=== Check Login Lite === Contributors: dynamokh Tags: email, discord, slack, chatwork, security Requires at least: 5.0 Tested up to: 6.9 Requires PHP: 7.4 Stable tag: 1.0.2 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html A powerful security plugin to monitor login attempts, restrict access by IP or country, and receive alerts via email or Discord. == Description == Check Login Lite enhances your WordPress login security with multiple protective features: - ✅ **IP whitelist / blacklist management** - 🌍 **Country-based access restrictions (up to 5 countries allowed)** - ✉️ **Email alerts when unfamiliar IP logs in** - 💬 **Discord webhook notification support** - 🔐 **Pseudo Basic Authentication system** for emergency lockdown - 🧠 **Automatic country list update** - 📜 **Login history log** No need for advanced setup. Simple UI inside WordPress admin dashboard. == External Services == This plugin uses third-party services only to provide the features you configure. = 1. countriesnow.space (country list generation) = - Service URL: `https://countriesnow.space/api/v0.1/countries` - Used for: Building and refreshing the selectable country list used in admin settings. - Data sent: No personal data is intentionally sent by the plugin for this request. - When sent: On activation and when refreshing the country list file. - Terms: `https://github.com/MartinsOnuoha/countriesNowAPI/blob/master/LICENSE` - Privacy: A dedicated privacy policy URL is not publicly provided by this service provider as of March 23, 2026. - Additional references: `https://countriesnow.space/` / `https://documenter.getpostman.com/view/1134062/T1LJjU52?version=latest` = 2. freeipapi.com (IP geolocation) = - Service URL pattern: `https://free.freeipapi.com/api/json/{IP}` - Used for: Determining country from IP for admin access restriction and login alert context. - Data sent: The IP address being checked (current request IP). - When sent: During admin access checks, settings page rendering, and login alert evaluation. - Terms: `https://freeipapi.com/terms` - Privacy: `https://freeipapi.com/privacy` = 3. Notification providers (optional, admin-configured) = - Services: Discord Webhook, Slack Webhook, Chatwork API - Used for: Sending security alert messages and emergency authentication credentials. - Data sent: Site URL, username, login IP/country, emergency token/URL, and configured message body. - When sent: Only when an alert/security event occurs and the corresponding provider is configured. - Discord Terms/Privacy: `https://discord.com/terms` / `https://discord.com/privacy` - Slack Terms/Privacy: `https://slack.com/terms-of-service` / `https://slack.com/privacy-policy` - Chatwork Terms/Privacy: `https://go.chatwork.com/en/terms.html` / `https://go.chatwork.com/en/privacy.html` This plugin does not include behavioral tracking or analytics for end users by default. Notification delivery is administrator-configured and event-driven. == Installation == 1. Upload the plugin folder to `/wp-content/plugins/check-login-lite` 2. Activate the plugin through the 'Plugins' menu in WordPress 3. Go to **Settings > Check Login Lite** in the admin panel 4. Configure IP whitelist/blacklist, country restrictions, and alert destinations. == Frequently Asked Questions == = Will this block me from logging in if I make a mistake? = No. The plugin always allows access from IPs in your whitelist, regardless of country settings. = What if I forget my Basic Auth credentials? = The pseudo Basic Auth expires automatically in 24 hours or after successful login. = Does it work on multisite? = Currently, this plugin is tested only in single-site installations. = Does this plugin support Slack or Chatwork notifications? = Yes. In addition to email and Discord, you can configure Slack Webhook and Chatwork API to receive login alerts and emergency authentication credentials. = What is the Pseudo Basic Authentication feature? = It is an emergency lockdown feature that adds a login form in front of wp-login.php and wp-admin when triggered. All users are forcefully logged out and a temporary token/password is sent via your configured notification channels. It expires automatically after 24 hours or upon successful login. == Changelog == = 1.0.2 = * Improve email subject encoding and UTF-8 handling when mbstring is unavailable. = 1.0.1 = * Avoid fatal errors when WP_Filesystem initialization fails. * Show an admin warning notice when country list initialization cannot be completed on activation. = 1.0.0 = * Initial release == Upgrade Notice == = 1.0.2 = Improves notification email encoding compatibility on environments without mbstring. = 1.0.1 = Fixes WP_Filesystem initialization failure handling to avoid fatal errors and adds an admin warning notice. = 1.0.0 = Initial stable version.