{"id":269785,"date":"2026-01-01T06:10:32","date_gmt":"2026-01-01T06:10:32","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/passwordless-login-by-authyo\/"},"modified":"2026-03-14T08:52:37","modified_gmt":"2026-03-14T08:52:37","slug":"authyo-passwordless-login","status":"publish","type":"plugin","link":"https:\/\/test.wordpress.org\/plugins\/authyo-passwordless-login\/","author":23299154,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.3","stable_tag":"1.0.3","tested":"6.9.4","requires":"5.0","requires_php":"7.2","requires_plugins":null,"header_name":"Authyo Passwordless Login","header_author":"konceptwise","header_description":"Passwordless login for WordPress using Authyo OTP service. Users can log in with their email address and receive an OTP for verification.","assets_banners_color":"bccde8","last_updated":"2026-03-14 08:52:37","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/authyo.io\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":289,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"konceptwise","date":"2026-01-01 06:55:34"},"1.0.1":{"tag":"1.0.1","author":"konceptwise","date":"2026-01-01 07:52:45"},"1.0.2":{"tag":"1.0.2","author":"konceptwise","date":"2026-01-22 12:58:33"},"1.0.3":{"tag":"1.0.3","author":"konceptwise","date":"2026-03-14 08:52:37"}},"upgrade_notice":{"1.0.1":"

Performance improvements and screenshot addon.<\/p>","1.0.0":"

Initial release of Authyo Passwordless Login.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3430366,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3430366,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3487161,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3487161,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.0.1","1.0.2","1.0.3"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3430398,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3430398,"resolution":"2","location":"assets","locale":""}},"screenshots":{"1":"Authyo WordPress Passwordless Login","2":"Authyo WordPress Passwordless Login Admin Panel"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[209326,155171,35316,1909,257743],"plugin_category":[38],"plugin_contributors":[247673],"plugin_business_model":[],"class_list":["post-269785","plugin","type-plugin","status-publish","hentry","plugin_tags-email-otp","plugin_tags-otp-login","plugin_tags-passwordless-login","plugin_tags-two-factor-authentication","plugin_tags-wordpress-otp","plugin_category-authentication","plugin_contributors-konceptwise","plugin_committers-konceptwise"],"banners":{"banner":"https:\/\/ps.w.org\/authyo-passwordless-login\/assets\/banner-772x250.png?rev=3487161","banner_2x":"https:\/\/ps.w.org\/authyo-passwordless-login\/assets\/banner-1544x500.png?rev=3487161","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/authyo-passwordless-login\/assets\/icon-128x128.png?rev=3430366","icon_2x":"https:\/\/ps.w.org\/authyo-passwordless-login\/assets\/icon-256x256.png?rev=3430366","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/authyo-passwordless-login\/assets\/screenshot-1.png?rev=3430398","caption":"Authyo WordPress Passwordless Login"},{"src":"https:\/\/ps.w.org\/authyo-passwordless-login\/assets\/screenshot-2.png?rev=3430398","caption":"Authyo WordPress Passwordless Login Admin Panel"}],"raw_content":"\n

Authyo Passwordless Login enables secure OTP login for WordPress<\/strong> using email-based one-time passwords. It replaces traditional passwords with a modern passwordless authentication system<\/strong> that improves login security and simplifies the user experience.<\/p>\n\n

Users simply enter their email address, receive a one-time password (OTP), verify the code, and are automatically logged in \u2014 no passwords required.<\/p>\n\n

This plugin is officially developed and maintained by Konceptwise Digital Media Pvt. Ltd.<\/strong> and uses Authyo's secure OTP authentication infrastructure<\/strong>.<\/p>\n\n

With Authyo Passwordless Login, WordPress administrators can implement passwordless login<\/strong>, improve account security<\/strong>, and eliminate risks related to password leaks or weak credentials.<\/p>\n\n

Key Features<\/h3>\n\n
    \n
  • Passwordless login for WordPress using email OTP<\/li>\n
  • No passwords stored or required<\/li>\n
  • Secure token-based authentication (single-use and time-limited)<\/li>\n
  • OTP delivered via Authyo's secure email service<\/li>\n
  • Fallback Method:<\/strong> Optional two-factor authenticator app if email OTP fails<\/li>\n
  • Works with the default WordPress login page<\/li>\n
  • AJAX-powered login flow (no page reloads)<\/li>\n
  • Automatic dashboard redirect after successful login<\/li>\n
  • Enable or disable passwordless login anytime<\/li>\n
  • Compatible with custom login URL plugins (e.g., WPS Hide Login)<\/li>\n<\/ul>\n\n

    Use Cases<\/h3>\n\n

    This plugin is ideal for:<\/p>\n\n

      \n
    • WordPress sites that want OTP login instead of passwords<\/strong><\/li>\n
    • Improving WordPress login security<\/strong><\/li>\n
    • Enabling passwordless authentication<\/strong><\/li>\n
    • Preventing password brute-force attacks<\/li>\n
    • Membership websites and user portals<\/li>\n
    • Sites that want a simple two-factor authentication alternative<\/strong><\/li>\n<\/ul>\n\n

      How It Works<\/h3>\n\n
        \n
      1. User enters their email address on the WordPress login page<\/li>\n
      2. Authyo sends a one-time password (OTP) via email<\/li>\n
      3. User verifies the OTP<\/li>\n
      4. WordPress logs the user in automatically using a secure single-use token<\/li>\n<\/ol>\n\n

        No password is required during the login process.<\/p>\n\n

        About Konceptwise & Authyo<\/h3>\n\n

        Konceptwise Digital Media Pvt. Ltd. is the parent company and original developer of this plugin.<\/p>\n\n

        Authyo<\/strong> is a secure authentication platform developed by Konceptwise that provides OTP-based verification services for websites and applications.<\/p>\n\n

        This plugin integrates WordPress with Authyo's authentication infrastructure to provide secure passwordless login functionality.<\/p>\n\n

        Video Tutorial<\/h3>\n\n

        How to Use Authyo Passwordless Login<\/strong><\/p>\n\n

        https:\/\/www.youtube.com\/watch?v=cStBvoHTzro<\/p>\n\n

        External Services<\/h3>\n\n

        This plugin connects to Authyo's external API to send and verify one-time passwords (OTP) for passwordless login functionality.<\/p>\n\n

        What data is sent:\n- User email address (sent to Authyo API when requesting OTP)\n- OTP code (sent to Authyo API for verification)\n- Mask ID (returned by Authyo API, used for OTP verification)<\/p>\n\n

        When data is sent:\n- When the user requests an OTP: Email address is sent to Authyo API\n- When the user submits an OTP for verification: OTP code and Mask ID are sent to Authyo API<\/p>\n\n

        Authentication Flow:\n- After successful OTP verification via Authyo API, the plugin generates a secure single-use token using WordPress core functions\n- This token is browser-bound using a hashed User-Agent signature to prevent session hijacking\n- The token is stored temporarily in WordPress transients and expires after 5 minutes\n- The token allows WordPress to complete authentication without requiring a password\n- Token is deleted immediately after verification (single-use security)<\/p>\n\n

        Purpose:\n- To verify ownership of the provided email address through OTP verification\n- After successful OTP verification, a secure browser-bound login token is generated\n- The token allows WordPress to authenticate users without passwords<\/p>\n\n

        Data Storage:\n- OTP session data (email, user ID, mask ID) is stored temporarily in WordPress transients (expires after 10 minutes)\n- Login tokens are stored temporarily in WordPress transients (expires after 5 minutes and deleted immediately after use)\n- No user data is permanently stored by this plugin<\/p>\n\n

        Terms of Service:\nhttps:\/\/authyo.io\/terms-service<\/p>\n\n

        Privacy Policy:\nhttps:\/\/authyo.io\/privacy-policy<\/p>\n\n

        Requirements<\/h3>\n\n
          \n
        • WordPress 5.0 or higher<\/li>\n
        • PHP 7.2 or higher<\/li>\n
        • An active Authyo account with API credentials<\/li>\n<\/ul>\n\n

          Configuration<\/h3>\n\n

          Getting Authyo API Credentials<\/h4>\n\n
            \n
          1. Sign up for an account at https:\/\/authyo.io<\/li>\n
          2. Log in to your Authyo dashboard<\/li>\n
          3. Navigate to your application settings<\/li>\n
          4. Copy your App ID<\/strong>, Client ID<\/strong>, and Client Secret<\/strong><\/li>\n<\/ol>\n\n

            Plugin Setup<\/h4>\n\n
              \n
            1. Go to Settings \u2192 Authyo Passwordless Login<\/strong><\/li>\n
            2. Enable Passwordless Login<\/strong><\/li>\n
            3. Enter your Authyo API credentials:\n\n
                \n
              • Authyo App ID<\/li>\n
              • Authyo Client ID<\/li>\n
              • Authyo Client Secret<\/li>\n<\/ul><\/li>\n
              • Click Save Settings<\/strong><\/li>\n<\/ol>\n\n

                Once configured, the passwordless login form will appear on your WordPress login page.<\/p>\n\n\n

                Manual Installation<\/h4>\n\n
                  \n
                1. Download the plugin files<\/li>\n
                2. Upload the authyo-passwordless-login<\/code> folder to \/wp-content\/plugins\/<\/code><\/li>\n
                3. Activate the plugin from the Plugins<\/strong> menu in WordPress<\/li>\n
                4. Go to Settings \u2192 Authyo Passwordless Login<\/strong> to configure the plugin<\/li>\n<\/ol>\n\n\n
                  \n

                  How does passwordless login work?<\/h3><\/dt>\n
                    \n
                  1. Users enter their email address on the login page<\/li>\n
                  2. An OTP code is sent to their email via Authyo<\/li>\n
                  3. Users enter the OTP code to verify their email ownership<\/li>\n
                  4. After successful OTP verification, a secure single-use token is generated<\/li>\n
                  5. WordPress logs the user in automatically<\/li>\n
                  6. No password is required<\/li>\n<\/ol><\/dd>\n

                    Can I use this with custom login pages?<\/h3><\/dt>\n

                    Yes. You can use the shortcode [authyo_login]<\/code> on any page or template.<\/p>\n\n

                    You may also use the PHP function:<\/p>\n\n

                    authyo_passwordless_login_form()\n<\/code><\/pre>\n\n
                    inside your theme templates.<\/p><\/dd>\n
                    What happens if a user doesn't receive the OTP?<\/h3><\/dt>\n
                    Users can click Resend OTP<\/strong> to request a new code.<\/p>\n\n
                    The OTP expires after 5 minutes. Login tokens also expire after 5 minutes and are deleted immediately after successful login.<\/p><\/dd>\n
                    Is this plugin secure?<\/h3><\/dt>\n
                    Yes. The plugin implements multiple security layers:<\/p>\n\n
                      \n
                    • Nonce verification for all AJAX requests (prevents CSRF attacks)<\/li>\n
                    • Email address validation and user existence verification<\/li>\n
                    • Secure transient storage for OTP sessions (10-minute expiry)<\/li>\n
                    • Cryptographically secure token generation using WordPress core functions<\/li>\n
                    • Browser-bound tokens validated using a hashed User-Agent signature<\/li>\n
                    • Single-use tokens deleted immediately after successful login<\/li>\n
                    • Time-limited tokens (5-minute expiry)<\/li>\n
                    • Replay attack prevention<\/li>\n
                    • Authentication completed using WordPress core authentication mechanisms<\/li>\n<\/ul><\/dd>\n\n<\/dl>\n\n\n
                      1.0.3<\/h4>\n\n
                        \n
                      • Added video tutorial to readme<\/li>\n
                      • Improved Google Authenticator fallback logic to hide on non-existent users<\/li>\n
                      • Minor bug fixes<\/li>\n<\/ul>\n\n
                        1.0.2<\/h4>\n\n
                          \n
                        • Added two factor authenticator as backup method<\/li>\n
                        • Performance improvements<\/li>\n<\/ul>\n\n
                          1.0.1<\/h4>\n\n
                            \n
                          • Performance improvements<\/li>\n
                          • Screenshot addon<\/li>\n<\/ul>\n\n
                            1.0.0<\/h4>\n\n
                              \n
                            • Initial release<\/li>\n
                            • Fully passwordless login with OTP verification<\/li>\n
                            • Secure token-based automatic authentication<\/li>\n
                            • Single-use, time-limited login tokens<\/li>\n
                            • WordPress login page integration<\/li>\n
                            • Custom login shortcode [authyo_login]<\/li>\n
                            • Admin settings page<\/li>\n
                            • AJAX-powered authentication flow<\/li>\n
                            • Immediate dashboard redirect after login<\/li>\n
                            • WordPress.org security compliance<\/li>\n
                            • Replay attack prevention<\/li>\n
                            • Cryptographically secure token generation<\/li>\n<\/ul>","raw_excerpt":"Enable secure OTP login for WordPress with passwordless authentication using email-based one-time passwords (OTP) powered by Authyo.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/269785","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=269785"}],"author":[{"embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/konceptwise"}],"wp:attachment":[{"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=269785"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=269785"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=269785"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=269785"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=269785"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=269785"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}