With this plugin you can make passwords a thing of the past. All you need is your trusty smartphone with a QR Code reading app.
(Coming soon, iOS companion app that will negate your need for a separate QR Code reading app!)
Disclaimer: A website is only as secure as the least secure component on it. This plugin aims to be more secure than using the default login page.
- Upload plugin to the
- Activate the plugin through the ‘Plugins’ menu in WordPress
- That’s it
- Scan QR code on login screen of your site. (Coming soon, iOS companion app!)
- Open link scanned in your mobile browser.
- That’s it! (If you don’t have a cookie on your mobile browser recognizing you, the first time you try this you’ll have to log in on your phone. After that you should be home free)
- Why do I need to log in on my phone?
You wouldn’t want just ANYONE being able to access your site. Verification is still necessary.
- So what’s this plugin good for?
Once you log in once, you won’t have to again until your phone cookie runs out (every two weeks or so). That should save you SOME hassle.
- What about foo bar?
I have no answer to foo bar dilemma.
Contributors & Developers
“Unlock Digital (No Passwords)” is open source software. The following people have contributed to this plugin.Contributors
Interested in development?
- removed  array for better compatibility. Some QR codes weren’t loading due to forced SSL.
- Made homeurl variable scheme relative
- Created ajax homeurl variable for more accurate QR creation.
- Enabled ability for administrator to disconnect app via site dashboard.
- Added better logs.
- When hash expires login page no longer reloads.
- Fixed issue where page stopped working after being open for a while.
- Removed extra function.
- Now works with WordPress installed in subfolders.
- Mcrypt implemented in encrypting the TOTP hash.
- TOTP lengthened to 8 length and 60 seconds.
- Updated to be used with soon to arrive companion app.
- QR code generation happens on your server, not via a google api.
- Code refactored, restructured.
- Fixed querystring bug
- Updated code to work with WordPress 4.1
- All POST/GET variables have been properly sanitized against XSS attacks. Special thanks to Julio from Boiteaweb.fr for his security analysis and recommendations
- Out of Beta.
- IP confirmation fixed.
- XSS fix. Special thanks to Julio from Boiteaweb.fr for his security analysis and recommendations
- Delay added to prevent dDos attack
- CSRF fix. Special thanks to Julio from Boiteaweb.fr for his security analysis and recommendations
- AJAX, Cron jobs optimized
- $wpdb->prepare added to db queries. Special thanks to scribu
- nonce added.
- get_userdatabylogin updated to get_user_by. Special thanks to ericktedeschi
- Fixed to work in subdirectory installs of wp. Special thanks to hlcws.
- First attempt