Major feature release with captcha providers, Hide Admin, and social login improvements. Review new security settings after updating to tailor them to your site.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3531414,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3531414,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3531439,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3531439,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3531439,"resolution":"1","location":"assets","locale":"","width":1280,"height":900},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3531439,"resolution":"2","location":"assets","locale":"","width":1280,"height":900}},"screenshots":{"1":"Login card with accent color, form labels, remember-me toggle, and links.","2":"Admin settings screen with live preview and content, behavior, and security controls."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[710,2604,602,726,600],"plugin_category":[38,54],"plugin_contributors":[262849],"plugin_business_model":[],"class_list":["post-260508","plugin","type-plugin","status-publish","hentry","plugin_tags-authentication","plugin_tags-branding","plugin_tags-login","plugin_tags-redirects","plugin_tags-security","plugin_category-authentication","plugin_category-security-and-spam-protection","plugin_contributors-oomf","plugin_committers-oomf"],"banners":{"banner":"https:\/\/ps.w.org\/oomf-access\/assets\/banner-772x250.png?rev=3531439","banner_2x":"https:\/\/ps.w.org\/oomf-access\/assets\/banner-1544x500.png?rev=3531439","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/oomf-access\/assets\/icon-128x128.png?rev=3531414","icon_2x":"https:\/\/ps.w.org\/oomf-access\/assets\/icon-256x256.png?rev=3531414","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/oomf-access\/assets\/screenshot-1.png?rev=3531439","caption":"Login card with accent color, form labels, remember-me toggle, and links."},{"src":"https:\/\/ps.w.org\/oomf-access\/assets\/screenshot-2.png?rev=3531439","caption":"Admin settings screen with live preview and content, behavior, and security controls."}],"raw_content":"\n
oOMF! Access delivers a polished WordPress login experience with guided flows for login, registration, lost password, and password reset. Offer passwordless magic links, social sign-in, and smart redirect control while layering in hide-admin, CAPTCHA, honeypot, and soft throttling safeguards \u2014 all without writing custom code.<\/p>\n\n
Key features\n- Branded login page rendered via the oOMF! Access does not send data to oOMF! services. If you enable CAPTCHA or Social Login, your site sends authentication and verification requests to those third-party providers as described in the External services section below. Removing the plugin deletes its settings (and the generated login page if you opt in via the oOMF! Access only connects to outside services when you enable the related feature and provide your own credentials. Each integration below explains what is sent and links to the provider policies:<\/p>\n\n Notable filters\/actions you can rely on when extending oOMF! Access:\n- For developer notes on autoloading, templates, and class layout, see the repo On activation the plugin creates a page (option The shortcode inherits your active theme when embedded elsewhere. The dedicated login page generated by the plugin automatically uses the bundled minimal template at If reCAPTCHA v2 (checkbox & invisible), reCAPTCHA v3, and hCaptcha. Provider scripts are enqueued only on login pages; validation happens server-side via When enabled, the plugin rewrites or blocks direct access to [oomf_access_form]<\/code> shortcode, with activation creating a dedicated page stored in oomf_access_page_id<\/code>\u2014and the \/oomf-access\/<\/code> route continues to load the bundled template even if that page is removed.\n- Smart and safe post-login redirects with Redirects::validate_safe_redirect()<\/code> and pluggable filters.\n- Passwordless magic link login plus social providers (Google, Apple, GitHub, Microsoft, Facebook) with admin previews.\n- Multiple CAPTCHA providers (reCAPTCHA v2 checkbox, v2 invisible, v3, and hCaptcha) and honeypot\/throttle helpers to slow abuse.\n- Hide Admin \/ secret login path support to obscure \/wp-login.php<\/code> and \/wp-admin<\/code> from anonymous users while keeping emergency bypasses available.\n- Minimal asset footprint: frontend\/admin JS & CSS load only where needed and are versioned with filemtime()<\/code>.\n- Developer hooks and filters to customize redirects, captcha behavior, allowed hosts, provider scopes, and more.<\/p>\n\nPrivacy<\/h3>\n\n
oomf_access\/delete_page_on_uninstall<\/code> filter).<\/p>\n\nExternal services<\/h3>\n\n
Google reCAPTCHA (v2\/v3)<\/h4>\n\n
\n
hCaptcha<\/h4>\n\n
\n
Google OAuth (Social Login)<\/h4>\n\n
\n
Apple Sign In<\/h4>\n\n
\n
GitHub OAuth<\/h4>\n\n
\n
Microsoft (Azure AD \/ Entra ID)<\/h4>\n\n
\n
Facebook Login<\/h4>\n\n
\n
Hooks & Extension Points<\/h3>\n\n
oomf_access_redirect_destination<\/code> \u2014 override the final destination after login.\n- oomf-access\/allowed_redirect_hosts<\/code> \u2014 allow specific external redirect hosts.\n- oomf-access\/captcha\/allow_external<\/code> \u2014 control whether provider network calls are allowed on privacy-restricted sites.\n- oomf_access_captcha_is_required<\/code> \u2014 decide if captcha is required for a particular request.\n- oomf_access_captcha_validate_result<\/code> \u2014 customize captcha validation results.\n- oomf-access\/inline_css<\/code> \u2014 inject extra CSS into admin preview and frontend styles.<\/p>\n\nREADME.md<\/code>.<\/p>\n\n\n\n
\/wp-content\/plugins\/<\/code> or install via Plugins \u2192 Add New by uploading the zip.<\/li>\noomf_access_page_id<\/code>.<\/li>\n\n
Where is the login page?<\/h3><\/dt>\n
oomf_access_page_id<\/code>) that contains [oomf_access_form]<\/code>. You can edit or move that page, and even if it is deleted the \/oomf-access\/<\/code> route will still render the branded experience.<\/p><\/dd>\nDoes it replace my theme template?<\/h3><\/dt>\n
templates\/oomf-access-page-template.php<\/code> to keep the experience consistent.<\/p><\/dd>\nHow do redirects work?<\/h3><\/dt>\n
redirect_to<\/code> is supplied and validates as safe, it is used. Otherwise we fall back to the configured post-login destination, then to the default WP admin. Use the oomf-access\/allowed_redirect_hosts<\/code> filter to permit specific off-site domains and oomf_access_redirect_destination<\/code> to override the final destination.<\/p><\/dd>\nWhat captcha providers are supported?<\/h3><\/dt>\n
includes\/Security\/Captcha\/<\/code> providers. Use oomf_access_captcha_is_required<\/code> or oomf_access_captcha_validate_result<\/code> to customize behavior.<\/p><\/dd>\nHow does Hide Admin work?<\/h3><\/dt>\n
\/wp-login.php<\/code> and \/wp-admin<\/code> for unauthenticated users and exposes a secret login slug (configurable). Emergency bypasses are available for specific flows and query flags.<\/p><\/dd>\n