Title: Rishav AuthNova OTP Author: rishav001 Published: ಏಪ್ರಿಲ್ 17, 2026 Last modified: ಏಪ್ರಿಲ್ 17, 2026 --- ಪ್ಲಗಿನ್‌ಗಳನ್ನು ಹುಡುಕಿ ![](https://ps.w.org/rishav-authnova-otp/assets/icon.svg?rev=3505367) # Rishav AuthNova OTP ‍[rishav001](https://profiles.wordpress.org/rishav001/) ಮೂಲಕ [ಡೌನ್ಲೋಡ್](https://downloads.wordpress.org/plugin/rishav-authnova-otp.1.0.0.zip) * [ವಿವರಗಳು](https://kn.wordpress.org/plugins/rishav-authnova-otp/#description) * [‍ವಿಮರ್ಶೆಗಳು‍](https://kn.wordpress.org/plugins/rishav-authnova-otp/#reviews) * [ಸ್ಥಾಪನೆ](https://kn.wordpress.org/plugins/rishav-authnova-otp/#installation) * [ಅಭಿವೃದ್ಧಿ](https://kn.wordpress.org/plugins/rishav-authnova-otp/#developers) [ಬೆಂಬಲ](https://wordpress.org/support/plugin/rishav-authnova-otp/) ## ವಿವರಣೆ Rishav AuthNova OTP adds a one-time-password verification layer to core WordPress authentication flows. Features include: * Configurable OTP length and charset (numeric or alphanumeric) * OTP expiry and retry limits with temporary lockouts * Login OTP verification step (after password check) * OTP-gated registration flow * OTP-gated password reset flow * Delivery via wp_mail, SendGrid, and Twilio * OTP storage using hashes (never plaintext) * Resend OTP with cooldown and challenge rotation Security highlights: * OTP values are hashed before storage and are never saved as plaintext * OTP hashes use keyed HMAC storage and constant-time verification * OTP challenges expire automatically and enforce retry limits per challenge * Request throttling applies cooldown and exponential backoff per IP and identifier * Lockout windows reduce repeated invalid OTP submissions * Nonces are applied on sensitive form submissions * Public auth responses are intentionally generic to reduce account-enumeration leakage * Delivery uses synchronous-first send with bounded async retry fallback and challenge- level delivery status tracking Security limitations: * This plugin does not replace passwords, HTTPS, WAF/rate-limiting at the edge, or secure hosting controls * OTP delivery depends on the configured email/SMS provider uptime and deliverability * Administrators should combine this plugin with standard WordPress hardening and monitoring Reliability notes: * OTP delivery is attempted synchronously first to reduce silent failures * If synchronous delivery fails and background delivery is healthy, the plugin schedules bounded retries * If background delivery is unhealthy (for example DISABLE_WP_CRON), fallback queueing is skipped and users receive a retry-safe error * Resend cooldown state is server-authoritative and exposed through a status endpoint used by frontend countdown UX * Background queue payload contains only challenge ID (no raw OTP or destination data) ### External Services This plugin can connect to third-party services to deliver OTP messages. These services are optional and only used if enabled in plugin settings. #### Twilio (SMS Delivery) * Service: Twilio Programmable Messaging API * Purpose: Send OTP codes by SMS * Data sent: destination phone number, sender phone number, OTP message text, account SID for authentication * Credential handling: Twilio credentials are stored in WordPress options and used only when sending OTP messages * When sent: when OTP delivery method includes SMS and an OTP is generated for login, registration, password reset, or resend * Why sent: to deliver time-sensitive OTP codes to the user by SMS * Terms of Service: https://www.twilio.com/legal/tos * Privacy Policy: https://www.twilio.com/en-us/legal/privacy #### SendGrid (Email Delivery) * Service: SendGrid Mail Send API * Purpose: Send OTP codes by email * Data sent: recipient email address, sender email/name, message subject, OTP message body, API key for authentication * Credential handling: SendGrid API key is stored in WordPress options and used only when sending OTP messages * When sent: when email provider is set to SendGrid and an OTP is generated for login, registration, password reset, or resend * Why sent: to deliver time-sensitive OTP codes to the user by email * Terms of Service: https://sendgrid.com/policies/terms/ * Privacy Policy: https://sendgrid.com/policies/privacy/ ### Configuration 1. Set OTP length, type, expiry, retry limit, and lockout duration. 2. Choose delivery method: Email, SMS, or Both. 3. Configure provider credentials for SendGrid and/or Twilio if needed. 4. Enable or disable OTP on login, registration, and password reset flows. ## ಸ್ಥಾಪನೆ 1. Upload the plugin folder to /wp-content/plugins/. 2. Activate the plugin through the Plugins screen in WordPress. 3. Go to Settings > OTP Authentication. 4. Configure OTP rules and delivery providers. ## FAQ ### Does this plugin store OTP values in plain text? No. OTP values are hashed before storage and verified using hash comparison. ### Can I use SMS delivery? Yes. Twilio is supported for SMS delivery. ### Can I use email API delivery? Yes. SendGrid API is supported, and wp_mail is available as a fallback. ### Does this work with the default wp-login.php flow? Yes. The plugin integrates with WordPress login, registration, and lost-password actions. ### What user field is used for phone numbers? By default, the plugin reads phone_number user meta. You can change the meta key in plugin settings. ## ‍ವಿಮರ್ಶೆಗಳು‍ ಈ ಪ್ಲಗಿನ್‌ಗೆ ಯಾವುದೇ ವಿಮರ್ಶೆಗಳಿಲ್ಲ. ## ಕೊಡುಗೆದಾರರು & ಡೆವಲಪರ್‌ಗಳು “Rishav AuthNova OTP” ಓಪನ್ ಸೋರ್ಸ್ ಸಾಫ್ಟ್‌ವೇರ್ ಆಗಿದೆ. ಕೆಳಗಿನ ಜನರು ಈ ಪ್ಲಗಿನ್‌ಗೆ ಕೊಡುಗೆ ನೀಡಿದ್ದಾರೆ. ಕೊಡುಗೆದಾರರು * [ rishav001 ](https://profiles.wordpress.org/rishav001/) [“Rishav AuthNova OTP” ಅನ್ನು ನಿಮ್ಮ ಭಾಷೆಗೆ ಅನುವಾದಿಸಿ.](https://translate.wordpress.org/projects/wp-plugins/rishav-authnova-otp) ### ಅಭಿವೃದ್ಧಿಯಲ್ಲಿ ಆಸಕ್ತಿ ಇದೆಯೇ? [ಕೋಡ್ ಬ್ರೌಸ್ ಮಾಡಿ](https://plugins.trac.wordpress.org/browser/rishav-authnova-otp/), [SVN ರೆಪೊಸಿಟರಿ](https://plugins.svn.wordpress.org/rishav-authnova-otp/) ಪರಿಶೀಲಿಸಿ, ಅಥವಾ [ಅಭಿವೃದ್ಧಿ ಲಾಗ್](https://plugins.trac.wordpress.org/log/rishav-authnova-otp/) ಗೆ [RSS](https://plugins.trac.wordpress.org/log/rishav-authnova-otp/?limit=100&mode=stop_on_copy&format=rss) ಚಂದಾದಾರರಾಗಿ. ## Changelog #### 1.0.0 * Initial release. * Added OTP flows for login, registration, and reset. * Added SendGrid and Twilio integrations. * Added resend cooldown UX and secure challenge rotation. * Added configurable OTP policy controls in the admin settings page. ## ಮೆಟಾ * Version **1.0.0** * ಕೊನೆಯದಾಗಿ ನವೀಕರಿಸಿದ್ದು **1 ತಿಂಗಳು ರ ಮುನ್ನ** * ಸಕ್ರಿಯ ಸ್ಥಾಪನೆಗಳು **10 ಕ್ಕಿಂತ ಕಡಿಮೆ** * ವರ್ಡ್ಪ್ರೆಸ್ ಆವೃತ್ತಿ ** 5.8 ಅಥವಾ ಹೆಚ್ಚಿನದು ** * **6.9.4** ವರೆಗೆ ಪರೀಕ್ಷಿಸಲಾಗಿದೆ * PHP ಆವೃತ್ತಿ ** 7.4 ಅಥವಾ ಹೆಚ್ಚಿನದು ** * Language * [English (US)](https://wordpress.org/plugins/rishav-authnova-otp/) * ಟ್ಯಾಗ್‌ಗಳು * [email verification](https://kn.wordpress.org/plugins/tags/email-verification/) [login security](https://kn.wordpress.org/plugins/tags/login-security/)[otp](https://kn.wordpress.org/plugins/tags/otp/) [sms](https://kn.wordpress.org/plugins/tags/sms/)[two factor](https://kn.wordpress.org/plugins/tags/two-factor/) * [ಸುಧಾರಿತ ನೋಟ](https://kn.wordpress.org/plugins/rishav-authnova-otp/advanced/) ## ರೇಟಿಂಗ್‌ಗಳು No reviews have been submitted yet. [Your review](https://wordpress.org/support/plugin/rishav-authnova-otp/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/rishav-authnova-otp/reviews/) ## ಕೊಡುಗೆದಾರರು * [ rishav001 ](https://profiles.wordpress.org/rishav001/) ## ಬೆಂಬಲ ಹೇಳಲು ಏನಾದರೂ ಸಿಕ್ಕಿದೆಯೇ? ಸಹಾಯ ಬೇಕೇ? [ಬೆಂಬಲ ವೇದಿಕೆಯನ್ನು ವೀಕ್ಷಿಸಿ](https://wordpress.org/support/plugin/rishav-authnova-otp/)