=== Rat Two-Factor Authentication ===
Contributors: rathsh
Tags: two-factor, authentication, security, 2fa, otp
Requires at least: 5.0
Tested up to: 6.8
Requires PHP: 7.4
Stable tag: 1.0.1
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Lightweight and powerful Two-Factor Authentication plugin for WordPress with email-based OTP verification.

== Description ==

**Rat Two-Factor Authentication** is a lightweight yet powerful security plugin that adds an extra layer of protection to your WordPress site through email-based One-Time Password (OTP) verification.

= Key Features =

* **Email-based OTP verification** - Secure 6-digit codes sent to user's email
* **Lightweight and fast** - Minimal impact on site performance
* **User-friendly interface** - Clean, responsive design that works on all devices
* **Flexible settings** - Enable 2FA globally or per user
* **Role-based requirements** - Require 2FA for specific user roles
* **Session management** - Secure session handling with timeout protection
* **AJAX-powered** - Smooth user experience without page reloads
* **Auto-submit functionality** - Automatically submits form when 6 digits are entered
* **Resend functionality** - Users can request new codes with cooldown protection
* **Mobile-friendly** - Optimized for mobile login experiences
* **Security-first** - Nonce protection, input sanitization, and secure coding practices

= How It Works =

1. User enters their username and password normally
2. If 2FA is enabled, they're redirected to an OTP verification screen
3. A 6-digit code is sent to their registered email address
4. User enters the code to complete login
5. Code expires after 10 minutes for security

= Perfect For =

* **Business websites** requiring enhanced security
* **E-commerce stores** protecting customer accounts
* **Membership sites** with sensitive user data
* **Multi-author blogs** securing contributor access
* **Any WordPress site** wanting better login security

= Admin Features =

* **Global 2FA setting** - Enable for all users
* **Force 2FA option** - Make it mandatory for selected roles
* **Role-based configuration** - Choose which roles require 2FA
* **User profile integration** - Users can enable/disable 2FA individually
* **Clean admin interface** - Easy to configure and manage

= Developer Friendly =

* **Well-documented code** with inline comments
* **WordPress coding standards** compliant
* **Hook system** for customization
* **Lightweight codebase** for easy modification
* **No external dependencies** - Pure WordPress integration

= Security Features =

* **Nonce verification** for all AJAX requests
* **Input sanitization** and validation
* **Secure OTP generation** using WordPress built-in functions
* **Session timeout** protection (10 minutes)
* **Rate limiting** on resend requests
* **No plain text storage** of OTP codes

== Installation ==

= Automatic Installation =

1. Login to your WordPress admin panel
2. Navigate to Plugins > Add New
3. Search for "Rat Two-Factor Authentication"
4. Click "Install Now" and then "Activate"

= Manual Installation =

1. Download the plugin zip file
2. Upload it to `/wp-content/plugins/` directory
3. Extract the zip file
4. Activate the plugin through the 'Plugins' menu in WordPress

= After Installation =

1. Go to Settings > Two-Factor Auth
2. Configure your preferred settings
3. Enable 2FA for your user account in your profile
4. Test the functionality

== Configuration ==

= Global Settings =

Navigate to **Settings > Two-Factor Auth** to configure:

* **Enable 2FA Globally**: Turn on 2FA for all users
* **Force 2FA for All Users**: Make 2FA mandatory regardless of user preference
* **Required User Roles**: Select specific roles that must use 2FA

= User Settings =

Each user can enable/disable 2FA in their profile:

1. Go to **Users > Profile** (or **Users > Your Profile**)
2. Find the "Two-Factor Authentication" section
3. Check "Enable 2FA" to activate for that user
4. Save the profile

= Email Configuration =

The plugin uses WordPress's built-in `wp_mail()` function. Ensure your site can send emails properly. Consider using:

* SMTP plugins for reliable email delivery
* Email services like SendGrid, Mailgun, or Amazon SES
* Proper SPF/DKIM records for your domain

== Frequently Asked Questions ==

= Is this plugin free? =

Yes, Rat Two-Factor Authentication is completely free and open-source.

= Does it work with any email provider? =

Yes, it works with any email provider as it uses WordPress's standard email system.

= Can I customize the email template? =

Yes, you can use WordPress hooks to customize the email content and styling.

= What happens if a user loses access to their email? =

Administrators can disable 2FA for any user from their profile page in the admin area.

= Does it work with other security plugins? =

Yes, it's designed to work alongside other security plugins without conflicts.

= Is it compatible with multisite? =

The plugin works on multisite installations and can be configured per site.

= How secure are the OTP codes? =

OTP codes are generated using WordPress's secure random functions and are hashed before storage.

= Can I change the code expiry time? =

Currently set to 10 minutes, but developers can modify this using plugin hooks.

= Does it support app-based authentication? =

This version focuses on email-based OTP. App-based authentication may be added in future versions.

= Is there a premium version? =

Currently, there's only the free version with all features included.

== Screenshots ==

1. **Admin Settings Page** - Configure global 2FA settings and role requirements
2. **User Profile Settings** - Individual user 2FA enable/disable option
3. **Login OTP Screen** - Clean, user-friendly verification interface
4. **Mobile Login View** - Responsive design optimized for mobile devices
5. **Email OTP Example** - Sample verification email sent to users

== Changelog ==

= 1.0.1 - 2024-12-19 =
* Initial release
* Email-based OTP verification
* User and admin interfaces
* Role-based requirements
* Session management
* AJAX functionality
* Mobile optimization
* Security implementations
* WordPress 6.4 compatibility

== Upgrade Notice ==

= 1.0.1 =
Initial release of Rat Two-Factor Authentication. Install to add powerful 2FA security to your WordPress site.

== Support ==

For support, feature requests, or bug reports:

* **Plugin Support**: [WordPress.org Support Forum](https://wordpress.org/support/plugin/rat-two-factor-authentication)
* **Documentation**: Available in the plugin's admin area
* **Bug Reports**: Please provide detailed information about your setup

== Contributing ==

We welcome contributions! The plugin follows WordPress coding standards and best practices.

== Privacy Policy ==

This plugin:
* Stores minimal user data (2FA preference and temporary OTP hashes)
* Does not send data to external services
* Uses WordPress's built-in email system
* Follows WordPress privacy guidelines
* Allows data export/erasure as per GDPR requirements

== Technical Requirements ==

* WordPress 5.0 or higher
* PHP 7.4 or higher
* MySQL 5.6 or higher (or equivalent MariaDB)
* Ability to send emails from WordPress
* Modern web browser with JavaScript enabled

== Credits ==

Developed with ❤️ by the Rat Plugins team, focused on creating lightweight, powerful, and user-friendly WordPress plugins.

== License ==

This plugin is licensed under the GPL v2 or later.

> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
>
> This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. 