added.
  • Feature: GDPR – add custom Terms and conditions on register.
  • Feature: GDPR – retrieved fields can now be exportable with the Export Personal Data tool of WordPress.
  • Fix: Jetpack – Secure Sign On
  • Fix: Dokan – redirection



  • Feature: AJAX compatibility
  • Feature: Default Redirect URL
  • Feature: Twitter screen name as username
  • Fix: SocialRabbit compatibility



  • Avatars are stored in your media library as Facebook blocked the url access
  • Code improvements
  • PHP and WordPress version check
  • Improved template-parts
  • Fix: Login and redirect cleanup
  • Fix: Socialize theme
  • Fix for Hide my WP plugin @see
  • Name of the session cookie can be changed with nsl_session_name filter and NSL_SESSION_NAME constant.



  • Added new shortcode parameter: trackerdata.
  • All In One WP Security – Fixed Verify Settings in providers
  • Embedded login form settings for wp_login_form
  • Instruction when redirect Uri changes
  • iThemes Security – Filter Long URL removed as it prevents provider to return oauth params.
  • Link and unlink shortcode added: [nextend_social_login login="0" link="1" unlink="1" heading="Connect Social Accounts"]
  • Prevent account linking if it is already linked
  • Provider test process renamed to “Verify Settings”
  • Remove whitespaces from username
  • Theme My Login plugin compatibility fixes.



  • Optimized registration process
  • Removed mb_strlen, so “PHP Multibyte String” not required anymore
  • Twitter api rewritten. This way it’s possible to get email address from Twitter users.
  • Feature: Added fallback username prefix
  • Feature: Added WebView support (Google buttons are hidden in WebView as Google does not allow to use)
  • Feature: WP HTTP api replaced the native cURL
  • Fix: shortcode redirect
  • Fix: Twitter, LinkedIn and Google avatar
  • Fix: Fixed avatars on retina screen
  • Fix: Shopkeeper theme conflict
  • Fixed rare case when the redirect to last state url was missing
  • Fixed rare case when user can stuck in legacy mode while importing provider.