The craze of passwordless authentication on WordPress websites is increasing day by day, and if you’re a professional blogger or website owner, then you’re definitely looking for some ways to streamline your processes and make your life easier.
Well, in this case, I’ve good news for you; Ilya Zolotov from the WP Buster team has launched a free plugin named “Passwordless WP,” which enables its user to login to their WordPress website using Face ID, Touch ID, or through a secure PIN.
In this blog post, I will show you how to set up passwordless authentication in WordPress so that you can save time and start using this helpful feature immediately. And yes, this will be the perfect way to save your websites from script kiddies and hackers!
So, let’s get started…
What is Passwordless Authentication?
Before we dive into the how-to steps, let’s take a moment to understand what passwordless authentication is and how it can benefit you.
Passwordless authentication is an extra security measure that allows users to log onto their websites without having to remember or enter any passwords on their websites. Instead of using passwords, users can authenticate their identity by using their email address, Face ID, Touch ID, or through a secure PIN.
Once the user’s identity is verified, it grants them access to the WordPress dashboard.
And when we talk about the benefits of using passwordless authentication on your website, there are many benefits.
- First, it’s more secure than traditional passwords because there’s no need to remember or store your passwords.
- Second, it’s more convenient for users to log in to their dashboard because they don’t have to go through the hassle of creating and remembering multiple passwords.
- And finally, it eliminates the need for customer support inquiries related to forgotten passwords (for eCommerce websites).
How “Passwordless WP” Plugin Developed?
As a blogger, we usually sign up to various websites to test their functionality and access their services. Similarly, Ilya Zolotov has entered his old email ID and password on a website for accessing their services.
One day, he found his email on a leaked public database.
And not only with him, but millions of emails and passwords also leak every year, so he thought of building a secure plugin that doesn’t take any credentials from the user and allows them to access their WordPress website through their Face ID, secure PIN, or through Touch ID.
Creating a plugin like this will only grant access to people with authorized access. And people will log in to their websites more efficiently and seamlessly.
He also stated that,
“I like this feature of my laptop, and I use it every day. I also use it to avoid entering the ‘root’ password in the terminal using my finger. It’s comfortable, and any sniffer can’t capture my password.”
And after Apple’s summer event in 2020, he saw that Apple devices now support passwordless authentication methods in Safari and other browsers. So, he decided to build this plugin using stable cryptographic libraries and an easy-to-use interface. He assures users that it’s safe to use this plugin and also confirms that the plugin doesn’t store any personal data on servers or on any third-party services.
That’s how this plugin came to light.
How Passwordless WP Works?
I know it’s quite common for us to doubt a plugin like this; even when I used this plugin for the first time on my website, I was quite worried.
And before using this plugin on my website, I did some research and found that it works perfectly and stores everything locally on our servers only.
When you install this plugin on your website, it requires an active SSL (or HTTPS) connection to work – unless you’re developing your website locally on localhost. This plugin may also require a minimum PHP 7.2 version to work properly outside of it; the plugin is compatible with all WordPress websites with seamless integration.
In addition, “Passwordless WP” runs on a user level, meaning that all users on your website can create a passwordless authentication and access their account seamlessly without any hassle. And trust me, this is something that is really useful for an eCommerce website or for a website where users need to log in to their accounts.
How does this plugin differ from others?
Well, this is something we can debate on!
I’ve tried different plugins that are available in the market, and most of them use email authentication and OTP for single sign-on (SSO) login. But this plugin works differently. It requires a face ID, secure PIN, or Touch ID to work on your device.
And by using these passwordless methods, you can definitely make your life easier and streamline your life. Plus, adding this plugin to your WordPress website is really simple and easy – but we do recommend taking a complete backup of your site before installing these types of plugins, as it will save you from unforeseen errors in the future.
Now that we understand everything about passwordless authentication, let’s get started with the how-to steps.
How to Set up Passwordless Login in WordPress
Setting up passwordless login in WordPress is really easy and can be done in just a few steps. Here, I am going to share all the steps through which you can enable this feature on your website.
First of all, you need to log into your WordPress admin panel. And once you’re inside the dashboard, you need to visit Plugins > Add New and search for the “Passwordless WP” plugin, as shown in the image above.
Alternatively, you can click here to instantly download the plugin.
As this is a new plugin with fewer downloads, it will not show on the top results. Therefore, you need to find the “Passwordless WP” plugin by WP Busters from the list.
Once you see the plugin developed by “WP Busters,” you need to click on the “Install Now” button and once the plugin is installed, click on the “Activate” button.
After we installed the plugin on your WordPress website, you can now register your token to enable passwordless authentication. To do so, click on the “Add credentials” option that is shown just below the plugin’s name on the plugin page.
Alternatively, you can enable this option from “Users > Profile > Passwordless credentials.”
If you click on the “Add credentials” option, it will further redirect you to another page where you will be asked to add your credentials.
Here, you need to click on the “Register Token.”
As you can see in the image above, I’m using Google Chrome on my MacBook Pro. It supports passwordless authentication with Touch ID, so it’s asking me to use my fingerprint for adding credentials to the website.
If you’re using another device for passwordless authentication, depending on the operating system and passwordless authentication options supported by your device, it will show you either Touch ID, Face ID, or a Secure PIN.
Now verify your identity by using the authentication method that is suitable for you.
Once you verify your identity, a success message will display with the title “Passwordless credentials added.” And now, you can go back to your profile by clicking on the “Go to My Profile” button.
Now, whenever you try to log in to your WordPress admin panel, it will show you another section for passwordless login.
On this page, you need to choose your user and click on it. It will ask for the authentication method that has been added to your account. Once you authorize it, it will open the WordPress dashboard.
Voila! You successfully set up passwordless, secured authentication on your WordPress blog.
Frequently Asked Question
How Does Passwordless WP Better than Other Plugins?
It is way better than other plugins because it doesn’t ask you to authenticate yourself using SMS, Email, or by clicking on any verify link. It seamlessly authenticates you by a glance or fingerprint using the Touch ID, Face ID, or Secure PIN.
Along with it, only people who have access to your device can access the website using these methods. So it is more secure than any other authentication method.
Can I Register More than One Token with Passwordless WP?
Yes, you can register over one device on your website using the Passwordless WP plugin. To do so, go to Users > Profile > Passwordless Login Credentials, and click on “Register New Token.”
It will again open the same window to register the token, and if your device supports passwordless authentication, then you can add your device to your account.
What Authentication Method It Supports?
You can use your glance or fingerprint via Touch ID, Face ID to authenticate yourself for seamless login. It also supports Secure PIN access for authentication.
You can also use the Safari browser on your latest iOS 14 devices to seamlessly authenticate yourself on iPhone. Apart from iOS, I don’t know if it works with Android browsers or not – if you have an android device, please check the plugin and let me know in the comment section below so that I can update the post.
Wrapping Up!
Passwordless authentication is a great way to secure your websites from hackers and unauthorized users. And setting up passwordless login is easy; you just need to install a plugin and do a few things. It’s ready to go!
We’re already using this plugin on several websites, and we absolutely love them.
And we have tried our best to explain each and every detail you should be aware of before installing any passwordless authentication plugin on your website.
✍️ Author’s note;
There is a minor issue I faced with this plugin; it works perfectly on Google Chrome on my MacBook Pro, but when I try to log in from my iOS 15 device on Chrome, I experience many issues, and I would not recommend using this plugin for those who primarily use an iOS device to log in to websites.
So, what are your thoughts on this plugin? Let us know in the comments below.