=== OneCode Login === Contributors: oaron Tags: passwordless, login, authentication, email, otp Requires at least: 5.8 Tested up to: 6.9 Requires PHP: 7.4 Stable tag: trunk License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Simple and secure passwordless login using email verification codes. No passwords to remember, just enter your email and verify with a 6-digit code. == Description == OneCode Login provides a modern, passwordless authentication experience for your WordPress site. Instead of traditional passwords, users receive a secure 6-digit verification code via email. = Key Features = * **Passwordless Authentication** - Users log in with just their email address * **6-Digit Verification Codes** - Secure, time-limited codes sent via email * **Rate Limiting** - Built-in protection against brute force attacks * **Request ID Binding** - Each code is bound to a specific login session for enhanced security * **Neutral Feedback** - Prevents user enumeration attacks by not revealing if an email exists * **Customizable** - Configure expiry times, cooldowns, and email templates * **Accessible** - Full keyboard navigation and screen reader support * **Gutenberg Block** - Easy to add login forms to any page * **Shortcode Support** - Use [onecode_login] anywhere * **wp-login.php Integration** - Optionally replace the default WordPress login = Security Features = * Cryptographically secure code generation * Configurable code expiry (default: 10 minutes) * Resend cooldown to prevent spam * IP-based and email-based rate limiting * Automatic lockout after failed attempts * Codes are single-use and invalidated after successful login = Use Cases = * Membership sites where password fatigue is an issue * Customer portals requiring simple authentication * Internal tools where security without complexity is needed * Any site wanting to improve user experience == Installation == 1. Upload the `onecode-login` folder to `/wp-content/plugins/` 2. Activate the plugin through the Plugins menu in WordPress 3. Go to Settings > OneCode Login to configure options 4. Add the login form using the [onecode_login] shortcode or Gutenberg block = Shortcode Options = * `redirect_to` - URL to redirect after successful login * `button_text` - Custom text for the send code button * `verify_text` - Custom text for the verify button Example: `[onecode_login redirect_to="/dashboard" button_text="Get Code"]` == Screenshots == 1. Admin settings page with all configuration options 2. Email input form for passwordless login 3. 6-digit verification code entry screen == Frequently Asked Questions == = Does this replace password login completely? = By default, no. OneCode Login works alongside traditional password login. However, you can enable the "Replace wp-login.php" option to use OneCode Login as the primary login method. = What happens if the email does not arrive? = Users can request a new code after the cooldown period (default: 60 seconds). Check your server email configuration if emails consistently fail to deliver. = Is this secure? = Yes. The plugin uses cryptographically secure random number generation, time-limited codes, rate limiting, and request binding to prevent various attack vectors. = Can I customize the email template? = Yes. Go to Settings > OneCode Login > Email tab to customize the subject and body of verification emails. You can use placeholders like {code}, {expires}, {site_name}, and {user_email}. = Does it work with multisite? = The plugin is designed for single-site installations. Multisite compatibility may be added in future versions. = What if a user does not have an account? = The plugin only allows existing users to log in. For security reasons, it does not reveal whether an email address has an account - users always see the same "check your email" message. == Changelog == = 1.0.0 = * Initial release * Passwordless login with 6-digit verification codes * Rate limiting and brute force protection * Customizable email templates * Gutenberg block and shortcode support * wp-login.php integration option * Full accessibility support