Secure Login Collector

Secure Login Collector gives agencies and freelancers a safe hand-off point for client credentials. Clients fill in a branded form, everything is encrypted before it leaves their browser, and your team only unlocks it inside WordPress. No more password spreadsheets, chat messages, or liability-inducing emails. How a login data submission flows

1. Client opens your credential intake page and fills in the required fields (name, email, service, username, password, notes (optiona)).
2. The data is locked on their device before it is sent anywhere [browser-based Web Crypto + RSA-2048 key exchange + AES-256-GCM payloads].
3. The encrypted package lands in your WP database table together with metadata for auditing [Zero-knowledge encryption].
4. Your team gets notified, signs in to WordPress, and decrypts items inside the admin dashboard.

Free version features (included)

• Client-side sealing – credentials are encrypted before they leave the browser, so email or transport leaks cannot expose them.
• Zero-knowledge encryption – the server never sees the unwrapped private key; secrets are only readable once an admin unlocks them locally inside WordPress.
• WP admin decryption – only logged-in admins with the proper capability and the correct password can unlock submissions inside the dashboard, keeping everything in one place.
• Submission inbox & search – view, sort, and filter all requests with name, service, timestamps, and notes, then copy credentials when you need them.
• Instant notifications – each submission triggers an email so projects keep moving without checking the dashboard every hour.
• Accessible client experience – responsive form, password visibility toggle, optional help text, and field-level validation keep clients confident while still being secure.

Pro version extras (via Secure Login Collector Pro)

• Passkey-first approvals – require Touch ID, Windows Hello, YubiKey, or password-manager passkeys before every decrypt/export event.
• Spam and bot defense – invisible honeypot fields, nonce verification, rate limiting, and IP-aware hooks block automated dumps without annoying clients.
• Retention & cleanup controls – choose how long data stays accessible and let the plugin redact expired payloads automatically.
• Bulk decrypt & export – decrypt multiple entries at once and export directly to Bitwarden, 1Password, LastPass, Dashlane, CSV, or JSON for team password vaults.

Freemius & privacy This plugin bundles the Freemius SDK for licensing, secure payments, and (optional) telemetry. Nothing is shared until you explicitly opt in. When you do, only environment details (site URL, WP/PHP version, plugin version) plus contact email/locale are sent to Freemius so upgrades and receipts work. Client submissions, encrypted payloads, and decrypted credentials never leave your hosting environment. Disclaimer Security is a shared responsibility. We ship the tools, but you control how and where they are used. Install SSL, keep WordPress updated, limit admin access, and review submissions promptly. We are not liable for any damage, data loss, or regulatory issues that arise from using this plugin—use it at your own risk.

1. Install and activate the plugin
2. Go to Login Data → Settings to configure notifications
3. Register your master password for decryption of login data
4. Create a page and add shortcode: [seculoco_form]
5. Share the page link with clients

For the Pro version (separate plugin available from Freemius), register your passkey device after installation.

2.0.7

• Fix error message when sending form

2.0.6

• Update Freemius SDK

2.0.5

• Fix Translations

2.0.4

• Fix translations

2.0.3

• Remove branding from frontend
• Code quality improvements

2.0.0

• Refactoring for launch at wordpres.org

1.0.0

• Initial release with RSA-2048 + AES-256 encryption
• Auto-deletion
• Email notifications for new submissions