=== Attributes User Access === Contributors: attributeswp Donate link: https://attributeswp.com/ Tags: authentication, login, security, access control, custom login Requires at least: 5.8 Tested up to: 6.7 Stable tag: 1.2.2 Requires PHP: 7.4 License: GPLv3 or later License URI: https://www.gnu.org/licenses/gpl-3.0.html Lightweight WordPress authentication with custom login pages, role-based redirections, and secure user access control. == Description == Attributes User Access is a lightweight and flexible authentication solution for WordPress. It empowers site administrators with detailed control over login processes, enhancing user authentication and access experience with a focus on security and performance. = Core Features = **Custom Login Page Creation** * Generate fully integrated login pages with WordPress * Use shortcode-based forms for easy theme compatibility * Automatically adapts to WordPress core updates * Template override system for complete customization **Flexible Login Redirection** * Redirect native WordPress login requests * Define role-based and context-aware redirection rules * Custom redirect URLs per user role **Developer-Focused Architecture** * PSR-4 autoloading and object-oriented design * Extensible with action and filter hooks * Modular components for easy customization * Comprehensive API for extensions **Security & Performance** * WordPress.org compliant security practices * Nonce verification on all forms and AJAX requests * Transient-based error handling (no PHP sessions) * Optimized asset loading * Minified CSS and JavaScript for production = Shortcode Usage = **Basic login form:** `[attributes_login_form]` **With parameters:** `[attributes_login_form redirect="/dashboard" remember="false"]` **Available parameters:** * `redirect` - Target URL after login (default: Dashboard) * `remember` - Show "Remember Me" checkbox (default: true) * `form_id` - Custom form identifier (default: attributes_login_form) * `label_username` - Custom username field label * `label_password` - Custom password field label * `label_remember` - Custom remember me label * `label_log_in` - Custom login button text = Template System = = Template System = Override templates in your theme for complete customization. **Template location in theme:** `your-theme/attributes/front/forms/login-form.php` **Original template location:** `wp-content/plugins/attributes-user-access/templates/front/forms/login-form.php` Copy the original template to your theme and customize as needed. The plugin automatically uses your theme's template when available. = Developer Hooks = **Actions:** * `attrua_before_login_form` - Fires before rendering the login form wrapper * `attrua_after_login_form` - Fires after rendering the login form * `attrua_login_form_fields` - Hook for adding custom fields to login form * `attrua_login_failed` - Fires when a login attempt fails * `attrua_successful_login` - Fires after successful authentication * `attrua_before_page_creation` - Fires before creating authentication pages * `attrua_after_page_creation` - Fires after creating authentication pages **Filters:** * `attrua_login_redirect_url` - Customize login redirection * `attrua_login_error_message` - Modify login error messages * `attrua_login_credentials` - Filter login credentials before authentication * `attrua_action_links` - Modify plugin action links * `attrua_row_meta` - Modify plugin row meta links == Installation == = Automatic Installation = 1. Log in to your WordPress admin panel 2. Navigate to Plugins > Add New 3. Search for "Attributes User Access" 4. Click "Install Now" and then "Activate" 5. Navigate to User Access in the admin menu 6. Create your custom login page and configure settings = Manual Installation = 1. Download the plugin ZIP file 2. Log in to your WordPress admin panel 3. Navigate to Plugins > Add New > Upload Plugin 4. Choose the downloaded ZIP file and click "Install Now" 5. Activate the plugin 6. Navigate to User Access to configure settings = System Requirements = * WordPress 5.8 or higher * PHP 7.4 or higher (PHP 8.0+ recommended) * MySQL 5.6 or higher / MariaDB 10.1 or higher * HTTPS enabled (recommended for security) = Quick Start Guide = 1. **Activate the plugin** through the 'Plugins' menu in WordPress 2. **Navigate to User Access** in the admin sidebar 3. **Create a login page** by clicking "Create Page" in the Pages tab 4. **Enable redirection** (optional) to redirect wp-login.php to your custom page 5. **Customize** your login page content and styling as needed == Frequently Asked Questions == = Is this plugin compatible with my theme? = Yes, Attributes User Access is designed to work with any properly coded WordPress theme. The plugin uses standard WordPress APIs and follows WordPress coding standards. = Can I customize the login form design? = Absolutely! You have several options: * Use custom CSS to style the form * Override the template in your theme directory * Use WordPress filters to modify form output * Add custom fields using action hooks = Does this plugin work with page caching? = Yes! The plugin uses WordPress transients instead of PHP sessions, making it fully compatible with page caching plugins like WP Super Cache, W3 Total Cache, and WP Rocket. = Is the plugin compatible with multisite? = Yes, the plugin is multisite compatible. Each site in your network can have its own custom login pages and settings. = How do I translate the plugin? = The plugin is translation-ready. You can: * Use the translation files in the /languages directory * Translate via translate.wordpress.org * Use plugins like Loco Translate or WPML = Does this work with two-factor authentication plugins? = Yes, the plugin is compatible with most two-factor authentication solutions as it uses WordPress's native authentication system. = How can I extend the plugin functionality? = Developers can extend functionality using: * WordPress action and filter hooks (see Developer Hooks section) * Custom template overrides in your theme * Extension plugins that hook into the plugin's API = Where can I get support? = For support, please use: * [Plugin documentation](https://attributeswp.com/docs) * [WordPress.org support forums](https://wordpress.org/support/plugin/attributes-user-access) * [GitHub issues](https://github.com/attributeswp/attributes-user-access/issues) for bug reports == Screenshots == 1. User Access settings page with login page management 2. Custom login page with branded design 3. Login redirection settings and configuration 4. Page status indicators showing active/inactive state 5. Default login form template in action == Changelog == = 1.2.2 - February 10, 2026 = **Security & Compliance:** * Removed: PHP sessions in favor of WordPress transients (WordPress.org compliance) * Enhanced: Transient-based error message handling with automatic expiration * Improved: Nonce verification and security implementation * Updated: Security documentation to reflect current best practices **User Experience:** * Added: Quick Settings link in plugins list page * Added: Documentation and Support links in plugin row meta * Improved: One-time use error messages prevent replay issues * Enhanced: Error messages now expire after 2 minutes **Developer:** * Added: `attrua_action_links` filter for plugin action links * Added: `attrua_row_meta` filter for plugin row meta links * Enhanced: Better compatibility with load-balanced environments * Improved: Cache plugin compatibility **Documentation:** * Updated: NONCE-FIX-SOLUTION.md with implementation status * Enhanced: Code documentation and inline comments * Added: WordPress.org compliance checklist = 1.2.1 - December 15, 2025 = * Fix: Regenerated all minified assets from original sources * Fix: Improved asset loading consistency across admin and frontend * Fix: Added smart asset path resolution with fallback system * Fix: Resolved missing admin.min.js file causing asset loading issues * Enhancement: Optimized file sizes for better performance * Enhancement: Enhanced production deployment readiness = 1.2.0 = * Enhancement: Improved plugin performance and stability * Enhancement: Optimized codebase for better security * Enhancement: Enhanced production readiness * Enhancement: Better error handling and validation * Enhancement: Improved code organization and structure * Update: Comprehensive documentation updates * Update: Enhanced user experience and reliability = 1.1.0 = * Enhancement: Added template override system for themes * Enhancement: Improved security with better nonce validation * Enhancement: Added custom logout handling endpoint * Feature: New Extension Manager for add-on support * Feature: Enhanced settings management with dot notation * Feature: Added password visibility toggle * Feature: Improved admin interface with notifications * Feature: Added shortcode copying functionality * Improvement: Better accessibility with ARIA support * Improvement: Added dark mode support * Improvement: Enhanced responsive design * Improvement: Better error handling and user feedback = 1.0.0 - Initial Release = * Initial release * Custom login page generation * Role-based redirection system * Basic shortcode functionality * Core authentication features * Developer hooks and filters * Template system foundation == Upgrade Notice == = 1.2.2 = Important security and compliance update: Replaced PHP sessions with WordPress transients for better scalability and WordPress.org compliance. Enhanced user experience with quick access links. Recommended for all users. = 1.2.1 = Asset optimization update: Fixed minified asset loading issues and improved performance with optimized file sizes and smart fallback system. = 1.2.0 = Stability and performance update: Enhanced security, improved reliability, and optimized codebase for better user experience. = 1.1.0 = Major feature update: Enhanced template system, improved security, and new extension management capabilities. == Privacy Policy == Attributes User Access does not: * Collect any user data * Send data to external servers * Use cookies for tracking * Store sensitive information The plugin only stores: * Plugin settings in WordPress options table * Temporary error messages in WordPress transients (auto-expire) * Page IDs for custom authentication pages All data is stored locally in your WordPress database and is completely removed upon plugin uninstallation. == Support & Contributing == **Documentation:** [https://attributeswp.com/docs](https://attributeswp.com/docs) **Support Forum:** [https://wordpress.org/support/plugin/attributes-user-access](https://wordpress.org/support/plugin/attributes-user-access) **GitHub Repository:** [https://github.com/attributeswp/attributes-user-access](https://github.com/attributeswp/attributes-user-access) **Report Issues:** [https://github.com/attributeswp/attributes-user-access/issues](https://github.com/attributeswp/attributes-user-access/issues) Contributions are welcome! Please feel free to submit pull requests or open issues on GitHub.