=== Keyless Auth - Login without Passwords === Contributors: chrmrtns, sareiodata, cozmoslabs Donate link: https://paypal.me/chrmrtns Tags: passwordless, login, authentication, security, email Requires at least: 3.9 Tested up to: 6.8 Stable tag: 2.2.0 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Secure keyless authentication - users login via email magic links without passwords. Customizable templates and enhanced security. == Description == **Keyless Auth - Login without Passwords** allows users to securely login to your WordPress site without remembering passwords. Simply enter their email, and they receive a magic login link - secure, fast, and user-friendly. **๐Ÿ” Feature Overview** **โœ… Ready:** โ€ข Passwordless Login via Email โ€“ secure, simple, password-free โ€ข Token Expiry + Security Rules โ€“ one-time login links with expiration and abuse protection โ€ข SMTP Integration โ€“ send emails via your own mail server โ€ข Simple Mail Log โ€“ track when and to whom login links were sent โ€ข Email Templates โ€“ customize your login email content โ€ข Basic Email Designer โ€“ quick styling options directly in the dashboard **๐Ÿ›  In Progress:** โ€ข Role-Based Token Redirects โ€“ redirect users based on their role after login โ€ข Webhook Support โ€“ trigger external actions after login (e.g., automation tools) โ€ข Telegram Support โ€“ receive login links via Telegram Bot โ€ข Simple CSS Styling โ€“ easily adjust button & container styles **๐Ÿง  Planned:** โ€ข BricksBuilder Login Element โ€“ full BricksBuilder integration โ€ข Visual Email Designer (Bricks-Based) โ€“ design login emails visually with Bricks โ€ข White-Label / Branding Removal โ€“ perfect for agencies & white-label solutions โ€ข REST API โ€“ access login functionality via secure API endpoints โ€ข KLA Companion App (PWA) โ€“ receive login links in an app instead of email โ€ข Login Audit Log โ€“ comprehensive tracking of all login attempts with IP addresses, device types, and security insights โ€ข Two-Factor Authentication โ€“ extra security via Telegram, app-based code, or similar **๐Ÿš€ Latest Major Update in v2.2.0:** * **๐Ÿ—„๏ธ Custom Database Tables** - Migrated from wp_options to dedicated database tables for scalability * **๐Ÿ“Š Enhanced Login Audit Log** - Comprehensive logging with IP addresses, device types, and user agents * **โšก Performance Improvements** - Optimized database queries and reduced wp_posts table bloat * **๐Ÿ”’ Advanced Token Management** - Secure token storage with attempt tracking and automatic cleanup * **๐Ÿ“ง Enhanced Mail Logging** - Improved email tracking with status monitoring and delivery insights * **๐Ÿ”„ Backwards Compatibility** - Seamless upgrade path with legacy system fallbacks * **๐Ÿ›ก๏ธ Security Enhancements** - Better audit trails and login attempt monitoring **๐Ÿ”ง Fixes in v2.1.1:** * **๐Ÿท๏ธ Consistent Branding** - All "Passwordless Authentication" references updated to "Keyless Auth" * **๐Ÿ”’ Updated Security Nonces** - Changed from passwordless_login_request to keyless_login_request * **๐Ÿ“ง Fixed SMTP Test Emails** - Test emails now properly show "Keyless Auth" branding * **๐Ÿ“ Correct Installation Path** - Documentation now references correct "keyless-auth" folder * **๐Ÿ“ Fixed Menu References** - Updated from "PA Settings" to proper "Templates" menu name * **๐Ÿ”— Updated Repository URLs** - All GitHub links now point to correct keyless-auth repository * **๐ŸŒ Clean Translation Template** - Regenerated keyless-auth.pot with only current strings * **๐Ÿงน Removed Legacy Strings** - Cleaned up obsolete translation references from original fork **โœจ New Features in v2.1.0:** * **๐Ÿ“ง Optional From Email Field** - Added optional "From Email" field in SMTP settings for flexible sender configuration * **โš™๏ธ Enhanced SMTP Flexibility** - Support scenarios where SMTP authentication email differs from desired sender email * **๐Ÿ“ฌ Maintained Deliverability** - Proper Message-ID domain alignment for SPF/DKIM/DMARC compliance preserved * **๐Ÿ”„ Backwards Compatible** - Empty From Email field defaults to SMTP username, ensuring existing installations work unchanged **โœจ Features from v2.0.12:** * **๐Ÿ”— Settings Link Added** - Direct settings link in WordPress plugin list for easier access * **๐Ÿ“ง Fixed Mail Logs View Button** - View Content button now properly displays email content * **๐ŸŽฏ Improved Admin JavaScript** - Added missing functions for mail logs interaction * **๐Ÿ”„ SMTP Cache Management** - Added "Clear SMTP Cache" button to resolve configuration issues when settings aren't updating * **๐Ÿ“ง Enhanced Email Deliverability** - Message-ID domain now matches authenticated sender for better SPF/DKIM/DMARC alignment * **๐Ÿ› ๏ธ Automatic Cache Clearing** - SMTP settings now automatically clear cache when saved to ensure fresh configuration * **โ˜‘๏ธ Bulk Delete Mail Logs** - Select multiple mail logs with checkboxes and delete them in one action * **โœ… Select All Checkbox** - Quickly select/deselect all mail logs for bulk operations **Features in v2.0.11:** * **๐Ÿ“ง Critical SMTP Fix** - Fixed sender email not being used, emails now properly send from configured SMTP address * **๐Ÿ“ Fixed Mail Logging** - Resolved post type name length issue preventing mail logs from being saved * **๐Ÿ”ง Fixed wp-config.php Instructions** - Restored missing JavaScript for credential storage toggle display * **๐Ÿ› Fixed Fatal Errors** - Resolved multiple undefined function errors in Mail Logger page * **๐Ÿ” Enhanced Diagnostics** - Added diagnostic information to help troubleshoot mail logging issues **Features in v2.0.10:** * **๐Ÿ›ก๏ธ WordPress.org Plugin Check Compliance** - Resolved all input validation and sanitization warnings * **๐Ÿ”’ Enhanced Security** - Fixed wp_unslash() issues and removed insecure duplicate form processing * **โšก Improved Code Quality** - Eliminated security vulnerabilities in POST data handling * **๐Ÿงน Code Cleanup** - Removed redundant save_settings() method that bypassed security checks **Features in v2.0.9:** * **๐Ÿท๏ธ WordPress.org Ready** - Complete rebrand to "Keyless Auth" for WordPress.org compliance * **๐Ÿ”ง Enhanced Prefixes** - All functions/classes use unique "chrmrtns_kla_" prefixes * **๐Ÿ›ก๏ธ Security Hardening** - Improved nonce verification with proper sanitization * **โšก Performance Optimized** - Converted inline JS/CSS to proper wp_enqueue system * **๐Ÿ“‹ Code Compliance** - Full WordPress.org Plugin Check compliance * **๐ŸŽฏ Simplified Shortcode** - New [keyless-auth] shortcode **Features in v2.0.8:** * **๐Ÿ”’ Security Improvements** - Enhanced output escaping compliance with esc_html_e() and wp_kses() * **๐ŸŽจ Template Preview Security** - Email template previews use controlled HTML allowlists * **๐Ÿ–ฑ๏ธ Button Text Colors** - Fixed button text color controls to prevent blue hover text issues * **๐Ÿ›ก๏ธ WordPress.org Compliance** - Comprehensive escaping improvements for enhanced security **Features in v2.0.7:** * **๐Ÿ›ก๏ธ WordPress.org Compliance** - Full Plugin Check compliance for WordPress.org submission * **๐Ÿ”’ Security Hardening** - Enhanced output escaping and input validation * **โšก Performance Optimized** - Improved database queries and conditional debug logging * **๐Ÿ“‹ Code Quality** - Complete adherence to WordPress coding and security standards * **๐Ÿ” Enhanced Protection** - Advanced CSRF and timing attack mitigation **Features in v2.0.6:** * **๐Ÿ”ง Fixed Placeholder Token Rendering** - Button backgrounds now display correctly in custom templates * **๐Ÿ“ WYSIWYG-Safe Placeholders** - Changed from {{PLACEHOLDER}} to [PLACEHOLDER] format to prevent editor corruption * **๐ŸŽจ Better Email Structure** - Full-width gradient background with 600px content area for professional appearance * **โœ… Reliable Color Replacement** - Template placeholders are properly replaced with actual colors in all scenarios **Features in v2.0.5:** * **โœจ Two-Field Email Template System** - Separate WYSIWYG body content from optional CSS styles * **๐ŸŽจ Enhanced Template Editor** - Body content uses inline styles, CSS styles go in head section * **๐Ÿ”ง WYSIWYG Compatibility** - No more editor corruption of HTML structure or CSS classes * **๐Ÿ“ 2x2 Grid Preview Layout** - Template previews now display in compact grid instead of vertical stack * **๐ŸŽฏ Advanced Customization** - Choose inline-only styles OR use CSS classes with separate stylesheet field **Features in v2.0.4:** * **๐Ÿ” Secure Credential Storage** - Choose between database or wp-config.php storage for SMTP credentials * **๐Ÿ›ก๏ธ Enhanced Security** - wp-config.php option keeps sensitive credentials outside the web root * **โš™๏ธ Flexible Configuration** - Toggle between storage methods with clear visual indicators **Features in v2.0.3:** * **๐Ÿ”— Login Link Reliability** - Fixed critical issue where login links weren't processing correctly * **๐Ÿ”Œ Enhanced Hook System** - Improved WordPress hook integration for better compatibility * **๐Ÿงน Streamlined Code** - Removed debug logging for production-ready performance **Features in v2.0.2:** * **๐Ÿ‘ค Custom Sender Names** - Force custom "From" names for all emails with toggle control * **๐Ÿ“Š Login Success Tracking** - Dynamic counter showing total successful passwordless logins * **๐Ÿ“ง Enhanced Mail Logging** - Fixed compatibility issues with other SMTP plugins **Features in v2.0.1:** * **๐Ÿ—๏ธ Modular Architecture** - Complete code refactoring with clean, maintainable class structure * **๐Ÿ“จ SMTP Configuration** - Full SMTP support for reliable email delivery with major providers * **๐Ÿ“‹ Email Logging & Monitoring** - Track and monitor all emails sent from WordPress * **๐ŸŽจ Visual Email Editor** - WYSIWYG editor with HTML support for custom templates * **๐ŸŽจ Advanced Color Controls** - Support for hex, RGB, HSL, and HSLA color formats * **๐Ÿ‘๏ธ Template Previews** - Live preview of email templates before selection * **๐Ÿ”— Link Color Customization** - Separate color controls for buttons and text links * **๐ŸŽ›๏ธ Enhanced Menu Structure** - Dedicated top-level admin menu with subpages * **๐Ÿ’ผ Professional Email Templates** - Styled German and Simple English templates * **๐Ÿ”’ Enhanced Security** - Comprehensive nonce verification and input sanitization **How it works:** * Instead of asking users for a password when they try to log in to your website, we simply ask them for their username or email * The plugin creates a temporary authorization token and saves it securely with enhanced validation * Then we send the user a beautifully styled email with a login button * The user clicks the button and is automatically logged in * Tokens expire after 10 minutes and can only be used once for maximum security You can use the shortcode [keyless-auth] in a page or widget. NOTE: Keyless Auth does not replace the default login functionality in WordPress. == Installation == 1. Upload the keyless-auth folder to the '/wp-content/plugins/' directory 1. Activate the plugin through the 'Plugins' menu in WordPress 1. Go to Keyless Auth > Templates to configure email templates and colors 1. Create a new page and use the shortcode [keyless-auth] == Frequently Asked Questions == = Is this secure? = Yes. The token is created using wp_hash and it's based on the user id, the current time and the salt in wp-config.php = Couldn't anyone login if they have that link? = The token expires after 10 minutes and can only be used once. If people have access to that link it's supposed they have access to your email, in which case it's as safe as the default login, since they could reset their passwords. = Isn't it more complicated they just entering a password? = Weak passwords are used every day by users. There are also people who use the same password across various services and websites. By using the Keyless Auth plugin your users will have one less password to worry about. = How do I customize the email templates? = Go to Keyless Auth > Templates in your WordPress admin. You can choose from predefined templates (German or English) or create your own custom HTML template using the built-in WYSIWYG editor with full HTML and CSS support. = Can I change the colors in the emails? = Yes! In the settings page, you can customize button colors, button hover colors, and link colors. Supports multiple color formats including hex (#007bff), RGB (rgb(0,123,255)), HSL (hsl(211,100%,50%)), and HSLA colors. You can use either color pickers or enter color codes manually. = Does the custom email editor support HTML? = Absolutely! The custom template editor includes a full WYSIWYG editor with HTML support. You can create rich email templates with custom styling, different font sizes, colors, tables, and more. Switch between visual and HTML editing modes as needed. = How do I configure SMTP for reliable email delivery? = Go to Keyless Auth > SMTP in your WordPress admin. You can configure SMTP settings for providers like Gmail, Outlook, Mailgun, SendGrid, and more. The plugin includes automatic port configuration for SSL/TLS, connection testing, and debug tools to ensure your emails are delivered reliably. = Can I track what emails are being sent? = Yes! The Mail Logs feature allows you to monitor all emails sent from your WordPress site. You can view complete email history with timestamps, recipients, subjects, and even preview the full email content. This is perfect for troubleshooting delivery issues and monitoring your site's email activity. = Can I customize the sender name in emails? = Absolutely! In the SMTP settings, you can enable "Force From Name" and set a custom sender name like "Your Website Name" instead of just showing the email address. This makes emails look more professional and branded. The feature includes a toggle control so you can easily enable or disable it. = Can I store SMTP credentials securely outside the database? = Yes! Version 2.0.4 introduces secure credential storage options. You can choose to store SMTP username and password in wp-config.php instead of the database. This is more secure as wp-config.php is typically outside the web root. Simply add these constants to your wp-config.php: `define('CHRMRTNS_PA_SMTP_USERNAME', 'your-email@example.com');` `define('CHRMRTNS_PA_SMTP_PASSWORD', 'your-smtp-password');` Then select "Store in wp-config.php" in the SMTP settings. = What's different from the original Passwordless Login plugin? = This enhanced version includes: modular class-based architecture, SMTP configuration, email logging & monitoring, WYSIWYG email editor, visual template previews, advanced color controls (hex/RGB/HSL), separate button and link colors, dedicated admin menu, enhanced security with comprehensive nonce verification, HTML email support, and professional styling options. = What does the modular architecture mean for developers? = In v2.0.1, we completely refactored the plugin from a single 1868-line file into clean, organized classes. Each functionality (authentication, SMTP, mail logging, email templates, admin interface) is now in its own dedicated class file. This makes the code much easier to maintain, extend, and debug. Developers can now easily customize specific features without affecting others. = I can't find a question similar to my issue; Where can I find support? = For support with the original functionality, visit http://www.cozmoslabs.com. For issues specific to this enhanced version, please check the GitHub repository. == Screenshots == 1. Front-end login form - Clean, simple passwordless authentication interface 2. Main admin dashboard - Overview with shortcode info and success counter 3. Email template settings - Choose from predefined templates or create custom ones 4. WYSIWYG email editor - Full HTML support for custom email templates 5. SMTP configuration - Secure credential storage with wp-config.php option 6. Mail logs - Track all sent emails with timestamps and preview 7. Test email functionality - Verify SMTP settings with one-click testing 8. Email preview - See exactly how your login emails will look == Changelog == = 2.2.0 = * MAJOR: Custom database architecture - Migrated from wp_options storage to dedicated database tables for better scalability * NEW: Login audit log table - Comprehensive tracking of login attempts with IP addresses, device types, user agents, and timestamps * NEW: Enhanced mail logs table - Advanced email tracking with status monitoring, SMTP responses, and delivery insights * NEW: Secure token storage table - Dedicated table for login tokens with automatic expiration and cleanup * NEW: Device tracking table - Foundation for future 2FA and companion app features * NEW: Webhook logs table - Infrastructure for future webhook support and external integrations * IMPROVEMENT: Performance optimization - Reduced database overhead by moving high-volume data out of wp_posts and wp_options * IMPROVEMENT: Enhanced security - Better audit trails with detailed login attempt monitoring and device fingerprinting * IMPROVEMENT: Backwards compatibility - Automatic detection and fallback to legacy systems for seamless upgrades * IMPROVEMENT: Database indexing - Optimized queries with proper indexes for better performance at scale * IMPROVEMENT: Automatic cleanup - Built-in maintenance routines for expired tokens and old log entries * DEVELOPER: Modular database class - Clean separation of database operations with comprehensive error handling * DEVELOPER: Migration system - Automatic database version management and upgrade handling = 2.1.1 = * FIX: Replaced all "Passwordless Authentication" references with "Keyless Auth" for consistent branding * FIX: Updated nonce names from passwordless_login_request to keyless_login_request * FIX: Changed SMTP test email subject/message to use "Keyless Auth" branding * FIX: Updated installation instructions to reference correct "keyless-auth" folder name * FIX: Fixed menu references from "PA Settings" to "Templates" in documentation * FIX: Updated GitHub repository URLs from passwordless-auth to keyless-auth * IMPROVEMENT: Regenerated translation template (keyless-auth.pot) with current strings only * IMPROVEMENT: Removed obsolete translation strings from original fork = 2.1.0 = * NEW: Optional "From Email" field in SMTP settings - Allows specifying a different sender email address when SMTP username differs from desired sender * IMPROVEMENT: Enhanced SMTP configuration flexibility - Supports scenarios where SMTP authentication uses one email but sender should appear as another * IMPROVEMENT: Maintains proper email deliverability with Message-ID domain alignment for SPF/DKIM/DMARC compliance * IMPROVEMENT: Backwards compatible - If From Email field is empty, uses SMTP username as before = 2.0.12 = * FIX: Added plugin action links for quick settings access from WordPress plugin list * FIX: Mail logs "View Content" button functionality - Added missing JavaScript functions * IMPROVEMENT: Enhanced admin JavaScript with global scope functions for mail logs interaction * IMPROVEMENT: Fixed settings link URL to use correct "keyless-auth" slug instead of internal prefix * NEW: SMTP cache management - Added "Clear SMTP Cache" button to resolve configuration issues * IMPROVEMENT: Enhanced email deliverability - Message-ID domain now matches authenticated sender for better SPF/DKIM/DMARC alignment * IMPROVEMENT: Automatic cache clearing - SMTP settings now automatically clear cache when saved * NEW: Bulk delete mail logs - Added checkbox selection system with "Select All" for bulk operations * IMPROVEMENT: WordPress-style bulk actions dropdown for familiar mail log management experience = 2.0.11 = * FIX: SMTP sender email not being used - Added missing $phpmailer->From to properly authenticate emails * FIX: Mail logging post type registration - Fixed post type name length issue (shortened chrmrtns_kla_mail_logs to chrmrtns_kla_logs) * FIX: wp-config.php instructions not displaying - Restored JavaScript and added inline fallback for credential storage toggle * FIX: Fatal errors on Mail Logger page - Fixed multiple esc_attresc_html_e() typos causing page crashes * FIX: Plugin initialization timing - Changed from 'init' to 'plugins_loaded' hook for better component loading * IMPROVEMENT: Added diagnostic information box to Mail Logs page for troubleshooting = 2.0.10 = * SECURITY: WordPress.org Plugin Check compliance - Fixed all input validation and sanitization warnings * SECURITY: Enhanced POST data handling - Added wp_unslash() before all sanitization functions * SECURITY: Removed duplicate save_settings() method - Eliminated insecure form processing that bypassed nonce verification * IMPROVEMENT: $_SERVER validation - Added proper isset() checks for superglobal access * IMPROVEMENT: Code cleanup - Removed redundant form processing methods to prevent security gaps = 2.0.9 = * BREAKING: Plugin renamed to "Keyless Auth - Login without Passwords" for WordPress.org compliance * BREAKING: Plugin slug changed to "keyless-auth" (old: "passwordless-auth") * BREAKING: Text domain changed to "keyless-auth" (old: "passwordless-auth") * IMPROVEMENT: All prefixes updated to "chrmrtns_kla_" for uniqueness and compliance * IMPROVEMENT: Nonce verification enhanced with proper sanitization (wp_unslash + sanitize_text_field) * IMPROVEMENT: Converted all inline JavaScript/CSS to proper wp_enqueue system * IMPROVEMENT: Removed WordPress.org directory assets from plugin ZIP * IMPROVEMENT: Enhanced WordPress.org Plugin Check compliance * IMPROVEMENT: Shortcode changed to [keyless-auth] (old: [chrmrtns-passwordless-auth]) * NOTE: This is a complete rebrand required for WordPress.org submission - all functionality remains identical = 2.0.8 = * IMPROVEMENT: Enhanced output escaping compliance - All user-facing content now uses proper WordPress escaping functions * IMPROVEMENT: Template preview security - Email template previews now use wp_kses with controlled HTML allowlists * IMPROVEMENT: Admin interface escaping - Form outputs and translations properly escaped with esc_html_e() and wp_kses() * IMPROVEMENT: Email template escaping - All template rendering functions now use proper escaping for security * IMPROVEMENT: Button text color functionality - Fixed button text color controls to prevent blue hover text issues * SECURITY: WordPress.org Plugin Check compliance - Comprehensive escaping improvements for enhanced security = 2.0.7 = * COMPLIANCE: Full WordPress.org Plugin Check compliance - All security and coding standards met * FIX: Output escaping - All user-facing content properly escaped for security * FIX: Input validation - Enhanced nonce verification and superglobal sanitization * FIX: Database queries - Optimized user meta queries for better performance * FIX: Debug code - Conditional debug logging only when WP_DEBUG is enabled * IMPROVEMENT: Code quality - Added comprehensive phpcs ignore comments for legitimate use cases * IMPROVEMENT: Security hardening - Enhanced protection against timing attacks and CSRF * IMPROVEMENT: WordPress standards - Full compliance with WordPress coding and security standards = 2.0.6 = * FIX: Placeholder token rendering - Button backgrounds now display correctly in custom email templates * FIX: WYSIWYG editor corruption - Changed placeholder format from {{PLACEHOLDER}} to [PLACEHOLDER] to prevent corruption * IMPROVEMENT: Email template structure - Full-width gradient background with centered 600px content area * IMPROVEMENT: Color replacement reliability - Enhanced placeholder replacement with proper fallback handling * IMPROVEMENT: Better email client compatibility - Optimized HTML structure for professional email appearance = 2.0.5 = * NEW: Two-field email template system - Separate WYSIWYG body content from optional CSS styles * NEW: Enhanced template editor - Body content editor with inline styles, separate CSS styles field * NEW: 2x2 grid preview layout - Template previews now display in compact grid format * IMPROVEMENT: WYSIWYG compatibility - No more editor corruption of HTML structure or CSS classes * IMPROVEMENT: Advanced email customization - Choose between inline-only styles or CSS classes with stylesheet * IMPROVEMENT: Better email structure - Automatic HTML document assembly with proper head/meta tags for email clients * IMPROVEMENT: Flexible template creation - Users can work with familiar WYSIWYG tools while maintaining email compatibility = 2.0.4 = * NEW: Secure credential storage options - Choose between database or wp-config.php storage for SMTP credentials * NEW: wp-config.php constants support - Use CHRMRTNS_PA_SMTP_USERNAME and CHRMRTNS_PA_SMTP_PASSWORD constants * IMPROVEMENT: Enhanced security - Keep sensitive SMTP credentials outside the web root in wp-config.php * IMPROVEMENT: Dynamic field toggles - Visual indicators show which storage method is active and if constants are defined * IMPROVEMENT: Better credential management - Automatic detection and validation of wp-config.php constants = 2.0.3 = * FIX: Critical login link functionality - Fixed issue where login links weren't processing properly on some WordPress configurations * IMPROVEMENT: Enhanced hook system - Changed from 'init' to 'wp_loaded' hook for better login link processing reliability * IMPROVEMENT: Code optimization - Removed debug logging for cleaner, production-ready performance * FIX: WordPress compatibility - Improved hook timing to ensure login links work across different hosting environments = 2.0.2 = * NEW: Custom sender name control - Force custom "From" names for all emails with toggle checkbox * NEW: Login success tracking - Dynamic counter showing total successful passwordless logins in admin * NEW: JavaScript field toggles for better UX in SMTP settings * FIX: Mail logging compatibility - Fixed fatal error with other SMTP plugins (Fluent SMTP, etc.) * FIX: Improved wp_mail filter handling for better plugin compatibility * IMPROVEMENT: Enhanced admin dashboard with live success counter display * SECURITY: Added proper sanitization for custom sender names = 2.0.1 = * NEW: Modular class-based architecture - Complete refactoring from 1868 lines to organized class structure * NEW: Complete SMTP configuration system with support for major email providers * NEW: Email logging and monitoring system to track all sent emails * NEW: Test email functionality for SMTP configuration validation * NEW: Advanced dashboard with feature overview and quick access buttons * SECURITY: Enhanced nonce verification for all form submissions (SMTP settings, mail logs) * SECURITY: Added comprehensive input sanitization and capability checks * IMPROVEMENT: Moved plugin logo positioning to prevent overlap with notifications * IMPROVEMENT: Enhanced admin interface with dedicated top-level menu structure * IMPROVEMENT: Added comprehensive email management capabilities * IMPROVEMENT: Updated FAQ section with SMTP and email logging information * DEVELOPER: Clean separation of concerns with dedicated classes for each functionality = 2.0.0 = * NEW: Complete rebrand to "Passwordless Auth" with chrmrtns prefix by Chris Martens * NEW: Dedicated top-level admin menu "Passwordless Auth" with PA Settings submenu * NEW: Visual template selection with live previews of each email template * NEW: WYSIWYG email editor with HTML support for custom templates * NEW: Advanced color controls supporting hex, RGB, HSL, HSLA formats * NEW: Separate color customization for buttons, button hover, and text links * NEW: Enhanced HTML sanitization allowing email-safe tags and attributes * NEW: Template help section with placeholder documentation and HTML examples * NEW: Improved email templates with better styling and link color support * NEW: Color picker and text input synchronization for flexible color entry * REMOVED: Profile Builder promotional section completely eliminated * SECURITY: Fixed timing attack vulnerability in token comparison * SECURITY: Added proper REQUEST_URI validation in URL generation * SECURITY: Consistent input sanitization using $_GET instead of $_REQUEST * SECURITY: Added validation before user meta deletion * SECURITY: Enhanced HTML sanitization for email content * IMPROVEMENT: Updated all function prefixes from wpa_ to chrmrtns_ * IMPROVEMENT: Updated shortcode to [chrmrtns-passwordless-auth] * IMPROVEMENT: Enhanced email styling with responsive design * IMPROVEMENT: Better error handling and validation throughout * IMPROVEMENT: Dynamic TinyMCE editor initialization for better compatibility = 1.1.3 = * Fix: XSS issue with the already logged in message. Thanks to Mat Rollings * Fix: Added nonce check for the admin notice dismiss action * Fix: Sanitize additional output * Fix: A compatibility bug with Profile Builder when an after login redirect returned an empty string = 1.1.2 = * Fix: issues with form being processed multiple times * Fix: an issue regarding AV Link Protection * Misc: added a filter over the headers of the email that is sent: wpa_email_headers * Misc: added a filter to allow adding of extra email verification logic: wpa_email_verify_login = 1.1.1 = * Redirect after login based on Profile Builder Pro custom redirects. = 1.1.0 = * Fix create_function to anonymous function so it works with PHP 7.2 * Localize certain strings * Add wpa_after_login_redirect filter so you can redirect users after login * Change logo and banner = 1.0.9 = * Fixed a problem with admin approval error message = 1.0.8 = * Added compatibility with Admin Approval from Profile Builder = 1.0.7 = * Fix: Properly localize plugin again. Changed the text domain to be the same with the slug. = 1.0.6 = * Fix: Properly localize plugin. = 1.0.5 = * Fix: Fixed an issue with the Email Content Type. Now we are using the wp_mail_content_type filter to set this. * Plugin security improvements. = 1.0.4 = * Fix: Remove email 'from' filter. Should use wp_mail_from filter. * Added support for HTML inside the e-mail that gets sent. * Added the wpa_change_link_expiration filter to be able to change the lifespan of the token. * Added the wpa_change_form_label to be able to change the label for the login form. The label also changes automatically now based on the value of the Allow Users to * Login With option set in Profile Builder -> Manage Fields. * Fix: Generating the url using add_query_args() function. = 1.0.3 = Fix: Minor readme change = 1.0.2 = Fix: Added require_once for the PasswordHash class = 1.0.1 = * Security fix: tokens are now hashed in the database. * Security fix: sanitized the input fields data. * Fix: no longer using transients. Now using user_meta with an expiration meta since transients are not to be trusted. * Change: removed a br tag. = 1.0 = Initial version. Added a passwordless login form as a shortcode.