=== 4WP Account === Contributors: 4wpdev Tags: social login, oauth, google, github, account Requires at least: 6.4 Tested up to: 7.0 Requires PHP: 8.0 Stable tag: 1.0.4 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Social login with Google and GitHub, account page and blocks. Facebook and TikTok are planned for a future release. == Description == **4WP Account** is a user account hub for WordPress: social sign-in (OAuth 2.0), a front-end account page, header account menu block, and optional WooCommerce login buttons. **Active in this release:** Google and GitHub login when enabled in **4WP Account → Auth**. Facebook and TikTok appear in settings as *coming soon* — they are not available for login yet. A plugin by [4wp.dev](https://4wp.dev/). **4WP** is our project brand; the letters "WP" appear only as part of that brand name, not as a reference to WordPress. This plugin is not affiliated with, endorsed by, or sponsored by WordPress. Source code: [github.com/4wpdev/4wp-account](https://github.com/4wpdev/4wp-account) = Key features = * **Google and GitHub** OAuth sign-in (enable per provider in wp-admin) * **Account page** — `[forwp_account]` shortcode or `forwp/account` block (sign-in when logged out; cabinet when logged in) * **Account menu** — `forwp/account-menu` block or `[forwp_account_menu]` for header dropdown * **Sign-in buttons** — `[forwp_account_signin_buttons]` or `forwp/auth-buttons` block * **REST API** — `/wp-json/forwp-account/v1/auth/{provider}` and OAuth callbacks * **WooCommerce** — optional social buttons on My Account login/register forms * **Subscriber options** — hide admin bar, redirect subscribers away from wp-admin = Privacy = OAuth tokens are exchanged server-side. Profile email and name from the provider are stored in WordPress user records. No data is sent to 4wp.dev. = Development = Run tests: `composer install && composer run lint && composer run test` == External services == This plugin connects to third-party OAuth providers when a visitor starts social login and when an administrator saves API credentials. = Google = * **When:** User clicks Google sign-in; server exchanges the authorization code and reads profile email. * **Terms:** [Google API Terms of Service](https://developers.google.com/terms) * **Privacy:** [Google Privacy Policy](https://policies.google.com/privacy) = GitHub = * **When:** User clicks GitHub sign-in; server exchanges the code and reads the primary verified email. * **Terms:** [GitHub Terms of Service](https://docs.github.com/en/site-policy/github-terms/github-terms-of-service) * **Privacy:** [GitHub Privacy Statement](https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement) = Meta (Facebook) — planned = * **When:** Not enabled in this release. Listed in admin as *coming soon*. * **Terms:** [Meta Platform Terms](https://developers.facebook.com/terms/) * **Privacy:** [Meta Privacy Policy](https://www.facebook.com/privacy/policy/) = TikTok — planned = * **When:** Not enabled in this release. Listed in admin as *coming soon*. * **Terms:** [TikTok Terms of Service](https://www.tiktok.com/legal/terms-of-service) * **Privacy:** [TikTok Privacy Policy](https://www.tiktok.com/legal/privacy-policy) == Installation == 1. Upload the plugin to `/wp-content/plugins/4wp-account/` or install from the Plugins screen. 2. Activate **4WP Account**. 3. Open **4WP Account → Auth** — enable Google and/or GitHub and paste OAuth credentials. 4. Copy each **Redirect URI** from settings into Google Cloud or GitHub OAuth app settings. 5. Create a page with `[forwp_account]` or add the **Account** block. == Frequently Asked Questions == = Which providers work in 1.0.4? = **Google** and **GitHub** when enabled and configured. **Facebook** and **TikTok** are shown as *coming soon* in admin and cannot be used for login. = Where is the OAuth callback URL? = In **4WP Account → Auth** — use the Redirect URI shown for each provider (built with `rest_url()`, compatible with custom REST prefixes). = Does the plugin create WordPress users? = Yes. On first social login, a subscriber account is created from the provider email (required). Returning users are matched by email and logged in with WordPress auth cookies after OAuth `state` verification. == Screenshots == 1. Admin — Auth tab with Google/GitHub credentials and redirect URIs. 2. Front-end — account page sign-in. 3. Header — account menu block dropdown. == Changelog == = 1.0.4 = * Remove unused `register_setting()` calls (automated Plugin Check). * Plugin Check warnings: input sanitization, migration SQL `%i`, distignore moved to docs. = 1.0.3 = * Review fixes: required OAuth `state` validation, `rest_url()` for callback URLs, readme aligned with active providers. * Account blocks and GitHub provider (from ongoing development). = 1.0.2 = * WordPress.org packaging: readme, GPL license, text domain `4wp-account`, quality toolchain. * Provider enable toggle respected before login. = 1.0.1 = * Gmail OAuth, shortcodes, WooCommerce integration. == Upgrade Notice == = 1.0.4 = Automated scan and Plugin Check fixes — includes T1 review items from 1.0.3. = 1.0.3 = Review resubmit — OAuth state required on callback; use Redirect URIs from Auth settings after update.