=== Email OTP Login with default login form ===
Contributors: webnotics, sumitkamboj53
Donate link: https://donate.stripe.com/3cI5kE7sv6ex30s5LB5kk2x
Tags: login, otp, email verification, two factor, security
Requires at least: 5.0
Tested up to: 6.8
Requires PHP: 7.2
Stable tag: 1.0.3
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html
Text Domain: email-otp-login-with-default-login-form

Adds email OTP (One-Time Password) verification after valid login credentials on the default wp-login.php form for added security.

== Description ==

This plugin enhances the default WordPress login security by adding a One-Time Password (OTP) verification step via email:

- Users log in with their regular email/username and password.
- If credentials are valid, an OTP is generated and emailed to the user.
- A popup is shown on the same login page (`wp-login.php`) to enter the OTP.
- Once the correct OTP is entered, the user is logged in.

To help you get started, there's a comprehensive video tutorial available that guides you through the process of setting.
[youtube https://youtu.be/AZ6w1lkltOI] 


== Features ==

* Secure login via OTP sent to user’s email.
* Role-based OTP enforcement.
* Uses native wp-login.php form — no custom forms required.
* Session-based OTP handling for security.
* Expiring OTP (default: 40 seconds).
* No third-party dependencies.

== Installation ==

1. Upload the plugin files to the `/wp-content/plugins/email-otp-login-with-default-login-form` directory, or install the plugin through the WordPress plugins screen directly.
2. Activate the plugin through the 'Plugins' screen in WordPress.
3. Navigate to **Settings → Email OTP Settings** to select which user roles require OTP login verification.

== Frequently Asked Questions ==

= Does this plugin work with custom login forms? =  
No. This plugin is designed to work only with the default `wp-login.php` form.

= Can I enable OTP only for specific roles? =  
Yes. Go to **Settings → Email OTP Settings** and select the roles you want to enforce OTP for.

= Is the OTP stored securely? =  
OTP is stored in the PHP session temporarily and cleared after use or expiration.

= What happens if the OTP expires? =  
The user will be redirected back to the login page and asked to log in again.

== Screenshots ==

1. OTP entry modal on wp-login.php.
2. Role-based OTP settings page in WordPress admin.
3. Error message when OTP is invalid or expired

== Changelog ==

= 1.0.0 =
* Initial release with OTP popup, email sending, and expiration logic

= 1.0.2 =
*Release Date 17th June 2025*
* Update email template design *

= 1.0.3 =
*Release Date 1st Aug  2025*
* Modified existing actions and filters related to the Email Login OTP system for improved flexibility and developer customization. *

== Upgrade Notice ==

= 1.0.0 =
First stable release. Make sure you test it on a staging site before using in production.

= 1.0.2 =
*Release Date 17th June 2025*
* Update email template design *

= 1.0.3 =
*Release Date 31st July  2025*
* Modified existing actions and filters related to the Email Login OTP system for improved flexibility and developer customization. *

== Donate ==

If you find this plugin useful and want to support its development, you can make a donation via the following link:

[Donate Here](https://donate.stripe.com/3cI5kE7sv6ex30s5LB5kk2x)

Your donation helps to ensure that this plugin remains free and receives regular updates!


== Credits ==

The plugin development was supported by [webnotics], [sumitkamboj53]. Contributions and feedback are always welcome.

== Documentation and Support ==

**[Documentation](https://webnotics.org/email-otp-login-with-default-login-form/ "documentation")**
For detailed documentation, visit https://webnotics.org/email-otp-login-with-default-login-form/
For support, please contact us at [support@webnotics.solutions](mailto:support@webnotics.solutions).


== License ==

This plugin is licensed under the GPLv2 or later.
