Description
Capsquery Facial Authentication adds a Login with Face button to wp-login.php and a [capsquery_facial_authentication] shortcode for front-end pages.
How it works
- A user can enrolls their face from Users Profile.
- They set a 4–8 digit PIN as a second factor.
- At login, the browser captures the face locally using face-api.js.
- An encrypted face descriptor is matched on the server.
- The user confirms their identity and enters their PIN.
- Face descriptors encrypted at rest (AES-256-GCM)
- PIN stored as a secure hash
- Rate limiting and brute-force protection
- GDPR export/erase support
Third-party library
Face detection and recognition run entirely in the visitor’s browser using face-api.js (MIT license), bundled under assets/vendor/. Its pretrained model weights are required for the plugin to function and are bundled under assets/models/. Since the raw weight files have no meaningful file extension, each one is stored base64-encoded inside a small .json wrapper file and decoded on request by a plugin REST endpoint — no external network calls or third-party servers are involved.
Requirements
- HTTPS (or localhost for development) — browsers require a secure context for camera access
- PHP OpenSSL extension
- A webcam on the client device
Support
Need help or have questions?
Website: https://capsquery.com/
Email: arijit.paul@capsquery.com
Screenshots






Installation
- Upload the plugin folder to
/wp-content/plugins/capsquery-facial-authentication/or install via Plugins Add New. - Activate the plugin.
- Go to Settings Facial Authentication and confirm Facial Authentication is enabled.
- As a user, open Users Profile, enroll your face, and set a PIN.
- Visit wp-login.php and click Login with Face.
FAQ
-
Who can use Capsquery Facial Authentication in the free version?
-
On a single site, this is typically users with the any role.
-
Are photos stored on the server?
-
No. The plugin stores an encrypted mathematical face descriptor (128 numbers), not an image.
-
Is face matching alone enough to log in?
-
No. A successful face match must be followed by the correct PIN.
-
Does it work without HTTPS?
-
No. Modern browsers block camera access except on HTTPS or localhost.
-
How do I add Facial Authentication to a page?
-
Use the shortcode:
[capsquery_facial_authentication]or[capsquery_facial_authentication redirect="/my-account"] -
What are the .json files under assets/models?
-
They are the pretrained face-api.js (MIT-licensed) neural network weights needed for on-device face detection and recognition. The library’s raw weight files have no standard file extension, so each one is base64-encoded and wrapped in a
.jsonfile; the plugin decodes and streams it back out through its own REST endpoint when the browser loads the model. They are required — the plugin cannot detect or recognize faces without them.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Capsquery Facial Authentication” is open source software. The following people have contributed to this plugin.
ContributorsTranslate “Capsquery Facial Authentication” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.1.0
- Admin settings page (enable/disable, match sensitivity)
- Security fixes: removed user_id override, improved REST validation, proper rate-limit responses
- Privacy/GDPR export and erasure support
- uninstall.php for clean removal
- Conditional shortcode asset loading
1.1.1
- Security improvements
=1.1.2=
* Fixed issues reported during WordPress.org plugin review.
* Code cleanup and compliance improvements.
