=== KhubaibTech OTP Registration Shield ===
Contributors: khubaib411
Tags: security, registration, spam, verify, otp
Requires at least: 5.0
Tested up to: 7.0
Stable tag: 1.0.4
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Protect your WordPress registration form from spam bots by requiring new users to verify their email with a secure one-time code.

== Description ==

Tired of cleaning up fake user registrations from spam bots? **KhubaibTech OTP Registration Shield** is a lightweight yet powerful security plugin that adds a crucial layer of verification to your WordPress registration form.

Instead of relying on complex CAPTCHAs, this plugin requires users to prove they have access to the email address they are using. It's a simple, user-friendly process that is incredibly effective at blocking automated spam bots.

**How It Works**

1.  A "Verification Code" field is added to your default WordPress registration form.
2.  The user enters their username and email, then clicks "Send Verification Code."
3.  A secure one-time password (OTP) is sent to their email.
4.  The user enters the code to complete their registration.

This ensures that only users with valid, accessible email addresses can register, drastically reducing spam and improving the quality of your user base.

**Key Features:**

*   **Blocks Spam Bots:** Stops automated scripts that create fake user accounts.
*   **Verifies Real Emails:** Ensures that every registered user has a valid email address.
*   **Simple for Users:** A clean, straightforward verification step.
*   **Lightweight & Secure:** No heavy scripts or third-party dependencies. Uses secure WordPress transients and nonces.
*   **Customizable Email:** Easily edit the email subject and body from the settings page.
*   **Seamless Integration:** Works automatically with the default WordPress registration form.

== Installation ==

1.  Upload the `khubaibtech-otp-registration-shield` folder to the `/wp-content/plugins/` directory.
2.  Activate the plugin through the 'Plugins' menu in WordPress.
3.  (Recommended) Navigate to **Settings > OTP Registration Shield** to customize the verification email.
4.  That's it! The verification field will now be active on your registration page.

== Frequently Asked Questions ==

= Does this work with custom registration forms? =

This version integrates with the default WordPress registration form. Integration with plugins like WooCommerce or other form builders is not supported at this time.

= Is it secure? =

Yes. The one-time code is stored temporarily using secure WordPress transients with a 5-minute expiration. All communication is handled via secure WordPress AJAX and verified with nonces.

= Can I change the email that is sent? =

Absolutely! Go to **Settings > OTP Registration Shield** in your admin dashboard to customize the email subject and body.

== Screenshots ==

1. The new verification field added to the WordPress registration form.
2. The simple settings page for customizing the verification email.

== Changelog ==

= 1.0.4 =
* Updated "Tested up to" version for WordPress 7.0 compatibility.

= 1.0.3 =
* Updated "Tested up to" version for WordPress 6.9 compatibility.

= 1.0.2 =
* SECURITY: Refactored CSS and JS to use proper `wp_enqueue_scripts`, `wp_add_inline_style`, and `wp_add_inline_script` functions.
* SECURITY: Replaced all instances of `_e()` with `esc_html_e()` for secure, escaped output.
* TWEAK: Reduced plugin tags to the required maximum of 5.

= 1.0.1 =
* SECURITY: Added sanitization callbacks for settings to meet wordpress.org requirements.
* ENHANCEMENT: Renamed and prefixed all functions, classes, and options for better security and to prevent conflicts.
* TWEAK: Updated plugin name and description to be more unique.

= 1.0.0 =
* Initial release.

== Upgrade Notice ==

= 1.0.2 =
This is a required security and best-practices update. All inline scripts and styles have been properly enqueued.