Title: Keyless Login Author: susheelhbti Published: May 20, 2026 Last modified: May 20, 2026 --- Search plugins ![](https://s.w.org/plugins/geopattern-icon/keyless-login.svg) # Keyless Login By [susheelhbti](https://profiles.wordpress.org/susheelhbti/) [Download](https://downloads.wordpress.org/plugin/keyless-login.zip) * [Details](https://wordpress.org/plugins/keyless-login/#description) * [Reviews](https://wordpress.org/plugins/keyless-login/#reviews) * [Installation](https://wordpress.org/plugins/keyless-login/#installation) * [Development](https://wordpress.org/plugins/keyless-login/#developers) [Support](https://wordpress.org/support/plugin/keyless-login/) ## Description **Keyless Login** brings modern, phishing-resistant authentication to your WordPress site. Log in with your fingerprint, face, or a hardware security key — no password ever required or transmitted. Implemented entirely in pure PHP using only the built-in` openssl` extension. No Composer, no vendor folder, no third-party libraries. #### How It Works KeylessWP implements the [W3C WebAuthn Level 2](https://www.w3.org/TR/webauthn-2/) specification from scratch: * A custom CBOR decoder parses authenticator data * Custom ASN.1/DER builders construct public keys * PHP’s built-in `openssl_verify()` verifies ECDSA P-256 (ES256) and RSA-2048 ( RS256) signatures * Credentials are stored in a dedicated database table with sign-count clone detection #### Supported Authentication Methods * 🖐 Fingerprint sensors (Touch ID, Windows Hello) * 😊 Face recognition (Face ID, Windows Hello face camera) * 🔑 Hardware security keys (YubiKey, Google Titan Key, Feitian) * 🔐 Platform passkey managers (iCloud Keychain, Google Password Manager) #### Features * Full FIDO2 / WebAuthn Level 2 implementation — pure PHP * ECDSA P-256 (ES256) and RSA-2048 (RS256) signature verification * Zero external libraries — only PHP’s built-in `openssl` extension required * Passkey registration and management from the user profile page * Per-credential device naming, creation date, and last-used tracking * Sign-count verification on every authentication (clone detection) * Phishing-resistant: credentials are cryptographically bound to your domain * Admin settings page with live usage statistics * Graceful fallback: the standard password form remains available * Translatable — all strings use `__()` with the `keylesswp` text domain #### Privacy KeylessWP does not collect, transmit, or share any user data. No external services are contacted. Biometric data never leaves the user’s device — only a cryptographic public key is stored on the server. ## Installation 1. Upload the `keylesswp` folder to `/wp-content/plugins/` 2. Activate the plugin via **Plugins Installed Plugins** 3. Go to **Users Your Profile** and click **Register New Passkey** 4. Follow your device’s biometric or security-key prompt 5. Log out and click **Sign in with Passkey** on the login page #### Requirements * PHP 8.0 or higher * PHP `openssl` extension (enabled by default on virtually all hosts) * HTTPS — required by the WebAuthn browser API * WordPress 6.4 or higher ## FAQ ### Does this plugin require any external library or Composer? No. Everything — CBOR decoding, ASN.1/DER key building, ECDSA and RSA verification— is implemented in pure PHP using only the `openssl` extension that ships with PHP. ### Does this work without HTTPS? No. The WebAuthn browser API will refuse to run on non-secure origins. All modern WordPress hosting provides HTTPS. ### Can users still log in with their password? Yes. By default, the standard password form remains visible alongside the passkey button. You can change this under **Settings Keyless Login**. ### What data is stored on the server? Only the credential ID, public key (PEM format), sign count, device name, and timestamps. Biometric data is processed entirely on the user’s device and never transmitted. ### Is this compatible with multisite? Single-site support is the focus of v1.0. Multisite compatibility is planned for v1.1. ### Privacy Policy This plugin does not send any data to external servers. No tracking, no analytics, no third-party services are used. On uninstall, all plugin data is deleted from the database. ## Reviews There are no reviews for this plugin. ## Contributors & Developers “Keyless Login” is open source software. The following people have contributed to this plugin. Contributors * [ susheelhbti ](https://profiles.wordpress.org/susheelhbti/) [Translate “Keyless Login” into your language.](https://translate.wordpress.org/projects/wp-plugins/keyless-login) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/keyless-login/), check out the [SVN repository](https://plugins.svn.wordpress.org/keyless-login/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/keyless-login/) by [RSS](https://plugins.trac.wordpress.org/log/keyless-login/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.0.0 * Initial release * Pure PHP CBOR decoder (RFC 7049) * Pure PHP WebAuthn attestation and assertion verifier * ES256 (ECDSA P-256) and RS256 (RSA-2048) support * Custom DB table with sign-count clone detection * Complete registration and authentication flows * Admin settings page with usage statistics * Full i18n support with `keylesswp` text domain ## Meta * Version **1.0.0** * Last updated **10 hours ago** * Active installations **Fewer than 10** * WordPress version ** 6.4 or higher ** * Tested up to **6.9.4** * PHP version ** 8.0 or higher ** * Tags * [fido2](https://wordpress.org/plugins/tags/fido2/)[passkey](https://wordpress.org/plugins/tags/passkey/) [passwordless](https://wordpress.org/plugins/tags/passwordless/)[security](https://wordpress.org/plugins/tags/security/) [webauthn](https://wordpress.org/plugins/tags/webauthn/) * [Advanced View](https://wordpress.org/plugins/keyless-login/advanced/) ## Ratings No reviews have been submitted yet. [Your review](https://wordpress.org/support/plugin/keyless-login/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/keyless-login/reviews/) ## Contributors * [ susheelhbti ](https://profiles.wordpress.org/susheelhbti/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/keyless-login/)