Skildring
Password Less Login is a passwordless and OTP-based login system for WordPress.
Every user — both existing and new — must verify their identity using a One-Time Password (OTP) sent to their email before being logged in.
This ensures that no one can access an account without confirming ownership of the email address, providing a secure, passwordless authentication process.
How It Works
- The user enters their email address.
- The plugin sends a 6-digit OTP to that email.
- The user enters the OTP:
- If the email exists the user is securely logged in.
- If the email is new the user provides a username, verifies the OTP, and a new account is created automatically.
- The OTP is valid for 10 minutes and expires after use.
Note: The plugin never logs in users without OTP verification.
Key Features
- OTP-Based Authentication for All Users – Both existing and new users must verify the OTP before login.
- Passwordless Login – Securely log in using only your email and OTP.
- Auto User Registration – New users can register instantly after OTP verification.
- Temporary OTP (10 Minutes) – Each OTP expires after 10 minutes and can only be used once.
- Rate Limiting – Prevents brute-force or spam OTP requests (maximum 5 per 15 minutes per email).
- Nonce Verification – Protects REST API endpoints from unauthorized access.
- Secure Email Handling – Emails are hashed when stored in transients to protect user data.
- Streamlined User Experience – Clean, minimal login flow with conditional fields for existing vs. new users.
Why Choose Password Less Login?
- No passwords to remember or reset.
- OTP verification ensures true ownership of email.
- Protects against brute-force attacks.
- Simple setup – works with the native WordPress login page.
- Modern and user-friendly design.
- Reduces “Forgot Password” support requests.
Usage
- Go to your WordPress login page.
- Enter your email address and click “Send OTP”.
- Check your email for the OTP.
- Enter the OTP in the login form:
- If your account exists, you’ll be logged in.
- If not, you’ll be prompted to provide a username before registration and login.
- You’ll be redirected to your dashboard after successful verification.
License
This plugin is released under the GPL license. You are free to use and modify it.
For support, contact: sadekur0rahman@gmail.com
Skjermbilete
Login screen with email input. 
OTP verification form for existing users.
Installasjon
Automatic Installation
- Go to your WordPress dashboard Plugins Add New.
- Search for Password Less Login.
- Click Install Now and then Activate.
Manual Installation
- Download the plugin from WordPress.org.
- Upload the
password-less-loginfolder to/wp-content/plugins/. - Activate the plugin through the Plugins menu.
Vanlege spm.
-
Q: Does this plugin log in users automatically when they submit their email?
-
A: No. Users are only logged in after successful OTP verification. Email submission only sends the OTP.
-
Q: What is OTP?
-
A: OTP (One-Time Password) is a 6-digit temporary code valid for 10 minutes.
-
Q: How many times can a user request OTP?
-
A: Users can request up to 5 OTPs every 15 minutes per email to prevent abuse.
-
Q: Is the OTP stored securely?
-
A: Yes. OTPs are stored temporarily and securely using hashed transient keys.
-
Q: Can I customize the OTP email message?
-
A: Yes, you can modify the email template in the plugin settings page.
Omtalar
There are no reviews for this plugin.
Bidragsytarar og utviklarar
“Password Less Login” is open source software. The following people have contributed to this plugin.
Contributors
Omset “Password Less Login” til ditt eige språk.
Interested in development?
Les kjeldekoden, sjekk SVN-lageret eller abonner på utviklingsloggen med RSS.
Endringslogg
1.0.1
- Added OTP verification for both existing and new users.
- Added nonce verification for REST API requests.
- Added rate limiting (5 OTP requests per 15 minutes).
- Enhanced email and OTP sanitization.
- Improved overall security and error handling.
1.0.0
- Initial release with passwordless email login, OTP verification, and auto-registration.