=== AddonLogic Email-Only Admin Password Reset ===
Contributors: snehalpancholi
Tags: password reset, admin tools, security, users
Requires at least: 6.0
Tested up to: 6.7
Requires PHP: 8.1
Stable tag: 1.0.0
License: GPL-2.0+
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Lets administrators send a secure password reset email to any user from the backend — the reset link is emailed directly, never shown on screen.

== Description ==

Email-Only Admin Password Reset adds a dedicated admin page (Users → Password Reset Tool) where administrators can trigger a WordPress password reset email for any user. The reset link is delivered only to the user's registered email address — it is never displayed on screen, preventing accidental exposure.

**Features:**

* User picker lists all registered users with display name and email
* Password reset delivered via standard WordPress `wp_mail` — the link never appears in the admin UI
* Rate limiting: maximum 3 resets per target user per hour
* Full audit log with date/time, triggering admin, target user, masked email, and IP address
* Protection against resetting super-admin accounts by non-super-admins (multisite)
* Nonce-verified AJAX action with capability check

== Installation ==

1. Upload `email-only-admin-password-reset` to `/wp-content/plugins/`
2. Activate the plugin
3. Go to **Users → Password Reset Tool**
4. Select a user and click **Send Reset Email**

== Frequently Asked Questions ==

= Can I see the reset link? =
No. The link is emailed directly to the user, never displayed in the admin interface. This is a deliberate security design.

= What is the rate limit? =
A maximum of 3 password reset emails may be sent to the same user within any 1-hour window.

= Where is the audit log stored? =
In the custom table `wp_addlc_eap_log`. It is removed on plugin deletion.

== Changelog ==

= 1.0.0 =
* Initial release

== Upgrade Notice ==

= 1.0.0 =
Initial release.
