[WordPress] 外掛分享： Authyo Passwordless Login

內容簡介

Authyo Passwordless Login 外掛提供安全的 OTP 登入功能，透過電子郵件發送一次性密碼，取代傳統密碼，提升登入安全性並簡化使用者體驗。

【主要功能】
• 使用電子郵件 OTP 進行無密碼登入
• 不需儲存或使用密碼
• 安全的單次使用令牌驗證
• 透過 Authyo 的安全電子郵件服務發送 OTP
• 可選的雙因素驗證應用程式作為備援
• AJAX 驅動的登入流程，無需重新載入頁面

外掛標籤

開發者團隊

原文外掛簡介

Authyo Passwordless Login enables secure OTP login for WordPress using email-based one-time passwords. It replaces traditional passwords with a modern passwordless authentication system that improves login security and simplifies the user experience.
Users simply enter their email address, receive a one-time password (OTP), verify the code, and are automatically logged in — no passwords required.
This plugin is officially developed and maintained by Konceptwise Digital Media Pvt. Ltd. and uses Authyo’s secure OTP authentication infrastructure.
With Authyo Passwordless Login, WordPress administrators can implement passwordless login, improve account security, and eliminate risks related to password leaks or weak credentials.
Key Features

Passwordless login for WordPress using email OTP
No passwords stored or required
Secure token-based authentication (single-use and time-limited)
OTP delivered via Authyo’s secure email service
Fallback Method: Optional two-factor authenticator app if email OTP fails
Works with the default WordPress login page
AJAX-powered login flow (no page reloads)
Automatic dashboard redirect after successful login
Enable or disable passwordless login anytime
Compatible with custom login URL plugins (e.g., WPS Hide Login)

Use Cases
This plugin is ideal for:

WordPress sites that want OTP login instead of passwords
Improving WordPress login security
Enabling passwordless authentication
Preventing password brute-force attacks
Membership websites and user portals
Sites that want a simple two-factor authentication alternative

How It Works

User enters their email address on the WordPress login page
Authyo sends a one-time password (OTP) via email
User verifies the OTP
WordPress logs the user in automatically using a secure single-use token

No password is required during the login process.
About Konceptwise & Authyo
Konceptwise Digital Media Pvt. Ltd. is the parent company and original developer of this plugin.
Authyo is a secure authentication platform developed by Konceptwise that provides OTP-based verification services for websites and applications.
This plugin integrates WordPress with Authyo’s authentication infrastructure to provide secure passwordless login functionality.
Video Tutorial
How to Use Authyo Passwordless Login

External Services
This plugin connects to Authyo’s external API to send and verify one-time passwords (OTP) for passwordless login functionality.
What data is sent:
– User email address (sent to Authyo API when requesting OTP)
– OTP code (sent to Authyo API for verification)
– Mask ID (returned by Authyo API, used for OTP verification)
When data is sent:
– When the user requests an OTP: Email address is sent to Authyo API
– When the user submits an OTP for verification: OTP code and Mask ID are sent to Authyo API
Authentication Flow:
– After successful OTP verification via Authyo API, the plugin generates a secure single-use token using WordPress core functions
– This token is browser-bound using a hashed User-Agent signature to prevent session hijacking
– The token is stored temporarily in WordPress transients and expires after 5 minutes
– The token allows WordPress to complete authentication without requiring a password
– Token is deleted immediately after verification (single-use security)
Purpose:
– To verify ownership of the provided email address through OTP verification
– After successful OTP verification, a secure browser-bound login token is generated
– The token allows WordPress to authenticate users without passwords
Data Storage:
– OTP session data (email, user ID, mask ID) is stored temporarily in WordPress transients (expires after 10 minutes)
– Login tokens are stored temporarily in WordPress transients (expires after 5 minutes and deleted immediately after use)
– No user data is permanently stored by this plugin
Terms of Service:

Terms Service

Privacy Policy:

Privacy Policy

Requirements

WordPress 5.0 or higher
PHP 7.2 or higher
An active Authyo account with API credentials

Configuration
Getting Authyo API Credentials

Sign up for an account at https://authyo.io
Log in to your Authyo dashboard
Navigate to your application settings
Copy your App ID, Client ID, and Client Secret

Plugin Setup

Go to Settings → Authyo Passwordless Login
Enable Passwordless Login
Enter your Authyo API credentials:

Authyo App ID
Authyo Client ID
Authyo Client Secret

Click Save Settings

Once configured, the passwordless login form will appear on your WordPress login page.

延伸相關外掛

All-In-One Security (AIOS) – Security and FirewallAll-In-One Security (AIOS) 是一款功能全面的 WordPress 安...Solid Security – Password, Two Factor Authentication, and Brute Force ProtectionSolid Security 是一款專為 WordPress 網站設計的安全外掛，...WP 2FA – Two-factor authentication for WordPressWP 2FA 是一款免費且易於使用的 WordPress 雙重身份驗證外掛...Wordfence Login SecurityWORDFENCE 登入安全性 Wordfence 登入安全性包含在完整的 Wor...Titan Anti-spam & SecurityTitan Anti-Spam & Security 是一個完整的保護解決方案，...Two Factor (2FA) Authentication via EmailWordPress是全球最受歡迎的內容管理系統（CMS），超過40％的...WP 2-step verificationWordPress 2步驟驗證（Wp2sv）為您的 WordPress 帳戶增加了額...Rublon Multi-Factor Authentication (MFA)重新掌控您的公司！ 所有員工的帳戶安全 無需配置或培訓 ...IP & Country Blocker Lite總結文案: IP＆Country Blocker Lite 是一個功能強大的 WordP...Two Factor Authentication (2FA , MFA, OTP SMS and Email)多因素驗證-雙重因素(2FA/OTP)-可以為任何基於 TOTP 的驗證方...Per User Prompt for Google AuthenticatorWordPress外掛 ＜a href="https://wordpress.org/plugins/goo...SecSignSecSign ID – 以行動裝置登入網站的方式 SecSign ID 是適用於...AuthPressWP 2FA with Telegram 可以讓您使用 Telegram 啟用 WordPress...Bearmor Security```html <!DOCTYPE html> <html> <body> ...Encourage User Activation for Google AuthenticatorGoogle Authenticator 外掛是在你的網站上增加雙重身分驗證的...