=== Melmium === Contributors: itokuchen Tags: membership, authentication, login, registration, password-reset Requires at least: 6.9 Tested up to: 6.9 Stable tag: 1.0.3 Requires PHP: 8.1 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html A minimal plugin to help you build a membership site with custom authentication pages. == Description == Melmium provides custom authentication pages for building a membership site on WordPress. It replaces the default wp-login.php flow with theme-integrated pages for registration, login, and password reset. **Features:** * Custom authentication pages (register, login, logout, password reset) * Email-based registration flow with token verification * Template override support — customize templates in your theme's `auth/` directory * Google reCAPTCHA Enterprise integration (optional) * Configuration via `wp-config.php` constants (no settings page required) **日本語:** Melmium は WordPress で会員制サイトを構築するためのプラグインです。カスタム認証ページ(会員登録・ログイン・パスワードリセット)を提供し、テーマ側でテンプレートを自由にカスタマイズできます。 == Installation == 1. Upload the `melmium` folder to the `/wp-content/plugins/` directory, or install the plugin through the WordPress plugins screen. 2. Activate the plugin through the "Plugins" screen in WordPress. 3. Ensure that **Pretty Permalinks** are enabled (Settings > Permalinks — choose any structure other than "Plain"). 4. The plugin automatically creates an authentication page and registers URL rewrite rules on activation. 5. Optionally, add configuration constants to your `wp-config.php` to customize behavior (e.g., `MELMIUM_RECAPTCHA_ENABLED`, `MELMIUM_REDIRECT_AFTER_LOGIN`). == Screenshots == 1. Login page == Frequently Asked Questions == = Is this plugin free? = Yes. Melmium is free and open-source under the GPLv2 license. = Does this plugin send data to external servers? = By default, no. However, if you enable Google reCAPTCHA Enterprise (`MELMIUM_RECAPTCHA_ENABLED`), form submissions will send data to Google's reCAPTCHA API for bot detection. = Why do I need Pretty Permalinks? = Melmium uses WordPress rewrite rules to map authentication URLs (e.g., `/login`, `/register`). These rules require Pretty Permalinks to be enabled. The plugin will display an admin notice if Plain permalinks are detected. = How do I customize the authentication templates? = On activation, the plugin copies default templates to your theme's `auth/` directory. You can edit these template files directly in your theme to customize the look and behavior of each authentication page. == External Services == This plugin optionally connects to the **Google reCAPTCHA Enterprise** service for bot detection on authentication forms (registration, login, and password reset). **When data is sent:** When the `MELMIUM_RECAPTCHA_ENABLED` constant is set to `true` in `wp-config.php`, a reCAPTCHA token is sent to Google's servers each time a user submits an authentication form. **What data is sent:** The reCAPTCHA token generated by the user's browser and the site key configured for your project. **Service provider:** Google LLC * [Google reCAPTCHA Terms of Service](https://policies.google.com/terms) * [Google Privacy Policy](https://policies.google.com/privacy) If reCAPTCHA is not enabled (default), no data is sent to any external service. == Changelog == = 1.0.3 = * Renamed JavaScript global variables to use `melmium_` prefix to avoid conflicts with other plugins = 1.0.2 = * Fixed reCAPTCHA library script version argument (null to MELMIUM_VERSION) * Fixed Plugin Check reported issues * Improved .DS_Store exclusion pattern to cover all subdirectories = 1.0.1 = * Security improvements: added nonce verification, input sanitization, and output escaping * Added direct file access protection to template files * Added third-party service disclosure for Google reCAPTCHA Enterprise * Renamed constants and classes to use `melmium` prefix (4+ characters) = 1.0.0 = * Initial release