Title: oOMF! Access Author: oOMF! Published: 2026 年 5 月 13 日 Last modified: 2026 年 6 月 2 日 --- 搜索插件 ![](https://ps.w.org/oomf-access/assets/banner-772x250.png?rev=3558755) ![](https://ps.w.org/oomf-access/assets/icon-256x256.png?rev=3558755) # oOMF! Access 作者:[oOMF!](https://profiles.wordpress.org/oomf/) [下载](https://downloads.wordpress.org/plugin/oomf-access.1.0.0.zip) * [详情](https://cn.wordpress.org/plugins/oomf-access/#description) * [评价](https://cn.wordpress.org/plugins/oomf-access/#reviews) * [安装](https://cn.wordpress.org/plugins/oomf-access/#installation) * [开发进展](https://cn.wordpress.org/plugins/oomf-access/#developers) [支持](https://wordpress.org/support/plugin/oomf-access/) ## 描述 oOMF! Access gives WordPress sites a better front door: a polished login page, guided account flows, passwordless magic links, social sign-in, safe redirects, CAPTCHA, hide-admin controls, honeypots, throttling, and lockout protection. It is built for agencies, membership sites, product teams, and site owners who want a professional sign-in experience without hand-rolling templates, OAuth plumbing, redirect rules, and abuse controls for every project. #### Why teams use it * **A login page worth sharing** – replace the default WordPress screen with a branded page powered by `[oomf_access_form]`, theme-aware styling, logo controls, custom copy, gradients, and live admin previews. * **One flow for every access moment** – keep login, registration, lost password, password reset, logged-in states, and magic-link requests inside the same consistent interface. * **Passwordless and social sign-in** – offer email magic links plus Google, Apple, GitHub, Microsoft, and Facebook providers with provider-specific setup hints. * **Redirects you can trust** – send people to the right page after login/logout while validating `redirect_to` values and exposing filters for approved external hosts. * **Layered anti-abuse controls** – enable reCAPTCHA, hCaptcha, honeypots, soft throttling, lockouts, secret login paths, and emergency bypass flows from wp- admin. * **Developer-friendly internals** – focused hooks and filters let you customize destinations, CAPTCHA behavior, provider handling, inline CSS, and allowed redirect hosts. #### Built for the real WordPress admin The settings screen includes a live preview, grouped controls for content/appearance/ behavior/security, provider previews, and setup copy for external services. Frontend and admin assets load only where needed and are versioned with `filemtime()`. ### Privacy oOMF! Access does not send data to oOMF! services. CAPTCHA and social login features connect only when you enable them and provide your own third-party credentials. Removing the plugin deletes its settings, and the generated login page can also be removed via the `oomf_access/delete_page_on_uninstall` filter. ### External services oOMF! Access connects to outside services only when the related feature is enabled. #### Google reCAPTCHA (v2/v3) * Purpose: spam and abuse protection for access forms. * Endpoints: `https://www.google.com/recaptcha/api.js` and `https://www.google. com/recaptcha/api/siteverify`. * Data sent: site key/secret, visitor response token, action name, and optionally visitor IP. * Terms: https://policies.google.com/terms * Privacy: https://policies.google.com/privacy #### hCaptcha * Purpose: CAPTCHA validation. * Endpoints: `https://js.hcaptcha.com` and `https://hcaptcha.com/siteverify`. * Data sent: site key/secret, response token, action name, and optionally visitor IP. * Terms: https://www.hcaptcha.com/terms * Privacy: https://www.hcaptcha.com/privacy #### Google OAuth * Purpose: sign in with Google. * Endpoints: `accounts.google.com/o/oauth2/v2/auth`, `oauth2.googleapis.com/token`, and `openidconnect.googleapis.com/v1/userinfo`. * Data sent: authorization code, code verifier, redirect URI, client credentials, and selected scopes. Returned data can include name, verified email, avatar, and locale. * Terms: https://policies.google.com/terms * Privacy: https://policies.google.com/privacy #### Apple Sign In * Purpose: sign in with Apple. * Endpoints: `appleid.apple.com/auth/authorize` and `appleid.apple.com/auth/token`. * Data sent: authorization code, client ID, redirect URI, and signed JWT assertions generated from your Apple key. Returned data can include name and email. * Terms: https://www.apple.com/legal/internet-services/terms/site.html * Privacy: https://www.apple.com/legal/privacy/ #### GitHub OAuth * Purpose: sign in with GitHub. * Endpoints: `github.com/login/oauth/authorize`, `github.com/login/oauth/access_token`,` api.github.com/user`, and `api.github.com/user/emails`. * Data sent: authorization code, client credentials, redirect URI, and scopes. Returned data can include ID, email, name, and avatar. * Terms: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service * Privacy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy- statement #### Microsoft OAuth * Purpose: sign in with Microsoft. * Endpoints: `login.microsoftonline.com/common/oauth2/v2.0/authorize`, `login.microsoftonline. com/common/oauth2/v2.0/token`, and `graph.microsoft.com/v1.0/me`. * Data sent: authorization code, client credentials, redirect URI, and scopes. Returned data can include ID, email, name, and locale. * Terms: https://www.microsoft.com/licensing/terms/productoffering/MicrosoftOnlineServices/ MOSPT * Privacy: https://privacy.microsoft.com/privacystatement #### Facebook Login * Purpose: sign in with Facebook. * Endpoints: `facebook.com/v18.0/dialog/oauth`, `graph.facebook.com/v18.0/oauth/ access_token`, and `graph.facebook.com/v18.0/me`. * Data sent: authorization code, app credentials, redirect URI, and scopes. Returned data can include ID, email, name, and avatar. * Terms: https://www.facebook.com/legal/terms * Privacy: https://www.facebook.com/policy.php ### Hooks & Extension Points * `oomf_access_redirect_destination` – override the final destination after login. * `oomf-access/allowed_redirect_hosts` – allow approved external redirect hosts. * `oomf-access/captcha/allow_external` – control whether CAPTCHA network calls are allowed. * `oomf_access_captcha_is_required` – decide whether CAPTCHA is required for a request. * `oomf_access_captcha_validate_result` – customize CAPTCHA validation results. * `oomf-access/inline_css` – inject extra CSS into the admin preview and frontend. ## 屏幕截图 [⌊Branded login screen with social sign-in, remember-me, magic link, and recovery links.⌉⌊Branded login screen with social sign-in, remember-me, magic link, and recovery links.⌉[ Branded login screen with social sign-in, remember-me, magic link, and recovery links. [⌊Magic link request screen for passwordless email sign-in.⌉⌊Magic link request screen for passwordless email sign-in.⌉[ Magic link request screen for passwordless email sign-in. [⌊Password reset screen with reset link request and alternate login paths.⌉⌊Password reset screen with reset link request and alternate login paths.⌉[ Password reset screen with reset link request and alternate login paths. [⌊Registration screen with social sign-in and username/email account creation.⌉⌊ Registration screen with social sign-in and username/email account creation.⌉[ Registration screen with social sign-in and username/email account creation. [⌊Logged-in account card with dashboard, logout, profile, and site links.⌉⌊Logged- in account card with dashboard, logout, profile, and site links.⌉[ Logged-in account card with dashboard, logout, profile, and site links. [⌊Mobile login layout with stacked social buttons and responsive form controls.⌉⌊ Mobile login layout with stacked social buttons and responsive form controls.⌉[ Mobile login layout with stacked social buttons and responsive form controls. [⌊Settings home with Hide Admin notice, navigation tabs, and live login preview.⌉⌊ Settings home with Hide Admin notice, navigation tabs, and live login preview.⌉[ Settings home with Hide Admin notice, navigation tabs, and live login preview. [⌊Appearance and spacing controls with live preview updates.⌉⌊Appearance and spacing controls with live preview updates.⌉[ Appearance and spacing controls with live preview updates. [⌊Social login provider options for OAuth credentials, redirect URIs, roles, and scopes.⌉⌊Social login provider options for OAuth credentials, redirect URIs, roles, and scopes.⌉[ Social login provider options for OAuth credentials, redirect URIs, roles, and scopes. [⌊Behavior settings for login redirects, logout redirects, and site link visibility.⌉⌊ Behavior settings for login redirects, logout redirects, and site link visibility .⌉[ Behavior settings for login redirects, logout redirects, and site link visibility. [⌊Security settings for CAPTCHA, honeypot, time trap, throttling, and lockout controls.⌉⌊ Security settings for CAPTCHA, honeypot, time trap, throttling, and lockout controls .⌉[ Security settings for CAPTCHA, honeypot, time trap, throttling, and lockout controls. [⌊Hide Admin and emergency access controls with secret login path settings.⌉⌊Hide Admin and emergency access controls with secret login path settings.⌉[ Hide Admin and emergency access controls with secret login path settings. ## 安装 1. Upload the plugin folder to `/wp-content/plugins/` or install the ZIP from Plugins → Add New. 2. Activate oOMF! Access. Activation creates a public “Login” page and stores its ID in `oomf_access_page_id`. 3. Open Settings → oOMF! Access to configure branding, text, redirects, magic links, social providers, CAPTCHA, and hide-admin options. 4. Share the generated login URL, usually `/oomf-access/`. ## 常见问题 ### Where is the login page? Activation creates a WordPress page containing `[oomf_access_form]`. You can edit or move that page. If it is deleted, `/oomf-access/` still renders the bundled login template so people are not stranded. ### Does it replace my theme template? The shortcode inherits your theme when embedded anywhere. The generated login page uses the bundled minimal template at `templates/oomf-access-page-template.php` so the dedicated access page stays consistent. ### What can I customize? You can adjust logos, appearance mode, accent color, spacing, headings, helper text, form labels, button text, magic-link copy, redirect destinations, social providers, CAPTCHA settings, hide-admin behavior, honeypot and throttle settings, and lockout thresholds. ### How do redirects work? If a safe `redirect_to` value is supplied, it wins. Otherwise oOMF! Access uses the configured post-login destination, then falls back to the WordPress admin. Developers can use `oomf-access/allowed_redirect_hosts` and `oomf_access_redirect_destination` for custom routing. ### What CAPTCHA providers are supported? oOMF! Access supports reCAPTCHA v2 checkbox, reCAPTCHA v2 invisible, reCAPTCHA v3, and hCaptcha. Scripts load only on access pages and verification happens server- side. ### How does Hide Admin work? When enabled, direct access to `/wp-login.php` and `/wp-admin` can be obscured for anonymous visitors while a secret login slug remains available. Emergency bypasses are retained for break-glass access. ### Which social providers are supported? Google, Apple, GitHub, Microsoft, and Facebook can be configured from Settings → oOMF! Access → Social. Each provider shows the callback URL and setup notes you need for its OAuth app. ## 评价 此插件暂无评价。 ## 贡献者及开发者 「oOMF! Access」是开源软件。 以下人员对此插件做出了贡献。 贡献者 * [ oOMF! ](https://profiles.wordpress.org/oomf/) [帮助将「oOMF! Access」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/oomf-access) ### 对开发感兴趣吗? 您可以[浏览代码](https://plugins.trac.wordpress.org/browser/oomf-access/),查看[SVN仓库](https://plugins.svn.wordpress.org/oomf-access/), 或通过[RSS](https://plugins.trac.wordpress.org/log/oomf-access/?limit=100&mode=stop_on_copy&format=rss) 订阅[开发日志](https://plugins.trac.wordpress.org/log/oomf-access/)。 ## 更新日志 #### 1.0.0 – 2026-03-24 * Fixed: Magic link nonce verification now derives the nonce action from validated token data. * Fixed: Settings AJAX handler now reads serialized form data with a sanitizing filter up front. * Added: CAPTCHA provider integrations for reCAPTCHA v2/v3 and hCaptcha. * Added: Hide Admin with configurable secret login slug and emergency bypass flows. * Improved: Social login setup, including Sign in with Apple and provider previews. * Improved: Asset loading and versioning via `filemtime()`. * Developer: New filters and clearer extension points for redirects and CAPTCHA. ## 额外信息 * 版本 **1.0.0** * 最后更新:**1 周前** * 活跃安装数量 **不到10** * WordPress 版本 ** 6.2 或更高版本 ** * 已测试的最高版本为 **7.0** * PHP 版本 ** 8.1 或更高版本 ** * 语言 * [English (US)](https://wordpress.org/plugins/oomf-access/) * 标签 * [authentication](https://cn.wordpress.org/plugins/tags/authentication/)[branding](https://cn.wordpress.org/plugins/tags/branding/) [login](https://cn.wordpress.org/plugins/tags/login/)[redirects](https://cn.wordpress.org/plugins/tags/redirects/) [security](https://cn.wordpress.org/plugins/tags/security/) * [高级视图](https://cn.wordpress.org/plugins/oomf-access/advanced/) ## 评级 尚未提交反馈。 [Your review](https://wordpress.org/support/plugin/oomf-access/reviews/#new-post) [查看全部评论](https://wordpress.org/support/plugin/oomf-access/reviews/) ## 贡献者 * [ oOMF! ](https://profiles.wordpress.org/oomf/) ## 支持 有话要说吗?是否需要帮助? [查看支持论坛](https://wordpress.org/support/plugin/oomf-access/)