Description
CS BioLogin adds passwordless sign-in to WordPress using the WebAuthn standard (FIDO2 / passkeys). Visitors can authenticate with Face ID, Touch ID, Windows Hello, or a platform fingerprint reader. Biometric templates never leave the user’s device; only public key credentials are stored in your WordPress database.
What this plugin does
- Adds a Sign in with Biometrics option on the WordPress login screen (with optional password fallback).
- Lets logged-in users register, rename, update, and remove passkeys from their profile, a front-end shortcode page, or WooCommerce My Account.
- Provides an admin screen for settings, security logs, and per-user device management.
- Applies rate limiting and lockout on authentication attempts.
What this plugin does NOT do
- It does not send user data, credentials, or biometrics to third-party servers. All verification runs on your site over HTTPS.
- It does not store fingerprint or face images—only WebAuthn public keys and device metadata you configure.
How it works
- Administrator enables the plugin under Settings CS BioLogin and chooses which roles may use biometrics.
- User opens their profile (WordPress admin profile,
[csbisebi_device_manager]page, or WooCommerce My Account CS BioLogin) and clicks Add Biometric Device. The browser shows the OS passkey/biometric prompt. - Login — On
wp-login.php(or WooCommerce login), the user chooses biometric sign-in. The plugin issues a WebAuthn challenge via the REST API, verifies the signed response, and creates a normal WordPress session.
REST routes live under csbisebi-biometric-login/v1 on your own site (for example /wp-json/csbisebi-biometric-login/v1/auth/options). No external API keys are required.
WooCommerce
When WooCommerce is active, CS BioLogin adds a My Account tab, checkout/account login prompts, and automatic use of the account area instead of a standalone management page.
Requirements
- WordPress 6.2 or later
- PHP 7.4+ with OpenSSL
- HTTPS on production (WebAuthn requires a secure context;
localhostand*.localare allowed for development)
Privacy and data storage
- Biometric samples stay on the user’s device.
- The plugin stores passkey public keys, optional device labels, timestamps, and security log entries in your WordPress database.
- Uninstalling the plugin (when data removal is enabled via uninstall) drops the custom credentials table and plugin options.
Screenshots
Installation
- Upload the plugin folder
cs-biologin-seamless-biometric-authenticationto/wp-content/plugins/(the zip must containreadme.txtandcs-biologin.phpat the root of that folder—not inside atrunk/subfolder). - Activate CS BioLogin – Seamless Biometric Authentication on the Plugins screen.
- Ensure your site uses HTTPS in production.
- Go to Settings CS BioLogin and save your preferences.
- Log in as a test user, open Users Profile (or WooCommerce My Account CS BioLogin), and register a passkey before testing front-end login.
FAQ
-
Does this store my fingerprint or face on the server?
-
No. WebAuthn keeps biometrics on the device. The site only stores a public key used to verify future logins.
-
Does the plugin call external services?
-
No. Challenges, verification, and credential storage all run on your WordPress installation. JavaScript and CSS are bundled with the plugin (no third-party CDNs).
-
Is HTTPS required?
-
Yes, for production sites. The plugin shows an admin notice if HTTPS is missing (localhost and
.localhosts are exempt for development). -
Can users still log in with a password?
-
Yes, when Allow Password Fallback is enabled in settings.
-
Can visitors create WordPress accounts through the plugin?
-
Only if Settings General Membership Anyone can register is enabled, or if you explicitly enable Allow REST account registration when WordPress registration is disabled under Settings CS BioLogin. Account creation is rate-limited and disabled by default otherwise.
-
Is WooCommerce supported?
-
Yes. Device management appears under My Account, and biometric login can appear on WooCommerce login forms when enabled.
-
Which browsers are supported?
-
Recent Chrome, Safari, Edge, and Firefox on desktop and mobile, where the OS provides a platform authenticator or passkey store. Unsupported browsers can hide the login button via settings.
-
Password managers block the biometric prompt. What should I do?
-
Extensions such as 1Password, Bitwarden, or LastPass may intercept passkey prompts. Enable passkey support in the manager or disable autofill for your site so the native OS dialog (Touch ID, Face ID, Windows Hello) can appear.
-
Can administrators manage user devices?
-
Yes. Use Settings CS BioLogin User Management to reset devices, view logs, and register passkeys on behalf of users (with appropriate capability checks).
Reviews
There are no reviews for this plugin.
Contributors & Developers
“CS BioLogin – Seamless Biometric Authentication” is open source software. The following people have contributed to this plugin.
Contributors
Translate “CS BioLogin – Seamless Biometric Authentication” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.0.0
- Initial release on the WordPress Plugin Directory.
- WebAuthn / FIDO2 / Passkeys registration and authentication (ES256 and RS256).
- Passwordless login on the WordPress login screen with optional password fallback.
- WooCommerce: My Account endpoint, checkout and account login popups, and device management UI.
- Multi-device support with rename, update passkey, remove, and duplicate-device handling.
- Admin settings (roles, force biometric, rate limits, lockout, UI options) plus security event logs and user device management.
- Passkey setup reminder banner for users without a registered device.
- No external services or CDNs; credentials stored locally in the database.