SQRL can be used to log in to a site in a secure manner without giving away any personal information. This plugin enables that functionallity.
Instead of using a username, email and a password, SQRL uses an app to login to SQRL-aware websites.
When SQRL logs you into a website, your identity is a long code that looks like this: E6Qs2gX7W-Pwi9Y3KAmbkuYjLSWXCtKyBcymWloHAuo.
Your SQRL identity is a different long code for every website you login to, but it is always the same code when you return to a site you visited before. This means that websites never know who you are, but they do know when you return.
You may choose to remain anonymous to a website, such as when you post a response to someone’s blog. SQRL never identifies you by anything other than that long code.
In other cases you will want to be known, like when you use SQRL to login as you at Amazon, Facebook, Netflix, or your bank. In those cases, you would inform Amazon that that particular code is actually you. SQRL lets you do that.
Special thanks to:
@jaredatch (Jared Atchison) for writing a plugin for disabling users that I took inspiration from. (https://github.com/jaredatch/Disable-Users)
- Ensure that your site is using SSL. It’s using a https connection.
- Install the plugin.
- Enable the plugin.
- Verify that your login screen has a login screen similar to the screenshot on the details page.
Contributors & Developers
“SQRL Login” is open source software. The following people have contributed to this plugin.Contributors
- Changed login page design to make it clearer for new users.
- Fixing registration selection page style.
- Multiple changes when introducing a test suite testing all vital paths.
* Added registration page.
* Remove notice due to redirect_to (Thanks to @sanzeeb3)
* Handle issue “Google Crawl causes Exception” (Issue #36)
* White border around QRCode.
* Handle CANcel parameter correctly.
* Remove should disassociate identity from user
* Disable should only disable login with SQRL if not SQRLOnly is supplied.
* Use transient session for all login data.
* Handle case where user registration is not allowed
* Update meta_key values to have prefix.
* Warn users who don’t have SSL enabled.
* Redirect URL setting
* Handle options hardlock and sqrlonly.
* Better session handling
* Added line-break after the last line.
* Handle redirect urls.
* Fix content length.
* Added content length
* Added path length for all return qry
* Visualize enabling, disabling and removing better.
* User association fix.
* Fixing styling issues.
* Correctly check ip address during log in.
* Added functionallity to disable, enable and remove users.
* Improved profile design.
* Handle new strpos function requirements in PHP 7.3
* Handle sub path installations. Eg. https://domain.com/wordpress_path/
* Keep user on the profile page if associating an existing user.
* Didn’t handle empty values correctly when looking for users.
* Handle previous keys
* Reassociate correctly when registration is not allowed.
* Better error handling
* Disallow users to register if not allowed by server.
* Remove dependency to test site.
* Added comments to increase readability.
* Improvements to meet WordPress plugin guidelines.
* Clean up and working towards a usable plugin to login
* Proof of concept