Opis
Password Less Login is a passwordless and OTP-based login system for WordPress.
Every user — both existing and new — must verify their identity using a One-Time Password (OTP) sent to their email before being logged in.
This ensures that no one can access an account without confirming ownership of the email address, providing a secure, passwordless authentication process.
How It Works
- The user enters their email address.
- The plugin sends a 6-digit OTP to that email.
- The user enters the OTP:
- If the email exists the user is securely logged in.
- If the email is new the user provides a username, verifies the OTP, and a new account is created automatically.
- The OTP is valid for 10 minutes and expires after use.
Note: The plugin never logs in users without OTP verification.
Key Features
- OTP-Based Authentication for All Users – Both existing and new users must verify the OTP before login.
- Passwordless Login – Securely log in using only your email and OTP.
- Auto User Registration – New users can register instantly after OTP verification.
- Temporary OTP (10 Minutes) – Each OTP expires after 10 minutes and can only be used once.
- Rate Limiting – Prevents brute-force or spam OTP requests (maximum 5 per 15 minutes per email).
- Nonce Verification – Protects REST API endpoints from unauthorized access.
- Secure Email Handling – Emails are hashed when stored in transients to protect user data.
- Streamlined User Experience – Clean, minimal login flow with conditional fields for existing vs. new users.
Why Choose Password Less Login?
- No passwords to remember or reset.
- OTP verification ensures true ownership of email.
- Protects against brute-force attacks.
- Simple setup – works with the native WordPress login page.
- Modern and user-friendly design.
- Reduces “Forgot Password” support requests.
Usage
- Go to your WordPress login page.
- Enter your email address and click “Send OTP”.
- Check your email for the OTP.
- Enter the OTP in the login form:
- If your account exists, you’ll be logged in.
- If not, you’ll be prompted to provide a username before registration and login.
- You’ll be redirected to your dashboard after successful verification.
License
This plugin is released under the GPL license. You are free to use and modify it.
For support, contact: sadekur0rahman@gmail.com
Zrzuty ekranu
Login screen with email input. 
OTP verification form for existing users.
Instalacja
Automatic Installation
- Go to your WordPress dashboard Plugins Add New.
- Search for Password Less Login.
- Click Install Now and then Activate.
Manual Installation
- Download the plugin from WordPress.org.
- Upload the
password-less-loginfolder to/wp-content/plugins/. - Activate the plugin through the Plugins menu.
Najczęściej zadawane pytania
-
Q: Does this plugin log in users automatically when they submit their email?
-
A: No. Users are only logged in after successful OTP verification. Email submission only sends the OTP.
-
Q: What is OTP?
-
A: OTP (One-Time Password) is a 6-digit temporary code valid for 10 minutes.
-
Q: How many times can a user request OTP?
-
A: Users can request up to 5 OTPs every 15 minutes per email to prevent abuse.
-
Q: Is the OTP stored securely?
-
A: Yes. OTPs are stored temporarily and securely using hashed transient keys.
-
Q: Can I customize the OTP email message?
-
A: Yes, you can modify the email template in the plugin settings page.
Recenzje
Wtyczka nie ma jeszcze żadnej recenzji.
Kontrybutorzy i deweloperzy
„Password Less Login” jest oprogramowaniem open source. Poniższe osoby miały wkład w rozwój wtyczki.
Zaangażowani
Przetłumacz wtyczkę “Password Less Login” na swój język.
Interesuje cię rozwój wtyczki?
Przeglądaj kod, sprawdź repozytorium SVN lub czytaj dziennik rozwoju przez RSS.
Rejestr zmian
1.0.1
- Added OTP verification for both existing and new users.
- Added nonce verification for REST API requests.
- Added rate limiting (5 OTP requests per 15 minutes).
- Enhanced email and OTP sanitization.
- Improved overall security and error handling.
1.0.0
- Initial release with passwordless email login, OTP verification, and auto-registration.