=== MDO Lite ===
Contributors: markusfroendhoff
Tags: divi, double opt-in, contact form, email confirmation, gdpr
Requires at least: 5.6
Tested up to: 7.0
Requires PHP: 7.2
Stable tag: 1.0.3
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Double opt-in for Divi contact forms. Requests are forwarded only after the visitor confirms their email address.

== Description ==

**MDO Lite** adds a simple double opt-in workflow to **Divi contact form modules**. When a visitor submits a Divi contact form, the plugin:

1. Sends a confirmation email with a secure link
2. Forwards the original form message to you only after the visitor clicks the link

No WordPress user account is required for visitors.

= Full version =

Need **Contact Form 7**, experimental universal form support, or extended options? The full plugin **MailDoubleOptin** is available at [plugins.froendhoff.com](https://plugins.froendhoff.com/MDO/).

= Privacy =

MDO Lite does not connect to external servers. All pending confirmations are stored in your WordPress database. Confirmation emails are sent via your site's own `wp_mail()` configuration.

== Installation ==

1. Upload the plugin folder to `/wp-content/plugins/mdo-lite/` or install via the WordPress plugins screen.
2. Activate the plugin.
3. Open **Settings → MDO Lite** and enable double opt-in for Divi forms.
4. Make sure the Divi theme or Divi Builder is active.

== Frequently Asked Questions ==

= Does this work with Contact Form 7? =

No. MDO Lite supports Divi contact forms only. Use the full version at plugins.froendhoff.com for CF7.

= Does the plugin send data to third-party servers? =

No. MDO Lite works entirely on your WordPress site.

= How is form submission secured without WordPress nonces? =

Divi contact forms are public front-end forms and do not include WordPress nonces. The plugin only reads POST data during an active Divi contact form submission, validates email addresses, and sanitizes all stored fields. Email confirmation uses a one-time random token in the link (GET request), not admin actions.

== Changelog ==

= 1.0.3 =
* Review: removed WordPress.org directory icons from plugin package (SVN assets only).
* Review: close Divi response output buffer explicitly on shutdown.
* Review: document public confirmation-link and Divi form POST security model.

= 1.0.2 =
* German translation (de_DE).
* Plugin Check: security/i18n fixes, tested up to WordPress 7.0.

= 1.0.1 =
* Fix: Fatal error on activation (syntax error in Divi handler).

= 1.0.0 =
* Initial WordPress.org release.
* Divi contact form double opt-in.

== Upgrade Notice ==

= 1.0.0 =
Initial release.
