[WordPress] 外掛分享: Keyless Auth – Login without Passwords

WordPress 外掛 Keyless Auth – Login without Passwords 的封面圖片。

前言介紹

  • 這款 WordPress 外掛「Keyless Auth – Login without Passwords」是 2025-09-11 上架。
  • 目前有 20 個安裝啟用數。
  • 上一次更新是 2025-11-24,距離現在已有 93 天。
  • 外掛最低要求 WordPress 3.9 以上版本才可以安裝。
  • 尚未有人給過這款外掛評分。
  • 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。

外掛協作開發者

chrmrtns |

外掛標籤

2FA | smtp | passwordless | secure login | authentication |

內容簡介

總結:Keyless Auth 是一個讓使用者可以安全登入您的 WordPress 網站而無需記住密碼的外掛。只需輸入他們的電子郵件地址,他們就會收到一個神奇的登入連結 - 安全、快速且使用者友善。

1. Keyless Auth 外掛的新功能在 v2.0.11 版本中包括:
- 📧 關鍵 SMTP 修復 - 修復了未使用寄件者電子郵件的問題,現在電子郵件正確地從配置好的 SMTP 地址發送。
- 📝 修復郵件記錄 - 解決了郵件日誌保存問題,其 post type 名稱長度問題。
- 🔧 修復 wp-config.php 指示 - 恢復了用於認證存儲切換顯示的遺失 JavaScript。
- 🐛 修復致命錯誤 - 解決了郵件記錄頁面中多個未定義函數錯誤。
- 🔍 增強診斷 - 添加了診斷信息以幫助解決郵件記錄問題。

2. Keyless Auth 外掛在 v2.0.10 版本中的功能包括:
- 🛡️ WordPress.org 外掛檢查合規性 - 解決了所有輸入驗證和消毒警告。
- 🔒 增強安全 - 修復了 wp_unslash() 問題,刪除了不安全的重複表單處理。
- ⚡ 提升代碼質量 - 消除了 POST 資料處理中的安全漏洞。
- 🧹 代碼清理 - 刪除了繞過安全檢查的多餘 save_settings() 方法。

3. Keyless Auth 外掛在 v2.0.9 版本中新增的功能有:
- 🏷️ WordPress.org 已準備就緒 - 完全重新品牌為「Keyless Auth」以符合 WordPress.org 的合規要求。
- 🔧 增強前綴 - 所有函數/類別使用唯一的「chrmrtns_kla_」前綴。
- 🛡️ 安全強化 - 通過適當消毒改進了 nonce 驗證。
- ⚡ 優化性能 - 將內聯 JS/CSS 轉換為適當的 wp_enqueue 系統。
- 📋 代碼合規 - 完全符合 WordPress.org 外掛檢查合規性。
- 🎯 簡化短代碼 - 新的 [keyless-auth] 短代碼。

原文外掛簡介

Transform your WordPress login experience with passwordless authentication. Users simply enter their email address and receive a secure magic link – click to login instantly. It’s more secure than weak passwords and infinitely more user-friendly.
Why Choose Keyless Auth?

Enhanced Security: No more weak, reused, or compromised passwords
Better User Experience: One click instead of remembering complex passwords
Reduced Support: Eliminate “forgot password” requests
Modern Authentication: Enterprise-grade security used by Slack, Medium, and others
Security Hardening: Built-in protection against brute force attacks and username enumeration

Quick Start

Install and activate the plugin
Create a new page and add the shortcode [keyless-auth]
Configure email templates in Keyless Auth → Templates
Done! Users can now login passwordlessly

Core Features
Ready to Use
* Magic Link Authentication – Secure, one-time login links via email
* Two-Factor Authentication (2FA) – Complete TOTP support with Google Authenticator
* Role-Based 2FA – Require 2FA for specific user roles (admins, editors, etc.)
* Custom 2FA Setup URLs – Direct users to branded frontend 2FA setup pages
* SMTP Integration – Reliable email delivery through your mail server
* Email Templates – Professional, customizable login emails
* Mail Logging – Track all sent emails with delivery status
* Custom Database Tables – Scalable architecture with dedicated audit logs
Advanced Security
* Token Security: 10-minute expiration, single-use tokens
* Audit Logging: IP addresses, device types, login attempts
* Emergency Mode: Grace period system with admin controls
* Secure Storage: SMTP credentials in wp-config.php option
* XML-RPC Disable: Block brute force attacks via XML-RPC interface
* Application Passwords Control: Disable programmatic authentication when not needed
* User Enumeration Prevention: Block username discovery attacks
Customization
* WYSIWYG Email Editor: Full HTML support with live preview
* Advanced Color Controls: Hex, RGB, HSL color formats
* Template System: German, English, and custom templates
* Branding Options: Custom sender names and professional styling
Installation & Setup
Basic Installation
1. WordPress Admin → Plugins → Add New
2. Search for “Keyless Auth”
3. Install and activate
4. Add [keyless-auth] shortcode to any page
SMTP Configuration (Recommended)
1. Navigate to Keyless Auth → SMTP
2. Configure your email provider (Gmail, Outlook, SendGrid, etc.)
3. Test email delivery
4. Save settings
Two-Factor Authentication Setup
1. Go to Keyless Auth → Options
2. Enable “Two-Factor Authentication”
3. Select required user roles
4. Users scan QR code with authenticator app
Email Templates
Template Options
* German Professional: Sleek German-language template
* English Simple: Clean, minimalist design
* Custom HTML: Create your own with WYSIWYG editor
Customization Features
* Full HTML and CSS support
* Color picker for buttons and links
* Responsive email design
* Live template preview
* Placeholder system for dynamic content
Security & Compliance
Token Security
* Generated using WordPress security standards
* Based on user ID, timestamp, and wp-config.php salt
* 10-minute expiration with single-use enforcement
* Secure database storage with automatic cleanup
Two-Factor Authentication
* TOTP-based system compatible with Google Authenticator, Authy
* Role-based requirements for granular control
* Grace period system for smooth user transitions
* Custom verification forms with professional styling
Database Architecture
* Custom tables for optimal performance
* Comprehensive audit logging
* Device tracking and IP monitoring
* Automatic maintenance and cleanup routines
Security Hardening
Keyless Auth includes comprehensive security hardening features to protect your WordPress site from common attack vectors. All features are optional and can be enabled based on your site’s needs.
XML-RPC Disable
* Prevents brute force attacks via WordPress XML-RPC interface
* Reduces attack surface by disabling legacy API
* Recommended for sites not using Jetpack, mobile apps, or pingbacks
Application Passwords Control
* Disable REST API and XML-RPC authentication when programmatic access isn’t needed
* Prevents unauthorized API access
* Recommended for simple sites without third-party integrations
User Enumeration Prevention
* Blocks REST API user endpoints (/wp-json/wp/v2/users)
* Redirects author archives and ?author=N queries
* Removes login error messages that reveal usernames
* Strips comment author CSS classes
* Removes author data from oEmbed responses
* Recommended for business/corporate sites without author profiles
Benefits
* Combined protection against brute force attacks
* Prevents username discovery for targeted attacks
* Reduces unauthorized API access
* Easy to configure without code or .htaccess modifications
* All features include comprehensive documentation
* FTP recovery available if needed
SMTP & Email Delivery
Supported Providers
* Gmail / Google Workspace
* Outlook / Microsoft 365
* Mailgun, SendGrid, Amazon SES
* Any SMTP-compatible service
Advanced Email Features
* Message-ID domain alignment for deliverability
* SPF/DKIM/DMARC compliance
* Custom sender names and addresses
* Bulk email log management
* Delivery status tracking
Secure Credential Storage
Store SMTP credentials securely in wp-config.php:
define('CHRMRTNS_KLA_SMTP_USERNAME', '[email protected]');
define('CHRMRTNS_KLA_SMTP_PASSWORD', 'your-smtp-password');

WordPress Integration
Login Page Integration
* Optional magic login field on wp-login.php
* Seamless integration with existing login flow
* Toggle control for easy enable/disable
* Clean, responsive form styling
Shortcode Usage
Use [keyless-auth] anywhere: pages, posts, widgets, or custom templates.
Developer Features
Hooks & Filters
Customize login redirect:
add_filter(‘wpa_after_login_redirect’, ‘custom_redirect_function’);
Modify email headers:
add_filter(‘wpa_email_headers’, ‘custom_email_headers’);
Change token expiration:
add_filter(‘wpa_change_link_expiration’, ‘custom_expiration_time’);
Modular Architecture
* Clean, organized class structure
* Separated concerns for easy maintenance
* WordPress coding standards compliance
* Extensive documentation and comments
Requirements

WordPress: 3.9 or higher (tested up to 6.8)
PHP: 7.4 or higher
Email Delivery: SMTP recommended for reliability

Note: Keyless Auth complements WordPress’s default login system – it doesn’t replace it.
Developed by Chris Martens | Based on the original Passwordless Login plugin by Cozmoslabs

各版本下載點

  • 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
  • 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Keyless Auth – Login without Passwords」來進行安裝。

(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。

2.1.0 | 2.1.1 | 2.2.0 | 2.2.1 | 2.3.0 | 2.3.1 | 2.4.0 | 2.4.1 | 2.4.2 | 2.5.0 | 2.6.0 | 2.6.1 | 2.6.2 | 2.6.3 | 2.7.0 | 2.7.1 | 2.7.2 | 2.7.3 | 3.0.0 | 3.0.1 | 3.0.2 | 3.0.3 | 3.0.4 | 3.0.5 | 3.1.0 | 3.2.0 | 3.2.1 | 3.2.2 | 3.2.3 | 3.2.4 | trunk | 2.0.11 | 2.0.12 |

延伸相關外掛(你可能也想知道)

文章
Filter
Mastodon