=== Email Validator for Comments ===
Contributors: securityinsight
Donate link: https://securityinsight.pro
Tags: comments, spam prevention, email verification, comment moderation, email confirmation
Requires at least: 5.0
Tested up to: 6.8
Stable tag: 1.8.3
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Blocks comment submission until the user confirms their email address with a one-time link. No accounts or captchas required.

== Description ==

**Stop fake or misused emails in your comment section.**  
This plugin prevents spam and ensures valid email ownership by requiring users to confirm their email address before a comment is submitted.

When a user leaves a comment, they’ll receive a one-time confirmation link by email. Their comment won’t appear until they click the link — no accounts, no passwords and no friction for real users.

**Why Use It?**
- Improves trust and deliverability.
- Cuts down on abuse, spam and bot activity.
- Ensures email addresses actually belong to the commenter.
- Comments from verified users go straight to approved or pending in the future.

== Features ==

- Email confirmation required before comment is accepted.
- Comments with unconfirmed emails are automatically deleted after 3 days.
- One-time confirmation — verified commenters skip confirmation next time.
- Lightweight, secure, and privacy-friendly.
- Admin tool to manually clear all verified email records.
- No account creation required.
- No third-party services or API keys needed.
- Only one confirmation email sent per hour to a single email address to prevent abuse.

== Installation ==

1. Upload the plugin folder to the `/wp-content/plugins/` directory.
2. Activate the plugin through the ‘Plugins’ menu in WordPress.
3. That’s it — the plugin works automatically. No configuration required.

== Frequently Asked Questions ==

= Does it store user data? =  
Only temporarily. The commenter’s email and comment content are stored until confirmation. After that, the pending data is deleted automatically. Nothing is shared or transmitted to third parties.

= Will users have to confirm every time they comment? =  
No. Once a user confirms their email once, future comments from the same email will bypass the confirmation step.

= What happens to unconfirmed comments? =  
If the confirmation link isn’t clicked within 3 days, the comment is automatically deleted.

= Does it work with caching plugins? =  
Yes, it’s designed to work with most major caching solutions.

== Screenshots ==

1. The banner shown after a user submits a comment (telling them to confirm their email).
2. The one-time confirmation email.
3. The message shown after email is confirmed.
4. Admin confirmation prompt before clearing confirmed emails.
5. Email Validator admin tools screen.

== Changelog ==

= 1.8.3 =
* Deprecated issues fixed

= 1.8.1 =
* Error fixes

= 1.8.0 =
* Added a view pending emails feature to admin tools. 

= 1.7.0 =
* Added secure admin tools page for managing confirmed emails.
* Added display of current pending and confirmed email counts.
* Added nonce verification to confirmation link handling.
* Improved code security, sanitization, and performance.

== Upgrade Notice ==

= 1.7.0 =
This update introduces a secure admin page for tools, improves sanitization, and resolves all flags. Recommended for all users.
