外掛標籤
開發者團隊
原文外掛簡介
Keyless Login brings modern, phishing-resistant authentication to your WordPress site.
Log in with your fingerprint, face, or a hardware security key — no password ever required or transmitted. Implemented entirely in pure PHP using only the built-in openssl extension. No Composer, no vendor folder, no third-party libraries.
How It Works
KeylessWP implements the W3C WebAuthn Level 2 specification from scratch:
A custom CBOR decoder parses authenticator data
Custom ASN.1/DER builders construct public keys
PHP’s built-in openssl_verify() verifies ECDSA P-256 (ES256) and RSA-2048 (RS256) signatures
Credentials are stored in a dedicated database table with sign-count clone detection
Supported Authentication Methods
🖐 Fingerprint sensors (Touch ID, Windows Hello)
😊 Face recognition (Face ID, Windows Hello face camera)
🔑 Hardware security keys (YubiKey, Google Titan Key, Feitian)
🔐 Platform passkey managers (iCloud Keychain, Google Password Manager)
Features
Full FIDO2 / WebAuthn Level 2 implementation — pure PHP
ECDSA P-256 (ES256) and RSA-2048 (RS256) signature verification
Zero external libraries — only PHP’s built-in openssl extension required
Passkey registration and management from the user profile page
Per-credential device naming, creation date, and last-used tracking
Sign-count verification on every authentication (clone detection)
Phishing-resistant: credentials are cryptographically bound to your domain
Admin settings page with live usage statistics
Graceful fallback: the standard password form remains available
Translatable — all strings use __() with the keylesswp text domain
Privacy
KeylessWP does not collect, transmit, or share any user data. No external services are contacted. Biometric data never leaves the user’s device — only a cryptographic public key is stored on the server.
