Password Less Login

Beschreibung

Password Less Login is a passwordless and OTP-based login system for WordPress.
Every user — both existing and new — must verify their identity using a One-Time Password (OTP) sent to their email before being logged in.

This ensures that no one can access an account without confirming ownership of the email address, providing a secure, passwordless authentication process.

How It Works

1. The user enters their email address.
2. The plugin sends a 6-digit OTP to that email.
3. The user enters the OTP:
   • If the email exists → the user is securely logged in.
   • If the email is new → the user provides a username, verifies the OTP, and a new account is created automatically.
4. The OTP is valid for 10 minutes and expires after use.

Note: The plugin never logs in users without OTP verification.

Key Features

• OTP-Based Authentication for All Users – Both existing and new users must verify the OTP before login.
• Passwordless Login – Securely log in using only your email and OTP.
• Auto User Registration – New users can register instantly after OTP verification.
• Temporary OTP (10 Minutes) – Each OTP expires after 10 minutes and can only be used once.
• Rate Limiting – Prevents brute-force or spam OTP requests (maximum 5 per 15 minutes per email).
• Nonce Verification – Protects REST API endpoints from unauthorized access.
• Secure Email Handling – Emails are hashed when stored in transients to protect user data.
• Streamlined User Experience – Clean, minimal login flow with conditional fields for existing vs. new users.

Why Choose Password Less Login?

• No passwords to remember or reset.
• OTP verification ensures true ownership of email.
• Protects against brute-force attacks.
• Simple setup – works with the native WordPress login page.
• Modern and user-friendly design.
• Reduces “Forgot Password” support requests.

Usage

1. Go to your WordPress login page.
2. Enter your email address and click “Send OTP”.
3. Check your email for the OTP.
4. Enter the OTP in the login form:
   • If your account exists, you’ll be logged in.
   • If not, you’ll be prompted to provide a username before registration and login.
5. You’ll be redirected to your dashboard after successful verification.

License

This plugin is released under the GPL license. You are free to use and modify it.

For support, contact: sadekur0rahman@gmail.com