=== BaseCloud Shield === Contributors: basecloud Tags: 2fa, security, otp, login protection, sendgrid Requires at least: 5.0 Tested up to: 6.9 Stable tag: 1.0.0 Requires PHP: 7.4 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Enterprise-grade Two-Factor Authentication (2FA) with support for standard Email, SendGrid API, and BaseCloud CRM Webhooks. == Description == BaseCloud Shield is a lightweight yet powerful security plugin that enforces Two-Factor Authentication (2FA) on your WordPress login page. Unlike other bloat-heavy plugins, BaseCloud Shield focuses on reliability and flexibility in OTP delivery. **Key Features:** * **Plug & Play:** Works immediately using standard WordPress email delivery. * **Central Manager Routing:** Option to route ALL login OTPs to a single "Manager Email" address (great for agencies managing client sites). * **SendGrid API V3:** Native integration for high-deliverability emails. * **BaseCloud CRM Integration:** Connects to BaseCloud Webhooks for advanced automation flows (SMS, WhatsApp, etc). * **Secure OTPs:** 6-digit one-time passwords that expire automatically. * **Browser Trust:** "Remember this device" functionality to reduce friction for authorized users. == Installation == 1. Upload the `basecloud-shield` folder to the `/wp-content/plugins/` directory. 2. Activate the plugin through the 'Plugins' menu in WordPress. 3. Go to the "BC Shield" menu item in your dashboard. 4. Enable 2FA and choose your preferred Delivery Method. 5. (Optional) Enter a "Manager Email" if you wish to centralize all login codes. == External Services == This plugin may connect to external third-party services depending on your configuration. Below is a detailed explanation of what services are used, what data is sent, and when: **SendGrid Email API (Optional)** If you select "SendGrid API" as your delivery method in the plugin settings, this plugin will send data to SendGrid's email service to deliver one-time password (OTP) codes. * **Service**: SendGrid by Twilio * **What it's used for**: Sending two-factor authentication codes via email with improved deliverability * **When data is sent**: Every time a user attempts to log in and 2FA is enabled * **Data sent**: - Recipient email address (user's email or manager email if configured) - Sender email address (configured in plugin settings) - Site name - Username attempting to log in - 6-digit one-time password code - Email subject and HTML body * **API Endpoint**: https://api.sendgrid.com/v3/mail/send * **Terms of Service**: https://www.twilio.com/legal/tos * **Privacy Policy**: https://www.twilio.com/legal/privacy **Important**: You must have a SendGrid account and API key to use this feature. You are responsible for complying with SendGrid's terms of service and ensuring proper data handling practices. **BaseCloud CRM Webhook (Optional)** If you select "BaseCloud CRM Webhook" as your delivery method, the plugin will send login notification data to a webhook URL you configure. * **Service**: Custom webhook endpoint (configured by you) * **What it's used for**: Sending login notifications to external systems for custom processing (SMS, WhatsApp, logging, etc.) * **When data is sent**: Every time a user attempts to log in and 2FA is enabled * **Data sent**: - Site name - Username attempting to log in - User email address - 6-digit one-time password code - Timestamp of login attempt * **Endpoint**: User-configured webhook URL **Important**: When using the webhook option, you are responsible for the security and privacy compliance of the endpoint you configure. Ensure your webhook endpoint uses HTTPS and follows proper data protection practices. **Standard WordPress Email (Default)** By default, this plugin uses WordPress's built-in `wp_mail()` function, which does not involve any external services unless your WordPress installation is configured to use a third-party SMTP service. == Frequently Asked Questions == = Does this work with custom login pages? = Yes. BaseCloud Shield intercepts the authentication process at the core WordPress level, so it works with most standard login forms and custom themes. = What if I get locked out? = If you lose access to your email or the delivery method fails, you can disable the plugin by renaming the folder `basecloud-shield` to `basecloud-shield-disabled` via FTP/SFTP. = Is this compatible with WooCommerce? = Yes, it protects the standard WordPress user authentication flow, which WooCommerce utilizes for customer logins. == Screenshots == 1. The Professional Settings Panel. 2. The Secure OTP Verification Screen. == Changelog == = 1.0.0 = * Initial Release. * Added Central Manager Email routing. * Added SendGrid API V3 integration. * Added BaseCloud CRM Webhook integration.