OneCode Login

开发者	oaron
更新时间	2026年5月16日 01:45
PHP版本:	7.4 及以上
WordPress版本:	6.9
版权:	GPLv2 or later
版权网址:	版权信息

下载

详情介绍:

OneCode Login provides a modern, passwordless authentication experience for your WordPress site. Instead of traditional passwords, users receive a secure 6-digit verification code via email. Key Features

Passwordless Authentication - Users log in with just their email address
6-Digit Verification Codes - Secure, time-limited codes sent via email
Rate Limiting - Built-in protection against brute force attacks
Request ID Binding - Each code is bound to a specific login session for enhanced security
Neutral Feedback - Prevents user enumeration attacks by not revealing if an email exists
Customizable - Configure expiry times, cooldowns, and email templates
Accessible - Full keyboard navigation and screen reader support
Gutenberg Block - Easy to add login forms to any page
Shortcode Support - Use [onecode_login] anywhere
wp-login.php Integration - Optionally replace the default WordPress login

Security Features

Cryptographically secure code generation
Configurable code expiry (default: 10 minutes)
Resend cooldown to prevent spam
IP-based and email-based rate limiting
Automatic lockout after failed attempts
Codes are single-use and invalidated after successful login

Use Cases

Membership sites where password fatigue is an issue
Customer portals requiring simple authentication
Internal tools where security without complexity is needed
Any site wanting to improve user experience

安装:

Upload the onecode-login folder to /wp-content/plugins/
Activate the plugin through the Plugins menu in WordPress
Go to Settings > OneCode Login to configure options
Add the login form using the [onecode_login] shortcode or Gutenberg block

Shortcode Options

redirect_to - URL to redirect after successful login
button_text - Custom text for the send code button
verify_text - Custom text for the verify button

Example: [onecode_login redirect_to="/dashboard" button_text="Get Code"]

常见问题:

Does this replace password login completely?

By default, no. OneCode Login works alongside traditional password login. However, you can enable the "Replace wp-login.php" option to use OneCode Login as the primary login method.

What happens if the email does not arrive?

Users can request a new code after the cooldown period (default: 60 seconds). Check your server email configuration if emails consistently fail to deliver.

Is this secure?

Yes. The plugin uses cryptographically secure random number generation, time-limited codes, rate limiting, and request binding to prevent various attack vectors.

Can I customize the email template?

Yes. Go to Settings > OneCode Login > Email tab to customize the subject and body of verification emails. You can use placeholders like {code}, {expires}, {site_name}, and {user_email}.

Does it work with multisite?

The plugin is designed for single-site installations. Multisite compatibility may be added in future versions.

What if a user does not have an account?

The plugin only allows existing users to log in. For security reasons, it does not reveal whether an email address has an account - users always see the same "check your email" message.

更新日志:

1.0.1

Small bug fixes

1.0.0

Initial release
Passwordless login with 6-digit verification codes
Rate limiting and brute force protection
Customizable email templates
Gutenberg block and shortcode support
wp-login.php integration option
Full accessibility support

OneCode Login

标签

下载

详情介绍:

安装:

常见问题:

更新日志: