Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3482413

Timestamp:

03/14/2026 08:52:06 AM (3 weeks ago)

Author:

konceptwise

Message:

readme file update

File:

: 1 edited

authyo-passwordless-login/trunk/readme.txt (modified) (8 diffs)

Legend:

: Unmodified
: Added
: Removed

authyo-passwordless-login/trunk/readme.txt

-                      r3457064
+                      r3482413
 === Authyo Passwordless Login ===
 Contributors: konceptwise
 Tags: passwordless login, otp login, email otp, wordpress login, secure login
+Tags: otp login, passwordless login, wordpress otp, email otp, two factor authentication
 Requires at least: 5.0
 Tested up to: 6.9
 …
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
+Enable secure passwordless login for WordPress using email OTP. Users log in without passwords via one-time codes sent by Authyo.
+Enable secure OTP login for WordPress with passwordless authentication using email-based one-time passwords (OTP) powered by Authyo.
 == Description ==
+Authyo Passwordless Login enables a modern, secure passwordless authentication system for WordPress using email-based one-time passwords (OTP).
+Users simply enter their email address, receive an OTP via email, verify the code, and are automatically logged in — no passwords required at any stage.
+This plugin is officially developed and maintained by Konceptwise Digital Media Pvt. Ltd. and uses Authyo’s secure OTP authentication services.
+= Key Features =
+* Fully passwordless WordPress login using email OTP
+Authyo Passwordless Login enables secure **OTP login for WordPress** using email-based one-time passwords. It replaces traditional passwords with a modern **passwordless authentication system** that improves login security and simplifies the user experience.
+Users simply enter their email address, receive a one-time password (OTP), verify the code, and are automatically logged in — no passwords required.
+This plugin is officially developed and maintained by **Konceptwise Digital Media Pvt. Ltd.** and uses **Authyo's secure OTP authentication infrastructure**.
+With Authyo Passwordless Login, WordPress administrators can implement **passwordless login**, improve **account security**, and eliminate risks related to password leaks or weak credentials.
+== Key Features ==
+* Passwordless login for WordPress using email OTP
 * No passwords stored or required
 * Secure token-based authentication (single-use, time-limited)
 * OTP delivered via Authyo’s secure email service
 * **Fallback Method:** You can set your two-factor authentication app as a fallback method if you have trouble with email OTPs.
 * Works with default WordPress login page
+* Secure token-based authentication (single-use and time-limited)
+* OTP delivered via Authyo's secure email service
+* **Fallback Method:** Optional two-factor authenticator app if email OTP fails
+* Works with the default WordPress login page
 * AJAX-powered login flow (no page reloads)
 * Automatic dashboard redirect after login
 * Enable / disable passwordless login anytime
+* Automatic dashboard redirect after successful login
+* Enable or disable passwordless login anytime
 * Compatible with custom login URL plugins (e.g., WPS Hide Login)
+= How It Works: =
+== Use Cases ==
+This plugin is ideal for:
+* WordPress sites that want **OTP login instead of passwords**
+* Improving **WordPress login security**
+* Enabling **passwordless authentication**
+* Preventing password brute-force attacks
+* Membership websites and user portals
+* Sites that want a **simple two-factor authentication alternative**
+== How It Works ==
 . User enters their email address on the WordPress login page
 . Authyo sends a one-time password (OTP) via email
 . User verifies the OTP
+. WordPress logs the user in automatically using a secure, single-use token
+= About Konceptwise & Authyo =
+Konceptwise is the parent company and original developer of this plugin. Authyo is a product developed and owned by Konceptwise that provides secure OTP-based authentication services. This plugin is officially maintained by Konceptwise and uses Authyo to enable passwordless login for WordPress users.
+. WordPress logs the user in automatically using a secure single-use token
+No password is required during the login process.
+== About Konceptwise & Authyo ==
+Konceptwise Digital Media Pvt. Ltd. is the parent company and original developer of this plugin.
+**Authyo** is a secure authentication platform developed by Konceptwise that provides OTP-based verification services for websites and applications.
+This plugin integrates WordPress with Authyo's authentication infrastructure to provide secure passwordless login functionality.
 == Video Tutorial ==
 …
 https://www.youtube.com/watch?v=cStBvoHTzro
 == Installation ==
 …
 . Download the plugin files
 . Upload the authyo-passwordless-login folder to /wp-content/plugins/ directory
 . Activate the plugin through the 'Plugins' menu in WordPress
 . Navigate to Settings > Authyo Passwordless Login to configure the plugin
+. Upload the `authyo-passwordless-login` folder to `/wp-content/plugins/`
+. Activate the plugin from the **Plugins** menu in WordPress
+. Go to **Settings → Authyo Passwordless Login** to configure the plugin
 == External Services ==
 …
 Purpose:
 - To verify ownership of the provided email address through OTP verification
+- After successful OTP verification, a secure, browser-bound single-use token is generated
+- The token allows WordPress to complete authentication without requiring a password
+- Token-based authentication is fully secure, browser-locked, time-limited (5 minutes), and single-use
+- After successful OTP verification, a secure browser-bound login token is generated
+- The token allows WordPress to authenticate users without passwords
 Data Storage:
 - OTP session data (email, user ID, mask ID) is stored temporarily in WordPress transients (expires after 10 minutes)
 - Login tokens are stored temporarily in WordPress transients (expires after 5 minutes, deleted immediately after use)
+- Login tokens are stored temporarily in WordPress transients (expires after 5 minutes and deleted immediately after use)
 - No user data is permanently stored by this plugin
 …
 https://authyo.io/privacy-policy
 = Requirements =
+== Requirements ==
 * WordPress 5.0 or higher
 …
 . Sign up for an account at https://authyo.io
 . Log in to your Authyo dashboard
 . Navigate to your app settings
 . Copy your App ID, Client ID, and Client Secret
+. Navigate to your application settings
+. Copy your **App ID**, **Client ID**, and **Client Secret**
 = Plugin Setup =
 . Go to Settings > Authyo Passwordless Login in your WordPress admin
 . Check the Enable Passwordless Login checkbox to activate the feature
+. Go to **Settings → Authyo Passwordless Login**
+. Enable **Passwordless Login**
 . Enter your Authyo API credentials:
    * Authyo App ID
    * Authyo Client ID
    * Authyo Client Secret
 . Click Save Settings
+. Click **Save Settings**
 Once configured, the passwordless login form will appear on your WordPress login page.
 …
 . Users enter the OTP code to verify their email ownership
 . After successful OTP verification, a secure single-use token is generated
 . Users are automatically redirected and logged in to WordPress
 . No password is ever required - fully passwordless authentication
+. WordPress logs the user in automatically
+. No password is required
 = Can I use this with custom login pages? =
+Yes, you can use the shortcode [authyo_login] on any page or template, or use the PHP function authyo_passwordless_login_form() in your theme templates.
+Yes. You can use the shortcode `[authyo_login]` on any page or template.
+You may also use the PHP function:
+`authyo_passwordless_login_form()`
+inside your theme templates.
 = What happens if a user doesn't receive the OTP? =
+Users can click the "Resend OTP" button to request a new OTP code. The OTP expires after 5 minutes (as configured with Authyo). The login token expires after 5 minutes if not used, and is deleted immediately after successful login for security.
+Users can click **Resend OTP** to request a new code.
+The OTP expires after 5 minutes. Login tokens also expire after 5 minutes and are deleted immediately after successful login.
 = Is this plugin secure? =
+Yes, the plugin implements multiple security layers:
+Yes. The plugin implements multiple security layers:
 * Nonce verification for all AJAX requests (prevents CSRF attacks)
 * Email address validation and user existence verification
 * Secure transient storage for OTP sessions (10-minute expiry)
 * Cryptographically secure token generation using WordPress core functions
 * Browser-bound tokens: Tokens are validated against a hashed User-Agent to prevent cross-browser replay attacks
 * Single-use tokens that are deleted immediately after successful login
 * Time-limited tokens (5-minute expiry) to prevent long-term exposure
 * Token format validation to prevent injection attacks
+* Browser-bound tokens validated using a hashed User-Agent signature
+* Single-use tokens deleted immediately after successful login
+* Time-limited tokens (5-minute expiry)
+* Replay attack prevention
 * Authentication completed using WordPress core authentication mechanisms
-* Replay attack prevention through immediate token deletion and User-Agent signature validation
 == Changelog ==

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 3482413

Legend:

authyo-passwordless-login/trunk/readme.txt

Download in other formats: