WordPress.org

Ready to get started?Download WordPress

Plugin Directory

!This plugin hasn't been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Autologin Links

WARNING: THIS PLUGIN CAN BE INSECURE IF NOT USED CAUTIOUSLY. Allows selected users to autologin to your WordPress website via autologin links.

This plugin allows admininstators to generate autologin links for their WordPress website, logging in visitors under a certain user name. Administrators can edit (generate and delete) autologin links for users, users can only view their autologin links. Note that This plugin bypasses the standard authentication method of wordpress via login and password and should only be used if you understand the security issues mentioned below and on the plugin website.

Usage

Once this plugin is activated, administrators can generate autologin links on the edit profile administration pages for different users. Users can view their autlogin links on their profile pages. Autologin links are of the form:

http://yourwebsite/[subdirectory/]?autologin_code=ABC123

The login code thereby is 30 tonkens long (randomly generated for security reasons). The example above will bring you to your mainpage. You can also generate create autologin links to specifc pages. For this you change the link and append additional GET requests or specify further subdirectories:

http://yourwebsite/[subdirectory/]?autologin_code=ABC123&p=5

or

http://yourwebsite/[subdirectory/]this_content/?autologin_code=ABC123&x=1&y=2

The plugin will redirect the visitor to the corresponding page after logging in under the username that is linked to ABC123.

Security issues

Since autologin links are meant to be an OPEN way to login to your website and can be viewed by users on their profile, it might be considered an INSECURE plugin for WordPress. I did my best to make it as secure as possible to fit my own needs, but this lead to some design choices which might not sit well with all administrators:

Autologin codes are saved as plain text. This means that anyone who can execute queries on the WordPress database (plugins, administrators, system administrators) can obtain the autologin code for a certain user. I planned an extension of this plugin where login codes are hashed. However, this again has the disadvantage that noone can redisplay a once generated login link.

This is the most severe problem. For a full self-assesment of possible security issues regarding this problem, please visit the plugin website.

Requires: 3.1 or higher
Compatible up to: 3.1.4
Last Updated: 2012-1-25
Downloads: 1,258

Ratings

3 stars
3 out of 5 stars

Support

0 of 1 support threads in the last two months have been resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

0 people say it works.
0 people say it's broken.

100,1,1