{"id":259322,"date":"2025-11-16T16:29:47","date_gmt":"2025-11-16T16:29:47","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/password-less-login\/"},"modified":"2026-01-07T16:26:24","modified_gmt":"2026-01-07T16:26:24","slug":"password-less-login","status":"publish","type":"plugin","link":"https:\/\/azb.wordpress.org\/plugins\/password-less-login\/","author":23373008,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.0.1","stable_tag":"trunk","tested":"6.8.5","requires":"5.9","requires_php":"7.4","requires_plugins":null,"header_name":"Password Less Login","header_author":"Sadekur Rahman","header_description":"This is a plugin that allows users to log in using just their email without a password.","assets_banners_color":"612b64","last_updated":"2026-01-07 16:26:24","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/github.com\/sadekur\/password-less-login","header_author_uri":"https:\/\/github.com\/sadekur\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":251,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"sadekur","date":"2025-11-16 16:29:43"},"1.0.0.2":{"tag":"1.0.0.2","author":"sadekur","date":"2026-01-07 16:26:37"},"1.1.0.1":{"tag":"1.1.0.1","author":"sadekur","date":"2025-11-16 17:15:35"}},"upgrade_notice":{"1.0.1":"<p>Critical security update \u2014 existing users now require OTP verification before login.<br \/>\nPlease update immediately for improved protection and reliability.<\/p>\n\n<hr \/>"},"ratings":[],"assets_icons":{"icon-128x128.jpg":{"filename":"icon-128x128.jpg","revision":3396640,"resolution":"128x128","location":"assets","locale":""}},"assets_banners":{"banner-772x250.jpg":{"filename":"banner-772x250.jpg","revision":3396640,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.0.0.2","1.1.0.1"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3396640,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3396640,"resolution":"2","location":"assets","locale":""}},"screenshots":{"1":"Login screen with email input.","2":"OTP verification form for existing users.","3":"Registration form (email, username, OTP) for new users.","4":"Admin settings page for customizing OTP email templates."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[125445,229014,155171,35316,1228],"plugin_category":[],"plugin_contributors":[250754],"plugin_business_model":[],"class_list":["post-259322","plugin","type-plugin","status-publish","hentry","plugin_tags-easy-login","plugin_tags-email-authentication","plugin_tags-otp-login","plugin_tags-passwordless-login","plugin_tags-secure-login","plugin_contributors-sadekur","plugin_committers-sadekur"],"banners":{"banner":"https:\/\/ps.w.org\/password-less-login\/assets\/banner-772x250.jpg?rev=3396640","banner_2x":false,"banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/password-less-login\/assets\/icon-128x128.jpg?rev=3396640","icon_2x":false,"generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/password-less-login\/assets\/screenshot-1.png?rev=3396640","caption":"Login screen with email input."},{"src":"https:\/\/ps.w.org\/password-less-login\/assets\/screenshot-2.png?rev=3396640","caption":"OTP verification form for existing users."}],"raw_content":"<!--section=description-->\n<p><strong>Password Less Login<\/strong> is a passwordless and OTP-based login system for WordPress.<br \/>\nEvery user \u2014 both existing and new \u2014 must verify their identity using a <strong>One-Time Password (OTP)<\/strong> sent to their email before being logged in.<\/p>\n\n<p>This ensures that no one can access an account without confirming ownership of the email address, providing a secure, passwordless authentication process.<\/p>\n\n<h3>How It Works<\/h3>\n\n<ol>\n<li>The user enters their email address.<\/li>\n<li>The plugin sends a <strong>6-digit OTP<\/strong> to that email.<\/li>\n<li>The user enters the OTP:\n\n<ul>\n<li>If the email exists \u2192 the user is securely logged in.<\/li>\n<li>If the email is new \u2192 the user provides a username, verifies the OTP, and a new account is created automatically.<\/li>\n<\/ul><\/li>\n<li>The OTP is valid for <strong>10 minutes<\/strong> and expires after use.<\/li>\n<\/ol>\n\n<blockquote>\n  <p><strong>Note:<\/strong> The plugin never logs in users without OTP verification.<\/p>\n<\/blockquote>\n\n\n\n<h3>Key Features<\/h3>\n\n<ul>\n<li><strong>OTP-Based Authentication for All Users<\/strong> \u2013 Both existing and new users must verify the OTP before login.<\/li>\n<li><strong>Passwordless Login<\/strong> \u2013 Securely log in using only your email and OTP.<\/li>\n<li><strong>Auto User Registration<\/strong> \u2013 New users can register instantly after OTP verification.<\/li>\n<li><strong>Temporary OTP (10 Minutes)<\/strong> \u2013 Each OTP expires after 10 minutes and can only be used once.<\/li>\n<li><strong>Rate Limiting<\/strong> \u2013 Prevents brute-force or spam OTP requests (maximum 5 per 15 minutes per email).<\/li>\n<li><strong>Nonce Verification<\/strong> \u2013 Protects REST API endpoints from unauthorized access.<\/li>\n<li><strong>Secure Email Handling<\/strong> \u2013 Emails are hashed when stored in transients to protect user data.<\/li>\n<li><strong>Streamlined User Experience<\/strong> \u2013 Clean, minimal login flow with conditional fields for existing vs. new users.<\/li>\n<\/ul>\n\n\n\n<h3>Why Choose Password Less Login?<\/h3>\n\n<ul>\n<li>No passwords to remember or reset.<\/li>\n<li>OTP verification ensures true ownership of email.<\/li>\n<li>Protects against brute-force attacks.<\/li>\n<li>Simple setup \u2013 works with the native WordPress login page.<\/li>\n<li>Modern and user-friendly design.<\/li>\n<li>Reduces \u201cForgot Password\u201d support requests.<\/li>\n<\/ul>\n\n\n\n<h3>Usage<\/h3>\n\n<ol>\n<li>Go to your WordPress login page.<\/li>\n<li>Enter your email address and click \u201cSend OTP\u201d.<\/li>\n<li>Check your email for the OTP.<\/li>\n<li>Enter the OTP in the login form:\n\n<ul>\n<li>If your account exists, you\u2019ll be logged in.<\/li>\n<li>If not, you\u2019ll be prompted to provide a username before registration and login.<\/li>\n<\/ul><\/li>\n<li>You\u2019ll be redirected to your dashboard after successful verification.<\/li>\n<\/ol>\n\n\n\n<h3>License<\/h3>\n\n<p>This plugin is released under the GPL license. You are free to use and modify it.<\/p>\n\n<p>For support, contact: <a href=\"mailto:s&#097;&#x64;&#101;&#x6b;&#x75;&#114;&#x30;r&#097;&#x68;&#109;&#x61;&#x6e;&#064;&#x67;&#109;&#097;&#x69;&#108;&#x2e;c&#111;&#x6d;\">sadekur0rahman@gmail.com<\/a><\/p>\n\n<!--section=installation-->\n<p><strong>Automatic Installation<\/strong><\/p>\n\n<ol>\n<li>Go to your WordPress dashboard \u2192 <strong>Plugins \u2192 Add New<\/strong>.<\/li>\n<li>Search for <strong>Password Less Login<\/strong>.<\/li>\n<li>Click <strong>Install Now<\/strong> and then <strong>Activate<\/strong>.<\/li>\n<\/ol>\n\n<p><strong>Manual Installation<\/strong><\/p>\n\n<ol>\n<li>Download the plugin from WordPress.org.<\/li>\n<li>Upload the <code>password-less-login<\/code> folder to <code>\/wp-content\/plugins\/<\/code>.<\/li>\n<li>Activate the plugin through the <strong>Plugins<\/strong> menu.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id='q%3A%20does%20this%20plugin%20log%20in%20users%20automatically%20when%20they%20submit%20their%20email%3F'><h3>Q: Does this plugin log in users automatically when they submit their email?<\/h3><\/dt>\n<dd><p>A: No. Users are only logged in <strong>after successful OTP verification<\/strong>. Email submission only sends the OTP.<\/p><\/dd>\n<dt id='q%3A%20what%20is%20otp%3F'><h3>Q: What is OTP?<\/h3><\/dt>\n<dd><p>A: OTP (One-Time Password) is a 6-digit temporary code valid for 10 minutes.<\/p><\/dd>\n<dt id='q%3A%20how%20many%20times%20can%20a%20user%20request%20otp%3F'><h3>Q: How many times can a user request OTP?<\/h3><\/dt>\n<dd><p>A: Users can request up to 5 OTPs every 15 minutes per email to prevent abuse.<\/p><\/dd>\n<dt id='q%3A%20is%20the%20otp%20stored%20securely%3F'><h3>Q: Is the OTP stored securely?<\/h3><\/dt>\n<dd><p>A: Yes. OTPs are stored temporarily and securely using hashed transient keys.<\/p><\/dd>\n<dt id='q%3A%20can%20i%20customize%20the%20otp%20email%20message%3F'><h3>Q: Can I customize the OTP email message?<\/h3><\/dt>\n<dd><p>A: Yes, you can modify the email template in the plugin settings page.<\/p>\n\n<\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Added OTP verification for both existing and new users.<\/li>\n<li>Added nonce verification for REST API requests.<\/li>\n<li>Added rate limiting (5 OTP requests per 15 minutes).<\/li>\n<li>Enhanced email and OTP sanitization.<\/li>\n<li>Improved overall security and error handling.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release with passwordless email login, OTP verification, and auto-registration.<\/li>\n<\/ul>","raw_excerpt":"A powerful and easy-to-use WordPress plugin for passwordless and OTP-based login.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/259322","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=259322"}],"author":[{"embeddable":true,"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/sadekur"}],"wp:attachment":[{"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=259322"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=259322"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=259322"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=259322"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=259322"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/azb.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=259322"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}