diff --git a/.github/workflows/phpunit.yml b/.github/workflows/phpunit.yml
index 2ec53b0..6d75779 100644
--- a/.github/workflows/phpunit.yml
+++ b/.github/workflows/phpunit.yml
@@ -15,7 +15,7 @@ jobs:
        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=10s --health-retries=10
     strategy:
       matrix:
-        php-versions: ['7.2', '7.3', '7.4', '8.0', '8.1', '8.2']
+        php-versions: ['7.4', '8.0', '8.1', '8.2', 8.3]
     steps:
       - name: Checkout
         uses: actions/checkout@v3
diff --git a/Gruntfile.js b/Gruntfile.js
deleted file mode 100644
index a2c91d7..0000000
--- a/Gruntfile.js
+++ /dev/null
@@ -1,42 +0,0 @@
-module.exports = function (grunt) {
-	// Project configuration.
-	grunt.initConfig(
-		{
-			files: {
-				src:  [
-				'**/*.php',         // Include all files
-				'includes/*.php', // Include includes
-				'!node_modules/**', // Exclude node_modules/
-				'!tests/**',        // Exclude tests/
-				'!vendor/**',       // Exclude vendor/
-				'!static/**',   // Exclude static resources
-				],
-				expand: true
-			},
-			wp_readme_to_markdown: {
-				target: {
-					files: {
-						'readme.md': 'readme.txt'
-					}
-				}
-			},
-			makepot: {
-				target: {
-					options: {
-						mainFile: 'indieauth.php',
-						domainPath: '/languages',
-						exclude: ['build/.*'],
-						potFilename: 'indieauth.pot',
-						type: 'wp-plugin',
-						updateTimestamp: true
-					}
-				}
-			}
-		}
-	);
-
-	grunt.loadNpmTasks( 'grunt-wp-readme-to-markdown' );
-	grunt.loadNpmTasks( 'grunt-wp-i18n' );
-	// Default task(s).
-	grunt.registerTask( 'default', ['wp_readme_to_markdown','makepot'] );
-};
diff --git a/composer.json b/composer.json
index 0831b97..4c75fa4 100644
--- a/composer.json
+++ b/composer.json
@@ -36,7 +36,10 @@
     "yoast/phpunit-polyfills": "^3.0",
     "mf2/mf2": "^0.5.0",
     "sirbrillig/phpcs-variable-analysis": "^2.11",
-    "wp-cli/wp-cli": "^2.11"
+    "wp-cli/wp-cli": "^2.11",
+    "wp-cli/i18n-command": "^2.6",
+    "wpreadme2markdown/wp2md": "^4.1",
+    "wp-cli/wp-cli-bundle": "^2.11"
   },
   "scripts": {
     "install-codestandards": [
@@ -48,7 +51,6 @@
     ],
     "setup-local-tests": "bash bin/install-wp-tests.sh wordpress_test root root 127.0.0.1 latest",
     "phpunit": "./vendor/bin/phpunit",
-    "plugin-check": "./vendor/bin/wp plugin check simple-location --exclude-checks=file_type --exclude-directories='./bin','./.github'",
     "test": [
       "composer update",
       "bin/install-wp-tests.sh wordpress wordpress wordpress",
@@ -62,8 +64,15 @@
       "./vendor/bin/phpcs -n",
       "@phpcpd"
     ],
+    "release": [
+	"@phpcbf",
+	"@make-pot",
+	"@wp2md"
+    ],
     "phpcs": "./vendor/bin/phpcs",
     "phpcbf": "./vendor/bin/phpcbf",
-    "phpcpd": "./vendor/bin/phpcpd --fuzzy --exclude .git --exclude vendor --exclude tests --exclude node_modules ."
+    "phpcpd": "./vendor/bin/phpcpd --fuzzy --exclude .git --exclude vendor --exclude tests --exclude node_modules .",
+    "make-pot": "./vendor/bin/wp i18n make-pot . languages/indieauth.pot",
+    "wp2md": "vendor/bin/wp2md -i readme.txt -o readme.md"
   }
 }
diff --git a/includes/class-indieauth-admin.php b/includes/class-indieauth-admin.php
index e603780..36e31bb 100644
--- a/includes/class-indieauth-admin.php
+++ b/includes/class-indieauth-admin.php
@@ -213,8 +213,7 @@ public function general_settings() {
 		} else {
 			$path = 'options-general.php?page=indieauth';
 		}
-
-		printf( __( 'Based on your feedback and to improve the user experience, we decided to move the settings to a separate <a href="%1$s">settings-page</a>.', 'indieauth' ), $path ); // phpcs:ignore
+		printf( __( 'Based on your feedback and to improve the user experience, we decided to move the settings to a separate <a href="%$s">settings-page</a>.', 'indieauth' ), $path ); // phpcs:ignore
 	}
 
 	/**
diff --git a/indieauth.php b/indieauth.php
index f2cb45e..a73f86e 100644
--- a/indieauth.php
+++ b/indieauth.php
@@ -3,7 +3,7 @@
  * Plugin Name: IndieAuth
  * Plugin URI: https://github.com/indieweb/wordpress-indieauth/
  * Description: IndieAuth is a way to allow users to use their own domain to sign into other websites and services
- * Version: 4.5.2
+ * Version: 4.5.3
  * Author: IndieWeb WordPress Outreach Club
  * Author URI: https://indieweb.org/WordPress_Outreach_Club
  * License: MIT
diff --git a/languages/indieauth.pot b/languages/indieauth.pot
index 3905ed5..d02657d 100644
--- a/languages/indieauth.pot
+++ b/languages/indieauth.pot
@@ -1,17 +1,47 @@
-# Copyright (C) 2024 IndieWeb WordPress Outreach Club
+# Copyright (C) 2025 IndieWeb WordPress Outreach Club
 # This file is distributed under the MIT.
 msgid ""
 msgstr ""
-"Project-Id-Version: IndieAuth 4.5.2\n"
+"Project-Id-Version: IndieAuth 4.5.3\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/indieauth\n"
-"POT-Creation-Date: 2024-08-26 02:02:31+00:00\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=utf-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"PO-Revision-Date: 2024-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
-"X-Generator: grunt-wp-i18n 1.0.3\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"POT-Creation-Date: 2025-01-03T04:23:08+00:00\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"X-Generator: WP-CLI 2.11.0\n"
+"X-Domain: indieauth\n"
+
+#. Plugin Name of the plugin
+#: indieauth.php
+#: includes/class-indieauth-admin.php:35
+#: includes/class-indieauth-admin.php:64
+#: includes/class-indieauth-admin.php:223
+#: templates/indieauth-settings.php:13
+msgid "IndieAuth"
+msgstr ""
+
+#. Plugin URI of the plugin
+#: indieauth.php
+msgid "https://github.com/indieweb/wordpress-indieauth/"
+msgstr ""
+
+#. Description of the plugin
+#: indieauth.php
+msgid "IndieAuth is a way to allow users to use their own domain to sign into other websites and services"
+msgstr ""
+
+#. Author of the plugin
+#: indieauth.php
+msgid "IndieWeb WordPress Outreach Club"
+msgstr ""
+
+#. Author URI of the plugin
+#: indieauth.php
+msgid "https://indieweb.org/WordPress_Outreach_Club"
+msgstr ""
 
 #: includes/class-external-token-page.php:32
 #: includes/class-external-token-page.php:53
@@ -50,7 +80,8 @@ msgstr ""
 #: includes/class-external-token-table.php:102
 #: includes/class-external-token-table.php:110
 #: includes/class-token-list-table.php:166
-#: includes/class-token-list-table.php:170 templates/indieauth-settings.php:29
+#: includes/class-token-list-table.php:170
+#: templates/indieauth-settings.php:29
 msgid "None"
 msgstr ""
 
@@ -60,10 +91,10 @@ msgstr ""
 msgid "Never"
 msgstr ""
 
+#. translators: Human time difference ago
 #: includes/class-external-token-table.php:87
 #: includes/class-token-list-table.php:184
 #: includes/class-token-list-table.php:203
-#. translators: Human time difference ago
 msgid "%s ago"
 msgstr ""
 
@@ -83,10 +114,6 @@ msgstr ""
 msgid "HTTPS Check Passed"
 msgstr ""
 
-#. Plugin Name of the plugin/theme
-msgid "IndieAuth"
-msgstr ""
-
 #: includes/class-indieauth-admin.php:40
 msgid "You are using HTTPS and IndieAuth will be secure"
 msgstr ""
@@ -96,15 +123,11 @@ msgid "HTTPS Test Failed"
 msgstr ""
 
 #: includes/class-indieauth-admin.php:51
-msgid ""
-"You are not serving your site via HTTPS. This is a security risk if running "
-"IndieAuth."
+msgid "You are not serving your site via HTTPS. This is a security risk if running IndieAuth."
 msgstr ""
 
 #: includes/class-indieauth-admin.php:53
-msgid ""
-"We recommend you acquire an SSL Certificate. You can do this for free "
-"through Lets Encrypt"
+msgid "We recommend you acquire an SSL Certificate. You can do this for free through Lets Encrypt"
 msgstr ""
 
 #: includes/class-indieauth-admin.php:61
@@ -112,9 +135,7 @@ msgid "Authorization Header Passed"
 msgstr ""
 
 #: includes/class-indieauth-admin.php:69
-msgid ""
-"Your hosting provider allows authorization headers to pass so IndieAuth "
-"should work"
+msgid "Your hosting provider allows authorization headers to pass so IndieAuth should work"
 msgstr ""
 
 #: includes/class-indieauth-admin.php:77
@@ -122,9 +143,7 @@ msgid "Authorization Test Failed"
 msgstr ""
 
 #: includes/class-indieauth-admin.php:82
-msgid ""
-"If contacting your hosting provider does not work you can open an issue on "
-"GitHub and we will try to assist"
+msgid "If contacting your hosting provider does not work you can open an issue on GitHub and we will try to assist"
 msgstr ""
 
 #: includes/class-indieauth-admin.php:92
@@ -147,7 +166,8 @@ msgstr ""
 msgid "IndieAuth Default Expiry Time"
 msgstr ""
 
-#: includes/class-indieauth-admin.php:160 templates/indieauth-settings.php:2
+#: includes/class-indieauth-admin.php:160
+#: templates/indieauth-settings.php:2
 msgid "IndieAuth Settings"
 msgstr ""
 
@@ -156,94 +176,74 @@ msgid "Default Token Expiration Time"
 msgstr ""
 
 #: includes/class-indieauth-admin.php:177
-msgid ""
-"Set the Number of Seconds until a Token expires (Default is Two Weeks). 0 "
-"to Disable Expiration."
+msgid "Set the Number of Seconds until a Token expires (Default is Two Weeks). 0 to Disable Expiration."
 msgstr ""
 
 #: includes/class-indieauth-admin.php:185
 msgid "These settings control the behavior of the endpoints"
 msgstr ""
 
-#: includes/class-indieauth-admin.php:217
-msgid ""
-"Based on your feedback and to improve the user experience, we decided to "
-"move the settings to a separate <a href=\"%1$s\">settings-page</a>."
+#: includes/class-indieauth-admin.php:216
+msgid "Based on your feedback and to improve the user experience, we decided to move the settings to a separate <a href=\"%$s\">settings-page</a>."
 msgstr ""
 
-#: includes/class-indieauth-admin.php:290
+#: includes/class-indieauth-admin.php:289
 msgid "Overview"
 msgstr ""
 
-#: includes/class-indieauth-admin.php:292
-msgid ""
-"IndieAuth is a way for doing Web sign-in, where you use your own homepage "
-"to sign in to other places."
+#: includes/class-indieauth-admin.php:291
+msgid "IndieAuth is a way for doing Web sign-in, where you use your own homepage to sign in to other places."
 msgstr ""
 
-#: includes/class-indieauth-admin.php:293
-msgid ""
-"IndieAuth was built on ideas and technology from existing proven "
-"technologies like OAuth and OpenID but aims at making it easier for users "
-"as well as developers. It also decentralises much of the process so "
-"completely separate implementations and services can be used for each part."
+#: includes/class-indieauth-admin.php:292
+msgid "IndieAuth was built on ideas and technology from existing proven technologies like OAuth and OpenID but aims at making it easier for users as well as developers. It also decentralises much of the process so completely separate implementations and services can be used for each part."
 msgstr ""
 
-#: includes/class-indieauth-admin.php:300
+#: includes/class-indieauth-admin.php:299
 msgid "The IndieWeb"
 msgstr ""
 
-#: includes/class-indieauth-admin.php:302
+#: includes/class-indieauth-admin.php:301
 msgid "The IndieWeb is a people-focused alternative to the \"corporate web\"."
 msgstr ""
 
-#: includes/class-indieauth-admin.php:304
+#: includes/class-indieauth-admin.php:303
 msgid "Your content is yours"
 msgstr ""
 
-#: includes/class-indieauth-admin.php:305
-msgid ""
-"When you post something on the web, it should belong to you, not a "
-"corporation. Too many companies have gone out of business and lost all of "
-"their users’ data. By joining the IndieWeb, your content stays yours and in "
-"your control."
+#: includes/class-indieauth-admin.php:304
+msgid "When you post something on the web, it should belong to you, not a corporation. Too many companies have gone out of business and lost all of their users’ data. By joining the IndieWeb, your content stays yours and in your control."
 msgstr ""
 
-#: includes/class-indieauth-admin.php:308
+#: includes/class-indieauth-admin.php:307
 msgid "You are better connected"
 msgstr ""
 
-#: includes/class-indieauth-admin.php:309
-msgid ""
-"Your articles and status messages can go to all services, not just one, "
-"allowing you to engage with everyone. Even replies and likes on other "
-"services can come back to your site so they’re all in one place."
+#: includes/class-indieauth-admin.php:308
+msgid "Your articles and status messages can go to all services, not just one, allowing you to engage with everyone. Even replies and likes on other services can come back to your site so they’re all in one place."
 msgstr ""
 
-#: includes/class-indieauth-admin.php:312
+#: includes/class-indieauth-admin.php:311
 msgid "You are in control"
 msgstr ""
 
-#: includes/class-indieauth-admin.php:313
-msgid ""
-"You can post anything you want, in any format you want, with no one "
-"monitoring you. In addition, you share simple readable links such as "
-"example.com/ideas. These links are permanent and will always work."
+#: includes/class-indieauth-admin.php:312
+msgid "You can post anything you want, in any format you want, with no one monitoring you. In addition, you share simple readable links such as example.com/ideas. These links are permanent and will always work."
 msgstr ""
 
-#: includes/class-indieauth-admin.php:319
+#: includes/class-indieauth-admin.php:318
 msgid "For more information:"
 msgstr ""
 
-#: includes/class-indieauth-admin.php:320
+#: includes/class-indieauth-admin.php:319
 msgid "<a href=\"https://indieweb.org/IndieAuth\">IndieWeb Wiki page</a>"
 msgstr ""
 
-#: includes/class-indieauth-admin.php:321
+#: includes/class-indieauth-admin.php:320
 msgid "<a href=\"https://indieauth.rocks/\">Test suite</a>"
 msgstr ""
 
-#: includes/class-indieauth-admin.php:322
+#: includes/class-indieauth-admin.php:321
 msgid "<a href=\"https://www.w3.org/TR/indieauth/\">W3C Spec</a>"
 msgstr ""
 
@@ -303,9 +303,7 @@ msgid "Allows the application to save content for later retrieval"
 msgstr ""
 
 #: includes/class-indieauth-authorization-endpoint.php:176
-msgid ""
-"Allows access to the users default profile information which includes name, "
-"photo, and url"
+msgid "Allows access to the users default profile information which includes name, photo, and url"
 msgstr ""
 
 #: includes/class-indieauth-authorization-endpoint.php:177
@@ -324,9 +322,9 @@ msgstr ""
 msgid "Unsupported Response Type"
 msgstr ""
 
+#. translators: Name of missing parameter
 #: includes/class-indieauth-authorization-endpoint.php:288
 #: includes/class-indieauth-authorization-endpoint.php:364
-#. translators: Name of missing parameter
 msgid "Missing Parameter: %1$s"
 msgstr ""
 
@@ -360,9 +358,7 @@ msgid "Failed PKCE Validation"
 msgstr ""
 
 #: includes/class-indieauth-authorization-endpoint.php:408
-msgid ""
-"There was an error verifying the authorization code. Check that the "
-"client_id and redirect_uri match the original request."
+msgid "There was an error verifying the authorization code. Check that the client_id and redirect_uri match the original request."
 msgstr ""
 
 #: includes/class-indieauth-authorize.php:147
@@ -391,6 +387,66 @@ msgstr ""
 msgid "No Client ID Found in JSON Client Metadata"
 msgstr ""
 
+#: includes/class-indieauth-client-taxonomy.php:37
+msgctxt "taxonomy general name"
+msgid "IndieAuth Applications"
+msgstr ""
+
+#: includes/class-indieauth-client-taxonomy.php:38
+msgctxt "taxonomy singular name"
+msgid "IndieAuth Applications"
+msgstr ""
+
+#: includes/class-indieauth-client-taxonomy.php:39
+msgctxt "search locations"
+msgid "Search IndieAuth Applications"
+msgstr ""
+
+#: includes/class-indieauth-client-taxonomy.php:40
+msgctxt "popular locations"
+msgid "Popular Applications"
+msgstr ""
+
+#: includes/class-indieauth-client-taxonomy.php:41
+msgctxt "all taxonomy items"
+msgid "All Applications"
+msgstr ""
+
+#: includes/class-indieauth-client-taxonomy.php:42
+msgctxt "edit taxonomy item"
+msgid "Edit Application"
+msgstr ""
+
+#: includes/class-indieauth-client-taxonomy.php:43
+msgctxt "view taxonomy item"
+msgid "View Application Archive"
+msgstr ""
+
+#: includes/class-indieauth-client-taxonomy.php:44
+msgctxt "update taxonomy item"
+msgid "Update Application"
+msgstr ""
+
+#: includes/class-indieauth-client-taxonomy.php:45
+msgctxt "add taxonomy item"
+msgid "Add New Application"
+msgstr ""
+
+#: includes/class-indieauth-client-taxonomy.php:46
+msgctxt "new taxonomy item"
+msgid "New Application"
+msgstr ""
+
+#: includes/class-indieauth-client-taxonomy.php:47
+msgctxt "no clients found"
+msgid "No applications found"
+msgstr ""
+
+#: includes/class-indieauth-client-taxonomy.php:48
+msgctxt "no locations"
+msgid "No applications"
+msgstr ""
+
 #: includes/class-indieauth-client-taxonomy.php:63
 msgid "Stores information in IndieAuth Client Applications"
 msgstr ""
@@ -438,9 +494,7 @@ msgid "Token Endpoint did Not Return a Token"
 msgstr ""
 
 #: includes/class-indieauth-client.php:169
-msgid ""
-"There was an error verifying the authorization code, the authorization "
-"server returned an expected response"
+msgid "There was an error verifying the authorization code, the authorization server returned an expected response"
 msgstr ""
 
 #: includes/class-indieauth-debug.php:96
@@ -456,9 +510,7 @@ msgid "A Successful Auth Response was Given yet No User is Currently Set"
 msgstr ""
 
 #: includes/class-indieauth-debug.php:117
-msgid ""
-"You have passed a permissions test but somehow the system is still not "
-"showing you as logged in"
+msgid "You have passed a permissions test but somehow the system is still not showing you as logged in"
 msgstr ""
 
 #: includes/class-indieauth-revocation-endpoint.php:69
@@ -466,8 +518,8 @@ msgstr ""
 msgid "The Token Provided is No Longer Valid"
 msgstr ""
 
-#: includes/class-indieauth-scopes.php:45
 #. translators: Capability
+#: includes/class-indieauth-scopes.php:45
 msgid "Unknown cap: %s"
 msgstr ""
 
@@ -504,9 +556,7 @@ msgid "Allows the application to manage Microsub channels"
 msgstr ""
 
 #: includes/class-indieauth-scopes.php:188
-msgid ""
-"Returns a complete profile to the application as part of the IndieAuth "
-"response. Without this only a display name, avatar, and url will be returned"
+msgid "Returns a complete profile to the application as part of the IndieAuth response. Without this only a display name, avatar, and url will be returned"
 msgstr ""
 
 #: includes/class-indieauth-ticket-endpoint.php:96
@@ -553,8 +603,7 @@ msgstr ""
 #: includes/class-indieauth-token-endpoint.php:131
 #: includes/class-indieauth-userinfo-endpoint.php:64
 msgid ""
-"Bearer Token Not Supplied or Server Misconfigured to Not Pass Token. Run "
-"diagnostic script in WordPress Admin\n"
+"Bearer Token Not Supplied or Server Misconfigured to Not Pass Token. Run diagnostic script in WordPress Admin\n"
 "\t\t\t\tIndieAuth Settings Page"
 msgstr ""
 
@@ -619,9 +668,7 @@ msgid "A Name Must be Set for Your Token"
 msgstr ""
 
 #: includes/class-indieauth-token-ui.php:86
-msgid ""
-"A token has been generated and appears below. This token will not be stored "
-"anywhere. Please copy and store it."
+msgid "A token has been generated and appears below. This token will not be stored anywhere. Please copy and store it."
 msgstr ""
 
 #: includes/class-indieauth-token-ui.php:141
@@ -721,9 +768,7 @@ msgid "Issuer Parameter does not Match Server Metadata"
 msgstr ""
 
 #: includes/class-web-signin.php:114
-msgid ""
-"Issuer Parameter Present in Metadata Endpoint But Not Returned by "
-"Authorization Endpoint"
+msgid "Issuer Parameter Present in Metadata Endpoint But Not Returned by Authorization Endpoint"
 msgstr ""
 
 #: includes/class-web-signin.php:135
@@ -734,8 +779,8 @@ msgstr ""
 msgid "Your have entered a valid Domain, but you have no account on this blog."
 msgstr ""
 
-#: indieauth.php:168
 #. translators: 1. Path to file unable to load
+#: indieauth.php:168
 msgid "Unable to load: %1s"
 msgstr ""
 
@@ -744,10 +789,7 @@ msgid "Authorization has Failed"
 msgstr ""
 
 #: templates/authdiagfail.php:5
-msgid ""
-"The authorization header was not returned on this test, which means that "
-"your server may be stripping the Authorization header. This is needed for "
-"IndieAuth to work correctly."
+msgid "The authorization header was not returned on this test, which means that your server may be stripping the Authorization header. This is needed for IndieAuth to work correctly."
 msgstr ""
 
 #: templates/authdiagfail.php:6
@@ -759,34 +801,25 @@ msgid "If that doesnt work, try this:"
 msgstr ""
 
 #: templates/authdiagfail.php:12
-msgid ""
-"If that does not work either, you may need to ask your hosting provider to "
-"reconfigure to allow the Authorization header to be passed. If they refuse, "
-"you can pass it through Apache with an alternate name. The plugin searches "
-"for the header in REDIRECT_HTTP_AUTHORIZATION, as some FastCGI "
-"implementations store the header in this location."
+msgid "If that does not work either, you may need to ask your hosting provider to reconfigure to allow the Authorization header to be passed. If they refuse, you can pass it through Apache with an alternate name. The plugin searches for the header in REDIRECT_HTTP_AUTHORIZATION, as some FastCGI implementations store the header in this location."
 msgstr ""
 
 #: templates/authdiagtest.php:4
 msgid "Authorization Header Test"
 msgstr ""
 
-#: templates/indieauth-authenticate-form.php:5
 #. translators: Client Name or ID
+#: templates/indieauth-authenticate-form.php:5
 msgid "Authenticate %1$s"
 msgstr ""
 
+#. translators: 1. Client with link 2. User ID 3. User Display Name 4. User Nicename
 #: templates/indieauth-authenticate-form.php:23
-#. translators: 1. Client with link 2. User ID 3. User Display Name 4. User
-#. Nicename
 msgid "The app %1$s would like to identify you as %2$s, which is user %3$s (%4$s)."
 msgstr ""
 
 #: templates/indieauth-authenticate-form.php:42
-msgid ""
-"The app will have no access to your site, but is requesting access to the "
-"following information and may request a token to refresh this information "
-"in future, which you can revoke at any time:"
+msgid "The app will have no access to your site, but is requesting access to the following information and may request a token to refresh this information in future, which you can revoke at any time:"
 msgstr ""
 
 #: templates/indieauth-authenticate-form.php:61
@@ -798,34 +831,32 @@ msgstr ""
 msgid "Cancel"
 msgstr ""
 
-#: templates/indieauth-authenticate-form.php:66
 #. translators: 1. Redirect URI
+#: templates/indieauth-authenticate-form.php:66
 msgid "You will be redirected to %1$s after authenticating."
 msgstr ""
 
-#: templates/indieauth-authorize-form.php:5
 #. translators: 1. Client Name
+#: templates/indieauth-authorize-form.php:5
 msgid "Authorize %1$s"
 msgstr ""
 
-#: templates/indieauth-authorize-form.php:19
 #. translators: 1. Client
+#: templates/indieauth-authorize-form.php:19
 msgid "%1$s wants to access your site."
 msgstr ""
 
-#: templates/indieauth-authorize-form.php:35
 #. translators: 1. User Display Name 2. User Nice Name
-msgid ""
-"The app will use credentials of %1$s (%2$s). You can revoke access at any "
-"time."
+#: templates/indieauth-authorize-form.php:35
+msgid "The app will use credentials of %1$s (%2$s). You can revoke access at any time."
 msgstr ""
 
 #: templates/indieauth-authorize-form.php:45
 msgid "Below select the privileges you would like to grant the application."
 msgstr ""
 
-#: templates/indieauth-authorize-form.php:57
 #. translators: 1. human time difference
+#: templates/indieauth-authorize-form.php:57
 msgid "The client will have access for %1$s."
 msgstr ""
 
@@ -833,27 +864,22 @@ msgstr ""
 msgid "Approve"
 msgstr ""
 
-#: templates/indieauth-authorize-form.php:85
 #. translators: 1. Redirect URI
+#: templates/indieauth-authorize-form.php:85
 msgid "You will be redirected to %1$s after approving this application."
 msgstr ""
 
 #: templates/indieauth-notices.php:6
-msgid ""
-"The redirect URL this app is using does not match the domain of the client "
-"ID."
+msgid "The redirect URL this app is using does not match the domain of the client ID."
 msgstr ""
 
-#: templates/indieauth-notices.php:17
 #. translators: PKCE specification link
+#: templates/indieauth-notices.php:17
 msgid "This app is not using %s for security which is now required for IndieAuth"
 msgstr ""
 
 #: templates/indieauth-settings.php:7
-msgid ""
-"Some host configurations can block the ability of this site to work and may "
-"require change. Please run the Site Health check to ensure this will work "
-"with your site."
+msgid "Some host configurations can block the ability of this site to work and may require change. Please run the Site Health check to ensure this will work with your site."
 msgstr ""
 
 #: templates/indieauth-settings.php:8
@@ -861,9 +887,7 @@ msgid "Click Here"
 msgstr ""
 
 #: templates/indieauth-settings.php:15
-msgid ""
-"With IndieAuth, you can use your blog, to log into sites like the "
-"IndieWeb-Wiki."
+msgid "With IndieAuth, you can use your blog, to log into sites like the IndieWeb-Wiki."
 msgstr ""
 
 #: templates/indieauth-settings.php:22
@@ -874,14 +898,13 @@ msgstr ""
 msgid "Set a User who will represent the URL of the site"
 msgstr ""
 
-#: templates/indieauth-settings.php:44 templates/websignin-link.php:3
+#: templates/indieauth-settings.php:44
+#: templates/websignin-link.php:3
 msgid "Web Sign-In"
 msgstr ""
 
 #: templates/indieauth-settings.php:46
-msgid ""
-"Enable Web Sign-In for your blog, so others can use IndieAuth or RelMeAuth "
-"to log into this site."
+msgid "Enable Web Sign-In for your blog, so others can use IndieAuth or RelMeAuth to log into this site."
 msgstr ""
 
 #: templates/indieauth-settings.php:52
@@ -892,7 +915,8 @@ msgstr ""
 msgid "Add a link to the login form to authenticate using an IndieAuth endpoint."
 msgstr ""
 
-#: templates/websignin-form.php:3 templates/websignin-form.php:10
+#: templates/websignin-form.php:3
+#: templates/websignin-form.php:10
 msgid "Sign in with your domain name"
 msgstr ""
 
@@ -903,81 +927,3 @@ msgstr ""
 #: templates/websignin-form.php:20
 msgid "Learn about Web Sign-in"
 msgstr ""
-
-#. Plugin URI of the plugin/theme
-msgid "https://github.com/indieweb/wordpress-indieauth/"
-msgstr ""
-
-#. Description of the plugin/theme
-msgid ""
-"IndieAuth is a way to allow users to use their own domain to sign into "
-"other websites and services"
-msgstr ""
-
-#. Author of the plugin/theme
-msgid "IndieWeb WordPress Outreach Club"
-msgstr ""
-
-#. Author URI of the plugin/theme
-msgid "https://indieweb.org/WordPress_Outreach_Club"
-msgstr ""
-
-#: includes/class-indieauth-client-taxonomy.php:37
-msgctxt "taxonomy general name"
-msgid "IndieAuth Applications"
-msgstr ""
-
-#: includes/class-indieauth-client-taxonomy.php:38
-msgctxt "taxonomy singular name"
-msgid "IndieAuth Applications"
-msgstr ""
-
-#: includes/class-indieauth-client-taxonomy.php:39
-msgctxt "search locations"
-msgid "Search IndieAuth Applications"
-msgstr ""
-
-#: includes/class-indieauth-client-taxonomy.php:40
-msgctxt "popular locations"
-msgid "Popular Applications"
-msgstr ""
-
-#: includes/class-indieauth-client-taxonomy.php:41
-msgctxt "all taxonomy items"
-msgid "All Applications"
-msgstr ""
-
-#: includes/class-indieauth-client-taxonomy.php:42
-msgctxt "edit taxonomy item"
-msgid "Edit Application"
-msgstr ""
-
-#: includes/class-indieauth-client-taxonomy.php:43
-msgctxt "view taxonomy item"
-msgid "View Application Archive"
-msgstr ""
-
-#: includes/class-indieauth-client-taxonomy.php:44
-msgctxt "update taxonomy item"
-msgid "Update Application"
-msgstr ""
-
-#: includes/class-indieauth-client-taxonomy.php:45
-msgctxt "add taxonomy item"
-msgid "Add New Application"
-msgstr ""
-
-#: includes/class-indieauth-client-taxonomy.php:46
-msgctxt "new taxonomy item"
-msgid "New Application"
-msgstr ""
-
-#: includes/class-indieauth-client-taxonomy.php:47
-msgctxt "no clients found"
-msgid "No applications found"
-msgstr ""
-
-#: includes/class-indieauth-client-taxonomy.php:48
-msgctxt "no locations"
-msgid "No applications"
-msgstr ""
\ No newline at end of file
diff --git a/package.json b/package.json
deleted file mode 100644
index f910da5..0000000
--- a/package.json
+++ /dev/null
@@ -1,28 +0,0 @@
-{
-  "name": "wordpress-indieauth",
-  "description": "IndieAuth for WordPress!",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/indieweb/wordpress-indieauth.git"
-  },
-  "author": {
-    "name": "Matthias Pfefferle",
-    "email": "pfefferle@gmail.com",
-    "web": "http://notizblog.org"
-  },
-  "devDependencies": {
-    "grunt": "^1.6.1",
-    "grunt-wp-i18n": "^1.0.3",
-    "grunt-wp-readme-to-markdown": "^2.1.0"
-  },
-  "license": "MIT",
-  "bugs": {
-    "url": "https://github.com/indieweb/wordpress-indieweb/issues"
-  },
-  "homepage": "https://github.com/indieweb/wordpress-indieauth",
-  "keywords": [
-    "indieweb",
-    "wordpress",
-    "indieauth"
-  ]
-}
diff --git a/phpcs.xml b/phpcs.xml
index 1d298cb..5c89e8d 100644
--- a/phpcs.xml
+++ b/phpcs.xml
@@ -28,10 +28,10 @@
 
 
 	<!-- PHP/WordPress Compatibility Check -->
-	<config name="testVersion" value="7.2-"/>
+	<config name="testVersion" value="7.4-"/>
 	<rule ref="PHPCompatibilityWP"/>
 
-	<config name="minimum_supported_wp_version" value="4.9"/>
+	<config name="minimum_supported_wp_version" value="6.2"/>
 
 
 	<rule ref="WordPress.WP.I18n">
diff --git a/readme.md b/readme.md
index a34d523..7304fd8 100644
--- a/readme.md
+++ b/readme.md
@@ -1,80 +1,81 @@
-# IndieAuth #
-**Contributors:** [indieweb](https://profiles.wordpress.org/indieweb/), [pfefferle](https://profiles.wordpress.org/pfefferle/), [dshanske](https://profiles.wordpress.org/dshanske/)  
-**Tags:** IndieAuth, IndieWeb, IndieWebCamp, login  
-**Requires at least:** 4.9.9  
-**Requires PHP:** 7.2  
-**Tested up to:** 6.7
-**Stable tag:** 4.5.2  
-**License:** MIT  
-**License URI:** http://opensource.org/licenses/MIT  
-**Donate link:** https://opencollective.com/indieweb  
+# IndieAuth
+
+**Contributors:** indieweb, pfefferle, dshanske \
+**Tags:** IndieAuth, IndieWeb, IndieWebCamp, login \
+**Requires at least:** 6.2 \
+**Requires PHP:** 7.4 \
+**Tested up to:** 6.7 \
+**Stable tag:** 4.5.3 \
+**License:** MIT \
+**License URI:** http://opensource.org/licenses/MIT \
+**Donate link:** https://opencollective.com/indieweb
 
 IndieAuth is a way to allow users to use their own domain to sign into other websites and services.
 
-## Description ##
+## Description
 
 The plugin turns WordPress into an IndieAuth endpoint. This can be used to act as an authentication mechanism for WordPress and its REST API, as well as an identity mechanism for other sites. It uses the URL from the profile page to identify the blog user or your author url. We recommend your site be served over https to use this.
 
 You can also install this plugin to enable web sign-in for your site using your domain.
 
-## Installation ##
+## Installation
 
 1. Upload the `indieauth` directory to your `/wp-content/plugins/` directory
 2. Activate the plugin through the 'Plugins' menu in WordPress
 3. That's it
 
-## Frequently Asked Questions ##
+## Frequently Asked Questions
 
-### What is IndieAuth? ###
+### What is IndieAuth?
 
 [IndieAuth](https://indieauth.net) is a way for doing Web sign-in, where you use your own homepage or author post URL( usually /author/authorname ) to sign in to other places. It is built on top of OAuth 2.0, which is used by many websites.
 
-### Why IndieAuth? ###
+### Why IndieAuth?
 
 IndieAuth is an extension to OAuth. If you are a developer, you have probably used OAuth to get access to APIs. As a user, if you have given an application access to your account on a service, you probably used OAuth. One advantage of IndieAuth is how easily it allows everyone's website to be their own OAuth Server without needing applications to register with each site.
 
-### How is IndieAuth different from OAuth? ###
+### How is IndieAuth different from OAuth?
 
 IndieAuth was built on top of OAuth 2.0 and differs in that users and clients are represented by URLs.  Clients can verify the identity of a user and obtain an OAuth 2.0 Bearer token that can be used to access user resources.
 
 You can read the [specification](https://indieauth.spec.indieweb.org/) for implementation details.
 
-### How is Web Sign In different from OpenID? ###
+### How is Web Sign In different from OpenID?
 
 The goals of OpenID and Web Sign In are similar. Both encourage you to sign in to a website using your own domain name. However, OpenID has failed to gain wide adoption. Web sign-in prompts a user to enter a URL to sign on. Upon submission, it tries to discover the URL's authorization endpoint, and authenticate to that. If none is found, it falls back on other options.
 
 This plugin only supports searching an external site for an authorization endpoint, allowing you to log into one site with the credentials of another site if that site is listed as the website URL in your user profile.
 
-### What is IndieAuth.com? ###
+### What is IndieAuth.com?
 
 [Indieauth.com](https://indieauth.com) is the reference implementation of the IndieAuth Protocol. If you activate this plugin you do not need to use this site. IndieAuth.com uses rel-me links on your website to determine your identity for authentication, but this is not required to use this plugin which uses your WordPress login to verify your identity.
 
-### How does the application know my name and avatar? ###
+### How does the application know my name and avatar?
 
 As of version 3.2, the endpoints return the display name, avatar, and URL from your user profile.
 
-### Does this require each user to have their own unique domain name? ###
+### Does this require each user to have their own unique domain name?
 
 No. When you provide the URL of the WordPress site and authenticate to WordPress, it will return the URL of your author profile as your unique URL. Only one user may use the URL of the site itself.
 This setting is set in the plugin settings page, or if there is only a single user, it will default to them.
 
-### How do I authenticate myself to an Indieauth server? ###
+### How do I authenticate myself to an Indieauth server?
 
 That, as mentioned, depends on the server. By default, the built-in IndieAuth server uses the WordPress login.
 
 By adding Indieauth support, you can log into sites simply by providing your URL.
 
-### How secure is this? ###
+### How secure is this?
 
 We recommend your site uses HTTPS to ensure your credentials are not sent in cleartext. As of Version 3.3, this plugin supports Proof Key for Code Exchange(PKCE), if the client supports it.
 
-### What is a token endpoint? ###
+### What is a token endpoint?
 
 Once you have proven your identity, the token endpoint issues a token, which applications can use to authenticate as you to your site.
 
 You can manage and revoke tokens under User->Manage Tokens. You will only see tokens for the currently logged in user.
 
-### How do I incorporate this into my plugin? ###
+### How do I incorporate this into my plugin?
 
 The WordPress function, `get_current_user_id` works to retrieve the current user ID if logged in via IndieAuth. The plugin offers the following functions to assist you in using IndieAuth for your service. We suggest you check on activation for the IndieAuth plugin by asking `if ( class_exists( 'IndieAuth_Plugin') )`
 
@@ -91,11 +92,11 @@ If any of these return null, the value was not set, and IndieAuth is not being u
 
 The scope description can be customized with the filter `indieauth_scope_description( $description, $scope )`
 
-### What if I just want to use the REST API without OAuth exchange? ###
+### What if I just want to use the REST API without OAuth exchange?
 
 The plugin allows you to generate a token under User->Manage Tokens with access. You can provide this to an application manually.
 
-### I keep getting the response that my request is Unauthorized ###
+### I keep getting the response that my request is Unauthorized
 
 Many server configurations will not pass bearer tokens. The plugin attempts to work with this as best possible, but there may be cases we have not encountered. The first step is to try running the diagnostic script linked to in the settings page. It will tell you whether tokens can be passed.
 
@@ -124,11 +125,11 @@ You can also try:
 
 If that doesn't work either, you may need to ask your hosting provider to whitelist the `Authorization` header for your account. If they refuse, you can [pass it through Apache with an alternate name](https://github.com/indieweb/wordpress-micropub/issues/56#issuecomment-299569822). The plugin searches for the header in REDIRECT_HTTP_AUTHORIZATION, as some FastCGI implementations store the header in this location.
 
-### I get an error that parameter redirect_uri is missing but I see it in the URL ###
+### I get an error that parameter redirect_uri is missing but I see it in the URL
 
 Some hosting providers filter this out using mod_security. For one user, they needed [Rule 340162](https://wiki.atomicorp.com/wiki/index.php/WAF_340162) whitelisted as it detects the use of a URL as an argument.
 
-### What is the Ticketing extension and how do I enable it? ###
+### What is the Ticketing extension and how do I enable it?
 
 [Ticketing for IndieAuth](https://indieweb.org/Ticketing_for_IndieAuth) is a developing extension to OAuth2/IndieAuth. It creates a ticket endpoint on your site where other sites can send you a ticket, which can be redeemed
 for a token to access private resources on that other site. You can enable the experimental endpoint functionality by adding the below to your wp-config.php. If this becomes more established, it will be added
@@ -141,72 +142,79 @@ are stored. Tokens are stored per user.
 
 Since the extension is developing, there is currently not a specified way to transfer this token to a client to be used.
 
-## Upgrade Notice ##
+## Upgrade Notice
 
-### 4.5.0 ###
+### 4.5.0
 
 4.5.0 removes support for client discovery using a manifest file. This was never part of the official specification and has been superseded by the newly added client json metadata option.
 
-### 4.4.0 ###
+### 4.4.0
 
 4.4.0 removes the remote endpoint functionality, which will be archived as a separate plugin in future. It was already disabled by default. It also removes the ability to login via URL and password. Websignin login is the only login enhancement.
 
-### 4.3.0 ###
+### 4.3.0
 
 4.3.0 changes the storage of client application data from being embedded in every token to being stored in a hidden taxonomy. Older tokens will not be automatically updated. It also sideloads the application icon
 
-### 4.2.0 ###
+### 4.2.0
 
 Changes in the 4.2.0 branch implement future breaking changes to IndieAuth. Backward compatibility will be maintained for the foreseeable future, but clients are advised to update to the latest version of the standard to take advantage of the latest opportunities. Old methods will remain until adoption of the metadata endpoint is sufficient.
 
-### 4.1.0 ###
+### 4.1.0
 
 Introduces experimental Ticket Auth Endpoint, which allows the receipt of tickets and the storage of external tokens. This is disabled by default and can only be enabled through a flag.
 
-### 4.0.0 ###
+### 4.0.0
 
 This version enables expiring tokens. All existing tokens will remain as they were. New tokens will expire in 14 days by default. You can change this in settings.
 
-### 3.6.0 ###
+### 3.6.0
 
 Due to the fact that this upgrades the spec adherence to address the changes in the IndieAuth Living Standard as of November 26, 2020, there may be unanticipated issues with clients not meeting the changes.
 Until such a time as more IndieAuth clients adopt the changes, some elements of the changes will not be mandatory, such as PKCE compliance.
 
-### 3.4.0 ###
+### 3.4.0
 
 Due to the possibility of someone setting the url in their user profile to the same as another account, you will no longer be able to save the exact same url into two accounts. If you already set two accounts to the
 same URL one will be wiped the next time you save a conflicting user profile.
 
-### 3.3.2 ###
+### 3.3.2
 
 Due to issues people have experienced with their hosting provider stripping Authorization headers. The plugin will now nag you to run the test for this.
 
-### 3.0.0 ###
+### 3.0.0
 
 In version 2.0, we added an IndieAuth endpoint to this plugin, which previously only supported IndieAuth for web sign-in. Version 3.0.0 separates the endpoint code from the web sign-in code and removes the ability to use a third-party IndieAuth endpoint with your site. If you use the sign-in feature, it will look for the IndieAuth endpoint for the URL you provide. If you use Micropub for WordPress, enabling the plugin will use the built-in endpoint for WordPress. If you wish to use Indieauth.com or another endpoint, you can disable this plugin and Micropub will use Indieauth.com by default.
 
-## Changelog ##
+## Changelog
 
 Project and support maintained on github at [indieweb/wordpress-indieauth](https://github.com/indieweb/wordpress-indieauth).
 
-### 4.5.2 ###
+### 4.5.3
+
+* Fix issue with uninitialized variables
+
+### 4.5.2
+
 * Fix issue with loop on adding new clients
 * Store client_uri and last modified date for new clients.
 
-### 4.5.1 ###
+### 4.5.1
+
 * Fix issue with failure if logo_uri is not a URL
 * Fix conflict with Jetpack plugin due not returning error property (props @janboddez)
 
-### 4.5.0 ###
+### 4.5.0
+
 * Remove experimental manifest searching code for client discovery
 * Add support for client json metadata files recently added to specification with fallback to MF2 HTML
 * Fix declaration issue(props @janboddez)
 
-### 4.4.2 ###
+### 4.4.2
 
 * Prevent returning 401 for other successful OAuth2 plugins
 
-### 4.4.1 ###
+### 4.4.1
 
 * Add MF2 Parser for Client Information Discovery
 * Fix ticket endpoint and add additional checks
@@ -214,7 +222,7 @@ Project and support maintained on github at [indieweb/wordpress-indieauth](https
 * Add hooks for Ticket redemption flow
 * Add email notification when ticket received
 
-### 4.4.0 ###
+### 4.4.0
 
 * Remove remote endpoint functionality already disabled
 * Rearrange so each endpoint is more independent and registers its own parameters
@@ -229,16 +237,17 @@ Project and support maintained on github at [indieweb/wordpress-indieauth](https
 * Fix error message surfacing in websignin form
 * Fix CSS on websignin and authorization forms to not misrender the language bar.
 
-### 4.3.0 ###
+### 4.3.0
 
 * Introduce Client Taxonomy to store client data so it is not stored individually
 * Sideload Client Application icons
 
-### 4.2.1 ###
+### 4.2.1
+
 * Fix issue with not loading User Token library with old remote endpoint code
 * Fix issue with not loading metadata endpoint when not logging in
 
-### 4.2.0 ###
+### 4.2.0
 
 * Add Server Metadata Endpoint
 * Add Issuer Property to Authorization Response
@@ -246,11 +255,11 @@ Project and support maintained on github at [indieweb/wordpress-indieauth](https
 * Revocation endpoint added. Old revocation method will remain until metadata endpoint adoption is sufficient.
 * User Info Endpoint added. This returns the user profile offered during the authorization flow.
 
-### 4.1.1 ###
+### 4.1.1
 
 * Fix issue where class from ticket auth was being called even though ticket auth was not enabled.
 
-### 4.1.0 ###
+### 4.1.0
 
 * Add experimental ticket auth endpoint
 * Bug fix on endpoint discovery discovered during ticket auth development
@@ -262,22 +271,25 @@ Project and support maintained on github at [indieweb/wordpress-indieauth](https
 * Introduce Refresh Token Functionality
 * Create was not pre-checked in new selections when offered as an option.
 
-### 4.0.0 ###
+### 4.0.0
 
 * Add default expiry time.
 * Ensure tokens expire at their proper time.
 * Cleanup related to expiry
 
-### 3.6.2 ###
+### 3.6.2
+
 * Fix missing argument, props @chee
 * Fix issue with new sanitization, props @akirk
 * Fix issue with improperly encoded HTML in JSON
 * Switch test token to mirror length of real token to properly test servers who may use mod_security.
 
-### 3.6.1 ###
+### 3.6.1
+
 * Clean up template pages in order to remove HTML from i18n strings.
 
-### 3.6.0 ###
+### 3.6.0
+
 * Adopt changes to the living spec as of the November 26, 2020 version.
 * Drop explicit support for response_type=id. Endpoint will convert to type code for backcompat until further notice.
 * Change experimental profile return behavior to match newly documented behavior in spec.
@@ -287,32 +299,38 @@ Project and support maintained on github at [indieweb/wordpress-indieauth](https
 * Add UUID to tokens as used in the WP5.6 Application Password feature.
 * Add Last IP Accessed to storage as used in the WP5.6 Application Password feature.
 
-### 3.5.1 ###
+### 3.5.1
+
 * Make Site Health More Explicit
 * Update scope descriptions
 * Adjust scope capabilities to be more consistent
 
-### 3.5.0 ###
+### 3.5.0
+
 * Restore ability to use a remote endpoint but keep this feature hidden for now.
 * Add load function and config setting in order to load the files appropriate for your configuration
 * Create Authorization plugin base class that can be used to create different IndieAuth configurations
 * Add Site Health Check for SSL and Unique Users
 * Create local and remote classes that can be instantiated depending on configuration
 
-### 3.4.2 ###
+### 3.4.2
+
 * Repair issue with other flow caused by function name issue
 
-### 3.4.1 ###
+### 3.4.1
+
 * Add setting to set the user who will be using the site URL as their URL as opposed to their author URL which removes dependency on Indieweb plugin for this.
 
-### 3.4.0 ###
+### 3.4.0
+
 * Enforce unique URLs for user accounts
 * Add user url to user table
 * Redo association for URL to user account. At this time, only the root path and the author archive URLs are allowed as a return. Hoping to add more options in future
 * Add Site Health Check
 * Improve text and links for authorization failure
 
-### 3.3.2 ###
+### 3.3.2
+
 * Add new diagnostic script that will nag you until you run it at least once
 * Add cache control headers on return from endpoint
 * Verifying the token at the token endpoint did not use REDIRECT_HTTP_AUTHORIZATION now added
@@ -321,111 +339,122 @@ Project and support maintained on github at [indieweb/wordpress-indieauth](https
 * Add option to bulk expire tokens
 * Add cleanup option
 
-### 3.3.1 ###
+### 3.3.1
 
 * Add definition of profile scope
 * Improve documentation in README
 
-### 3.3 ###
+### 3.3
+
 * Switch to SHA256 hashing from built in salted hash used by WordPress passwords
 * Add PKCE Support
 
-### 3.2 ###
+### 3.2
+
 * Only add headers to front page and author archive pages
 * Return basic profile data in returns so the client can display the name and avatar of the user
 
-### 3.1.11 ###
+### 3.1.11
+
 * Fix issue with silent conversion when not array
 * Add client name and icon automatically on setting token
 
-### 3.1.10 ###
+### 3.1.10
+
 * Fixed PHP notice with icon determination
 * Silently convert requests for the post scope to the create update scope
 * Update tagline
 
-### 3.1.9 ###
+### 3.1.9
+
 * Fixed PHP warnings
 
-### 3.1.8 ###
+### 3.1.8
+
 * When local verification is performed the code was not updating the profile URL and passing through the URL from the original request. This code was in the remote verification portion of the token endpoint and is now mirrored in the verify local code.
 
-### 3.1.7 ###
+### 3.1.7
+
 * Add authdiag.php script written by @Zegnat
 
-### 3.1.6 ###
+### 3.1.6
+
 * Add ability to generate a token on the backend
 * Added a test endpoint that tests whether the authentication provider for the REST API is working and tries to return useful errors
 
-### 3.1.5 ###
+### 3.1.5
+
 * Add Client Information Discovery to search for names and icon for clients
 * Add icon and client name to Manage Token page
 * Add action to refresh icon and other information in the Manage Token interface
 
-### 3.1.4 ###
+### 3.1.4
+
 * Rearrange token logic so that if a token is provided the system will fail if it is invalid
 * Add last accessed field to token and add that to token management table
 
-### 3.1.3 ###
+### 3.1.3
+
 * Allow selection of scopes and add stock descriptions
 * Update Manage Token Page to use WP_List_Table
 
-### 3.1.2 ###
+### 3.1.2
 
 * Fix issue with scope encoding
 * Fix issue where function returned differently than parent function
 
-### 3.1.1 ###
+### 3.1.1
 
 * Fixed PHP error with version < PHP 5.4
 
-### 3.1.0 ###
+### 3.1.0
 
 * Fixed `state` param handling
 
-### 3.0.4 ###
+### 3.0.4
 
 * Fixed admin settings
 
-### 3.0.3 ###
+### 3.0.3
 
 * Verify user ID directly from the token endpoint rather than mapping URL.
 * Display $me parameter instead of user_url on authenticate screen
 * Remove deprecated functions and parameters
 
-### 3.0.2 ###
+### 3.0.2
 
 * Automatically rewrite local URLs to https if the local site is site to SSL
 
-### 3.0.1 ###
+### 3.0.1
 
 * In previous version fixed issue where error message was not returned if there was a missing bearer token. This was needed due fact that some servers filter tokens. However, this meant that it would do this for all API requests, even ones not requiring authentication such as webmentions. Reverted change with flag
 * Added constant `INDIEAUTH_TOKEN_ERROR` which if set to true will return an error if it cannot find a token.
 
-### 3.0.0 ###
+### 3.0.0
 
 * Major refactor to abstract out and improve token generation code
 * Set one cookie with the state instead of multiple cookies.
 * Store other parameters as a transient
 * Remove extra settings
 
-### 2.1.1 ###
+### 2.1.1
 
 * Bug Fix
 
-### 2.1.0 ###
+### 2.1.0
 
 * Refactor to change load order
 * Textual fix
 * Add defaults when core functions not yet enabled
 * Rework of the admin-interface
 
-### 2.0.3 ###
+### 2.0.3
 
 * Add improved getallheaders polyfill
 * Check for missing cookie
 * Check for alternate authorization location
 
-### 2.0.2 ###
+### 2.0.2
 
 * If using local endpoint verify token locally without making remote call
 * Add filters for scope and response so they can be accessed elsewhere
@@ -433,13 +462,13 @@ Project and support maintained on github at [indieweb/wordpress-indieauth](https
 * Switch from failure to warning message for different domains for redirect
 * Hide token endpoint management page if local endpoint not enabled
 
-### 2.0.1 ###
+### 2.0.1
 
 * Improve error handling if null endpoint sent through
 * Adjust cookie to GMT
 * Add whitepace to form
 
-### 2.0.0 ###
+### 2.0.0
 
 * Support author profiles in addition to user URLs
 * Change token verification method to match current Indieauth specification
@@ -454,22 +483,22 @@ Project and support maintained on github at [indieweb/wordpress-indieauth](https
 * Option to sign into your domain is now a separate form
 * Automatically add trailing slash to user_url
 
-### 1.1.3 ###
+### 1.1.3
 
 * update README
 
-### 1.1.2 ###
+### 1.1.2
 
 * fixed redirect URL
 
-### 1.1.1 ###
+### 1.1.1
 
 * WordPress coding style
 
-### 1.1.0 ###
+### 1.1.0
 
 * fixed critical bug
 
-### 1.0.0 ###
+### 1.0.0
 
 * initial
diff --git a/readme.txt b/readme.txt
index 2fe5a40..229db5e 100644
--- a/readme.txt
+++ b/readme.txt
@@ -1,10 +1,10 @@
 === IndieAuth ===
 Contributors: indieweb, pfefferle, dshanske
 Tags: IndieAuth, IndieWeb, IndieWebCamp, login
-Requires at least: 4.9.9
-Requires PHP: 7.2
+Requires at least: 6.2
+Requires PHP: 7.4
 Tested up to: 6.7
-Stable tag: 4.5.2
+Stable tag: 4.5.3
 License: MIT
 License URI: http://opensource.org/licenses/MIT
 Donate link: https://opencollective.com/indieweb
@@ -189,6 +189,9 @@ In version 2.0, we added an IndieAuth endpoint to this plugin, which previously
 
 Project and support maintained on github at [indieweb/wordpress-indieauth](https://github.com/indieweb/wordpress-indieauth).
 
+= 4.5.3 =
+* Fix issue with uninitialized variables
+
 = 4.5.2 =
 * Fix issue with loop on adding new clients
 * Store client_uri and last modified date for new clients.
