=== Limesnip Simple2FA ===
Contributors: mhason
Tags: two-factor, 2fa, authentication, security, email verification
Requires at least: 6.0
Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 1.3.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Simple email-based two-factor authentication for WordPress. Adds a clean, Linear-inspired verification screen to your login flow.

== Description ==

Limesnip Simple2FA adds email-based two-factor authentication to your site. After entering their username and password, users receive a 6-digit verification code via email that they must enter to complete login.

**Features:**

* Email-based 2FA - no authenticator app required
* Clean, Linear-inspired verification UI
* Auto-advancing digit inputs with paste support
* Auto-submit when all digits are entered
* Role-based enforcement - choose which roles require 2FA
* Configurable code expiration and max attempts
* Optional "Remember this device" feature
* HTML and plain text email support
* Secure code storage (SHA-256 hashed)
* Fully responsive design

== Screenshots ==

1. The verification screen shown to users after login.
2. The email the user receives with their verification code.
3. The plugin settings page.

== Installation ==

1. Upload the `limesnip-simple2fa` folder to `/wp-content/plugins/`
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Go to Settings > Limesnip Simple2FA to configure

== Frequently Asked Questions ==

= Which email is used for the verification code? =

The code is sent to the email address registered in the user's WordPress profile.

= Can I customize the verification email? =

Yes. You can upload a logo that appears in the email, choose between HTML and plain text format, and edit the email subject line. Go to Settings > Limesnip Simple2FA to configure these options.

= Can I customize the 2FA login screen? =

Yes. You can upload a logo that appears on the verification screen. Go to Settings > Limesnip Simple2FA to configure this.

= What happens if the code expires? =

Users can click "Resend code" to receive a new code. There is a 60-second cooldown between resends.

= Can users skip 2FA on trusted devices? =

If enabled by the admin in settings, users can check "Remember this device" to skip 2FA for a configurable number of days.

== Changelog ==

= 1.3.0 =
* Added: Full-page loading overlay shown after successful verification, so users know their code was accepted and the dashboard is loading
* Added: Verification digits are grayed out and disabled once the code is accepted, giving immediate visual confirmation
* Added: Auto-redirect to the plugin settings page on first activation so you can configure and test right away
* Added: Editor role is now enforced for 2FA by default (alongside Administrator)
* Added: If the site has a Site Logo set in the Customizer, it is automatically used as the plugin's default logo on activation

= 1.2.8 =
* Initial public release

== Upgrade Notice ==

= 1.3.0 =
Adds clearer visual feedback during dashboard loading after verification, auto-redirect to settings on activation, Editor role enforcement by default, and automatic use of the site's Site Logo.

= 1.2.8 =
Initial public release.
