-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathreadme.txt
207 lines (145 loc) Β· 10 KB
/
readme.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
=== FluentAuth - The Ultimate Authorization & Security Plugin for WordPress ===
Contributors: techjewel, wpmanageninja, adreastrian
Tags: Login limit, login redirects, xml-rpc, login logs, social logins
Requires at least: 5.0
Tested up to: 6.7
Requires PHP: 7.1
Stable tag: 1.1.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html
Enhance the Security and User Experience of Your Site with Login/Signup Security, Two-Factor Email Authentication, Social Logins and more...
== Description ==
Boost Your Website's Security with Login/Signup Security, Two-Factor Email Authentication, Login/Logout Redirects, Social Logins, Detailed Audit Logs, and More. FluentAuth is the <b>lightest and blazing fast</b> security plugin for WordPress.
**Highlighted Features**
- Two-Factor Authentication for Login
- Magic Login via Email
- Social Login / Register
- Limit Login Attempts
- Dynamic Login Redirects
- Detailed Audit Logs
- Core Security Enhancement
- Security Email Notifications
- Super Fast Solution
- Restrict /wp-admin for low level user roles
[youtube https://www.youtube.com/watch?v=5t_8rvtrkk4]
**π Two-Factor Authentication for Login**
Ensure secure access to your admin panel with Two-Factor Login via email for high-level user roles like Administrator / Editor. Even if a password gets compromised, only the right person will be able to log in with the additional authentication step.
**π Magic Login via Email**
Simplify the login process for end users like customers and subscribers. No more password resets or forgotten passwords that cause users to leave your site. With our improved flow and features, users can log in to your site simply by typing their username or email address and clicking on a secure one-time use link sent to their email.
**π Social Login / Register**
Allow users to log in to your site with their GitHub or Google accounts. This feature is lightweight and easy to enable.
**π Limit Login Attempts**
Protect your site against brute force attacks by blocking excessive login attempts. Our simple yet powerful tools also improve site security and performance, and allow for customizable lockout timings.
**π Dynamic Login Redirects**
Easily redirect users to specific pages after they log in or log out. Our drag-and-drop builder lets you customize the login and logout flow for different types of businesses.
**π Detailed Audit Logs**
Track exactly when users log in to your site and via which method (normal login form, magic URL, or social media) with our powerful audit logs.
**π Core Security Enhancement**
XML-RPC is a common target for WordPress attacks, but most sites don't actually need it. This plugin enables you to disable XML-RPC, Remote Application Login, and protect the wp-users listing for REST API for enhanced security.
**π Security Email Notifications**
As a business owner, it's important to know when high-level users like administrators, editors, and authors log in to your site, or if someone unauthorized is trying to log in. Our plugin includes email notifications to alert you of these events.
**π Super Fast Solution**
We've built this plugin to be super-fast and simple yet powerful, using the latest technologies like WordPress REST-API, VueJS V3, Vue-Router, and Element-Plus for UI building. We also use custom database tables to store audit logs, so they don't interfere with your default WordPress database tables.
**π Restrict /wp-admin for low level user roles**
If you want to restrict /wp-admin access for subscribers or other low level user roles then you can easily enable that and select the user roles that you want to restrict /wp-admin access.
== Why FluentAuth? ==
To improve the security and user experience of a WordPress website, the default authentication system may need to be enhanced with additional plugins. One common issue that WordPress site owners face is their site getting hacked. This is often due to hackers using brute-force attacks to guess passwords and gain access to the admin panel, leading to site takeover. Additionally, the use of common passwords on multiple sites can put all of them at risk if one password is compromised.
Using multiple security plugins can be detrimental to the performance of a WordPress website. These plugins, which are often bloated, intercept every WordPress request and run it through a large number of unnecessary rules, resulting in increased server resource usage and slower site performance. To avoid this issue, consider using a comprehensive security solution that offers multiple features in one package, instead of relying on multiple individual plugins. This will help save server resources and improve the overall performance of your website.
To Solve these issues, we decided to build FluentAuth and made it free.
== Replace Multiple Plugins with FluentAuth ==
FluentAuth has been designed to provide light-weight security solution while adding better UX and performance of your site. If you use FluentAuth then <b>you don't need the following plugins</b>
**For Login Limit and ban brute force attacks**
- Limit Login Attempts Reloaded
- WPS Limit Login
**For Login & Logout Redirections**
- LoginWP (Formerly Peter's Login Redirect)
- Sky Login Redirect
- WP Login and Logout Redirect
**For Login & Logout Redirections**
- LoginWP (Formerly Peter's Login Redirect)
- Sky Login Redirect
- WP Login and Logout Redirect
**For Hide Admin Bar and Access Restriction**
- Hide Admin Bar
- Hide Admin Bar Based on User Roles
- Auto Hide Admin Bar
- Hide Admin Bar from Non-Admins
== User Guides ==
<ul>
<li><a href="https://fluentauth.com/docs/getting-started/" target="_blank">Getting Started with FluentAuth</a></li>
<li><a href="https://fluentauth.com/docs/login-redirects/" target="_blank">Login / Logout Redirects</a></li>
<li><a href="https://fluentauth.com/docs/shortcodes/" target="_blank">Register/Login Shortcodes in FluentAuth</a></li>
<li><a href="https://fluentauth.com/docs/github-auth-connection/" target="_blank">Configure Login with GitHub</a></li>
<li><a href="https://fluentauth.com/docs/google-auth-connection/" target="_blank">Configure Login with Google</a></li>
</ul>
== Other Plugins By The Same Team ==
<ul>
<li><a href="https://wordpress.org/plugins/fluent-crm/" target="_blank">FluentCRM β Email Marketing, Newsletter, Email Automation and CRM Plugin for WordPress</a></li>
<li><a href="https://wordpress.org/plugins/fluentform/" target="_blank">Fluent Forms β Fastest WordPress Form Builder Plugin</a></li>
<li><a href="https://wordpress.org/plugins/ninja-tables/" target="_blank">Ninja Tables β Best WP DataTables Plugin for WordPress</a></li>
<li><a href="https://wordpress.org/plugins/ninja-charts/" target="_blank">Ninja Charts β Best WP Charts Plugin for WordPress</a></li>
<li><a href="https://wordpress.org/plugins/wp-payment-form/" target="_blank">WPPayForm - Stripe Payments Plugin for WordPress</a></li>
<li><a href="https://wordpress.org/plugins/mautic-for-fluent-forms/" target="_blank">Mautic Integration For Fluent Forms</a></li>
<li><a href="https://wordpress.org/plugins/fluentforms-pdf/" target="_blank">Fluent Forms PDF - PDF Entries for Fluent Forms</a></li>
<li><a href="https://wordpress.org/plugins/fluent-smtp/" target="_blank">FluentSMTP - WordPress Mail SMTP, SES, SendGrid, MailGun Plugin</a></li>
</ul>
== CONTRIBUTE ==
If you want to contribute to this project or just report a bug, you are more than welcome. Please check repository from <a href="https://github.com/WPManageNinja/fluent-auth/">Github</a>.
== Installation ==
This section describes how to install the plugin and get it working.
0. Just search for FluentAuth in WordPress Plugins and click install and activate.
OR
1. Upload the plugin files to the `/wp-content/plugins/fluent-auth` directory, or install the plugin through the WordPress plugins screen directly.
2. Activate the plugin through the \'Plugins\' screen in WordPress
3. Use the `FluentAuth` -> `Settings` screen to configure the plugin
== Frequently Asked Questions ==
= Is it a GDPR-Compliant? =
All the data will be saved and managed into WordPress. it's 100% GDPR-Compliant.
= Will it is a performance issue for WordPress? =
Absolutely not! From the very first, We were careful about this. It stores all the logs data in custom database tables, so it will not affect your WordPress database. We built the application with VueJS. Also, The Admin UI is super fast as Itβs a SPA and communicates over ajax.
== Screenshots ==
1. Reporting Dashboard
2. Login Security Settings
3. Social Logins Frontend
4. Custom Login/Signup Shortcodes
5. Dynamic Login Redirects
6. Detailed Audit Logs
7. Social Login Settings
== Changelog ==
= 1.1.0 - Date: Dec 16, 2014 =
* Added hooks for 3rd party developers
* Improvement on Authentication flow
= 1.0.8 - Date: Dec 02, 2024 =
* Added Additional Hooks for Regsitration and Signup
* Improved UI & UX
* Fixed translation issues
= 1.0.7 - Date: Jul 26, 2024 =
* Added Email verification on User Regstration Flow
* PHP 8.x compatability issue fixed
* JS errors fixed on Magic Links Shortcodes
= 1.0.6 - Date: Jan 28, 2024 =
* Fix Compatibility issue with PHP 8.x
* Upgrade Internal Libraries
* Improved Login with Google
* Improved UI & UX
= 1.0.5 - Date: May 04, 2023 =
* Added Login or Signup with Google Social Auth Connection
* Magic Login URL token is now hashed to improve the security
= 1.0.4 - Date: Feb 04, 2023 =
* Added Daily/Weekly/Monthly Email reporting Feature
* Made Login Form as Custom (no login url expose)
* Two-Factor Authentication Improvement
= 1.0.2 - Date: Dec 17, 2022 =
* Fix UI issue on dashboard
* Login with GitHub improvement
* Do Two-Factor Authentication even for social login for selected user roles
* Added more hooks for developers
= 1.0.2 - Date: Dec 16, 2022 =
* Improved UI & UX
* Added feature to block /wp-admin access and hide admin bar for low-level user roles
* Fix conflict issue with LearnDash and other wp-users REST-API
* Improved IP Address for login verification.
= 1.0.0 - Date: Dec 12, 2022 =
* Initial Release
== Upgrade Notice ==
The latest version is compatible with the previous versions, So nothing to worry.