Linux 软件免费装
Banner图

Advanced Passkeys for Secure Login

开发者 wppasskey
mbuiux
更新时间 2026年6月24日 22:04
PHP版本: 8.0 及以上
WordPress版本: 7.0
版权: GPLv2 or later
版权网址: 版权信息

标签

security login passwordless webauthn passkeys

下载

1.1.8 1.1.9 1.1.10 1.1.7 1.1.5 1.1.6

详情介绍:

Passwords are the single biggest security risk for your WordPress site. They get leaked, reused, or broken by automated brute-force attacks. Standard Two-Factor Authentication (2FA) adds safety, but typing in temporary codes from SMS or authenticator apps introduces annoying friction to your daily workflow. Advanced Passkeys for Secure Login brings the future of un-phishable, modern authentication directly to your WordPress site using the official FIDO2 / WebAuthn standard. Users register a passkey just once using their device's built-in biometric sensor (Face ID, Touch ID, Windows Hello) or a hardware security key (like a YubiKey). Future sign-ins take less than a second—completely bypassing the traditional password field.

安装:

Automatic installation
  1. In your WordPress admin, go to Plugins > Add New
  2. Search for Advanced Passkeys for Secure Login
  3. Click Install Now then Activate
  4. Go to Settings > Advanced Passkeys for Secure Login and enable passkeys
Manual installation
  1. Download the plugin ZIP from WordPress.org
  2. Go to Plugins > Add New > Upload Plugin and upload the ZIP
  3. Click Activate
  4. Go to Settings > Advanced Passkeys for Secure Login and enable passkeys
After activation
  1. Go to Settings > Advanced Passkeys for Secure Login — verify passkeys are enabled and select which roles may use them.
  2. Visit Users > Your Profile and register your first passkey.
  3. Sign out and confirm the Sign in with Passkey button appears on the login page.
  4. Register a backup passkey on a second device to avoid lockout.
Production & Local Environments Passkeys require a secure (HTTPS) connection context. The plugin will actively block passkey flows over plain HTTP in production. If you are testing locally without an SSL certificate, you can bypass this restriction by adding the following line to your wp-config.php file: define( 'ADVAPAFO_ALLOW_HTTP', true ); (Never use this in production!)

屏幕截图:

  • Settings tab with everyday passkey controls, integration module toggles, and eligible role selection.
  • Advanced tab showing technical configuration for login UX, RP settings, challenge timeouts, and rate limiting.
  • Shortcodes tab with copy-ready shortcode cards, quick-start guidance, and integration snippets.
  • User Profile passkey management panel for registering a new passkey and revoking existing credentials.
  • Core WordPress login form with the "Sign in with Passkey" button below the standard password flow in the default black.
  • Core WordPress login form with Last used passkey indicator pill for returning users in light gray.

升级注意事项:

1.1.10 Recommended update: improves conditional UI consistency, legacy authenticator mapping reliability, and registration error clarity. 1.1.9 Recommended update: refines admin footer link/rating styles for better settings-page visibility. 1.1.8 Recommended update: fixes passkey revocation edge cases and improves authenticator brand detection/reporting reliability. 1.1.7 Recommended update: aligns plugin author metadata for WordPress.org listing consistency. 1.1.6 Recommended update: ensures WordPress.org visual assets are included in automated deploys. 1.1.5 Recommended update: strengthens sanitize/validate/escape protections and improves CI workflow safety checks. 1.1.4 Recommended update: adds dashboard visibility, hardens request validation, and improves release packaging quality gates. 1.1.2 Recommended update: adds integration module controls, Gutenberg block support, and shortcode UX improvements.

常见问题:

Does this replace passwords entirely?

No. Passkeys act as a seamless, high-security alternative sign-in method. Users retain their standard WordPress passwords as a reliable fallback.

Which browsers and devices are supported?

Any browser supporting the WebAuthn standard (all major platforms since 2022) including Chrome, Safari, Firefox, and Edge. Supported hardware includes iPhones, iPads, Macs, Android devices, Windows Hello machines, and physical FIDO2/U2F security keys like YubiKeys.

Is HTTPS required?

Yes, in production environments. The official WebAuthn specification mandates a secure context. See the local development instructions in the Installation tab to test locally via HTTP.

What PHP extensions do I need?

The plugin relies on openssl, mbstring, and json. These core extensions are compiled by default on almost every modern managed WordPress host.

Can I control which user roles can use passkeys?

Yes. Navigate to Settings > Advanced Passkeys for Secure Login > Eligible Roles. While it defaults strictly to Administrators, you can provision passkeys for any core or custom role on your site.

Which shortcodes are available?

Core shortcodes:

  • [advapafo_login_button]
  • [advapafo_register_button]
  • [advapafo_passkey_profile]
  • [advapafo_passkey_prompt] Integration-specific shortcodes: (active when corresponding plugins are running)
  • [advapafo_woocommerce_login]
  • [advapafo_edd_login]
  • [advapafo_memberpress_login]
  • [advapafo_ultimate_member_login]
  • [advapafo_learndash_login]
  • [advapafo_buddyboss_login]
  • [advapafo_gravityforms_login]
  • [advapafo_pmp_login]

Which integration Gutenberg blocks are available?

When an integration dependency is active, the plugin registers matching blocks:

  • advanced-passkey-login/woocommerce-login-card
  • advanced-passkey-login/edd-login-card
  • advanced-passkey-login/memberpress-login-card
  • advanced-passkey-login/ultimate-member-login-card
  • advanced-passkey-login/learndash-login-card
  • advanced-passkey-login/buddyboss-login-card
  • advanced-passkey-login/gravityforms-login-card
  • advanced-passkey-login/pmp-login-card

What happens if I deactivate or delete the plugin?

Deactivating keeps your data safe. Deleting (uninstalling) triggers a strict housekeeping routine that cleanly drops the wp_wpk_credentials, wp_wpk_rate_limits, and wp_wpk_logs tables alongside all advapafo_* options.

Is the plugin multisite compatible?

Yes. Database tables partition dynamically per site via $wpdb->prefix. Network activation auto-provisions existing sites and seamlessly configures any newly deployed network sites.

Can I use a custom RP ID for subdomain setups?

Yes. Simply add define( 'ADVAPAFO_RP_ID', 'example.com' ); directly into your site's wp-config.php file.

Can I override the login button template in my theme?

Yes. Copy the plugin template file to your active theme override directory: /wp-content/themes/your-child-theme/advanced-passkeys/login/button.php or in a parent theme: /wp-content/themes/your-parent-theme/advanced-passkeys/login/button.php Minimal override header example: <?php /** * Advanced Passkeys template override: login button. * /wp-content/themes/your-child-theme/advanced-passkeys/login/button.php */ if ( ! defined( 'ABSPATH' ) ) { exit; }

What happens when Conditional UI is enabled?

When enabled in Settings > Advanced:

  • Browser-supported passkey autofill can appear on the username field.
  • The manual "Sign in with Passkey" button is hidden on wp-login.php.
  • The login OR separator is automatically disabled.
  • Password fallback remains available.

更新日志:

1.1.10 1.1.9 1.1.8 1.1.7 1.1.6 1.1.5 1.1.4 1.1.2 1.1.1 1.1.0 1.0.0