=== DB Solution - 2FA === Contributors: davidebaraldi Tags: 2fa, security, custom login, authentication, protection Requires at least: 6.0 Tested up to: 6.9 Requires PHP: 8.2 Stable tag: 15.4 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Advanced security module for the DB Solution suite. Adds email-based 2FA, Strict Mode protection, and hides the standard login URL. == Description == **DB Solution - 2FA** transforms your WordPress login security by integrating seamlessly into the DB Solution ecosystem. Don't rely just on a password: protect your work with a dual-layer system designed to be invisible to hackers but simple for you. https://www.youtube.com/watch?v=Alipj1PDJ9Y **🔥 NEW IN VERSION 15.4: ADVANCED SECURITY** * **Strict Mode (Anti-Hacker):** Now you can bind the OTP code to the specific IP address and Device requesting it. If a hacker intercepts the code but tries to use it from a different location, it won't work! * **Custom OTP Expiration:** You decide how long the code is valid (e.g., 15 or 30 minutes). Increased flexibility for your users. * **Enhanced Feedback:** Clear confirmation messages when you save your settings. **Key Features:** * **Two-Factor Authentication (2FA):** Sends a secure OTP (One Time Password) to your email upon login. * **Strict Mode:** (New) Prevents code reuse from different IP addresses or browsers. * **Secret Login URL:** Hide standard entry points (`wp-login.php` and `wp-admin`) by replacing them with a custom address (e.g., `mysite.com/private-access`). * **Master Switch:** A single smart switch to instantly activate or deactivate all security barriers in case of emergency. * **Login Monitor:** Get notified via email whenever a successful login occurs (includes IP and timestamp). * **DB Solution Hub:** Centralized management via the professional DB Solution suite interface. **Why use it?** Most automated attacks (brute force) target standard WordPress URLs. By changing the URL and adding 2FA with Strict Mode, you eliminate 99% of automated risks. == Installation == 1. Upload the `db-solution-2fa` folder to the `/wp-content/plugins/` directory on your server. 2. Activate the plugin through the 'Plugins' menu in WordPress. 3. Access the new **"DB Solution"** menu item in the admin sidebar to configure security settings. == Screenshots == 1. The "DB Solution HUB" Dashboard with information and contacts. 2. The security configuration panel (Default view). 3. The security panel with 2FA enabled and Custom Login URL configured. == Changelog == = 15.4 = * New: Added "Strict Mode" security (locks OTP to IP address and User Agent). * New: Added OTP expiration time setting (customizable minutes). * New: Added "Settings Saved" confirmation message. * Fix: Sanitized server variables and inputs according to WordPress coding standards. = 15.3 = * Fix: Moved CSS and JS to external files and enqueued them properly as per review request. * Fix: Removed assets folder from the plugin zip. = 15.2 = * Update: Renamed plugin slug, textdomain, and prefixes to 'db-solution-2fa' as per reviewer request. = 15.1.5 = * Security improvements: strict sanitization and nonce checks. * Removed internal updater to comply with WordPress.org repository standards. = 15.1.1 = * Standard fix for WordPress.org compliance. = 15.1.0 = * Full integration into the DB Solution suite. * New modular and modern user interface. * Code refactoring for performance and security. = 15.0.0 = * Previous standalone version.