=== Multi Site User Bridge ===
Contributors: eratalay
Plugin Name: Multi Site User Bridge
Plugin URI: https://pluginlib.org/plugin/multi-site-user-bridge
Author URI: https://pluginlib.org/profile/eratalay
Tags: sso, sync, users, multisite, bridge
Requires at least: 5.0
Tested up to: 6.9
Stable tag: 1.0.0
Requires PHP: 7.2
License: GPLv2 or later

Sync users securely across two WP sites with automatic single sign-on (SSO).

== Description ==

Multi Site User Bridge is a professional, open-source, and lightweight bridge plugin designed to keep user accounts continuously synced between two separate WordPress installations. 

When a user account exists on one site, its data is automatically transferred to the other. Furthermore, by utilizing the built-in Single Sign-On (SSO) feature, visitors who log into the first site will automatically be recognized and logged into the second site without needing to re-enter their credentials.

**Core Features:**
* **Real-time Synchronization:** When a user registers, updates their profile, or is deleted, changes are instantly reflected on the target site within seconds.
* **Manual Bulk Transfer:** During the initial setup, you can transfer all your existing users to the target site with a single click (processed in safe server-friendly batches).
* **Single Sign-On (SSO):** A user logged into Site A will automatically be authenticated when visiting Site B via a secure invisible bounce redirect.
* **Highly Secure API Architecture:** Both sites communicate using uniquely generated, encrypted API keys. Operations are verified via HMAC algorithms. Passwords are never transmitted in plaintext; only secure hashes are synced.
* **WordPress Standards Compliant:** Coded with 100% adherence to WordPress library rules, Nonce security, and strict REST API best practices for a lightweight and stable experience.

== Installation ==

1. Upload the plugin zip file to BOTH of your WordPress sites.
2. Activate the plugin on both sites.
3. On Site 1, go to 'Settings > User Bridge'. Copy 'Your Local API Key'.
4. Go to the settings page on Site 2, paste Site 1's URL and the copied API Key into the target fields.
5. Copy 'Your Local API Key' from Site 2 and paste it into the target field on Site 1.
6. Choose your Synchronization Mode, check the Privacy Consent box, and save the settings.
7. (Optional) Start the initial sync by clicking the "Sync All Users to Target" button.

== Frequently Asked Questions ==

= Is the plugin secure? =
Yes. All data transfers are handled through the REST API and authenticated using site-specific encrypted API keys (via the X-MSUB-API-Key header).

= How are passwords transferred? =
Passwords are never transmitted as plain text. The encrypted password hashes are retrieved from the source site and directly written into the target site's database, bypassing the core WP password hashing to maintain perfect hash asymmetry and enhance security.

= How does Single Sign-On (SSO) work? =
When a user logs into the first site, they are bounced to the second site with a secure, 60-second valid HMAC encrypted identity ticket. The second site verifies this, writes the auth cookies in milliseconds, and bounces the user back to the page they originally requested.

== Changelog ==

= 1.0.0 =
* Initial stable release.
* Added Automatic and Manual Synchronization modes.
* Implemented bi-directional SSO module.
* Added GDPR/Privacy warning consent module.