WordPress.org
  • News
  • Showcase
  • Hosting
    • Themes
    • Plugins
    • Patterns
    • Blocks
    • Openverse ↗︎
    • Learn WordPress
    • Documentation
    • Forums
    • Developers
    • WordPress.tv ↗︎
    • Make WordPress
    • Photo Directory
    • Five for the Future
    • Events
    • Job Board ↗︎
    • About WordPress
    • Enterprise
    • Gutenberg ↗︎
    • Swag Store ↗︎
  • Get WordPress
Get WordPress
WordPress.org

Plugin Directory

SQRL Login

  • Submit a plugin
  • My favorites
  • Log in
  • Submit a plugin
  • My favorites
  • Log in

This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

SQRL Login

By kalaspuffar
Download
  • Details
  • Reviews
  • Installation
  • Development
Support

Description

SQRL can be used to log in to a site in a secure manner without giving away any personal information. This plugin enables that functionallity.

Instead of using a username, email and a password, SQRL uses an app to login to SQRL-aware websites.

When SQRL logs you into a website, your identity is a long code that looks like this: E6Qs2gX7W-Pwi9Y3KAmbkuYjLSWXCtKyBcymWloHAuo.

Your SQRL identity is a different long code for every website you login to, but it is always the same code when you return to a site you visited before. This means that websites never know who you are, but they do know when you return.

You may choose to remain anonymous to a website, such as when you post a response to someone’s blog. SQRL never identifies you by anything other than that long code.

In other cases you will want to be known, like when you use SQRL to login as you at Amazon, Facebook, Netflix, or your bank. In those cases, you would inform Amazon that that particular code is actually you. SQRL lets you do that.

Special thanks to:

@davidshimjs (Sangmin, Shim) for writing a great javascript library for QRCode creation. (https://github.com/davidshimjs/qrcodejs)
@jaredatch (Jared Atchison) for writing a plugin for disabling users that I took inspiration from. (https://github.com/jaredatch/Disable-Users)

Screenshots

  • Login screen with enabled SQRL Login
  • Profile screen when no SQRL identity is associated
  • Profile screen with SQRL identity is associated

Installation

  1. Ensure that your site is using SSL. It’s using a https connection.
  2. Install the plugin.
  3. Enable the plugin.
  4. Verify that your login screen has a login screen similar to the screenshot on the details page.

Reviews

Just Works

dudeperson May 13, 2020
No fuss. Activate and you are set. The perfect addition to any WordPress install.

Life is easy now.

funtimecenters December 6, 2019
no more two factor codes. Perfect App, been following GRC for years.

Quick & Reliable

kdmurray November 23, 2019
Quick & Reliable! Does what it says on the tin. Wonderful for needing to access my site on a “hostile” computer that I don’t control. No password required!

Easy, fast and cool. But could use at least a FAQ

xelan54 October 13, 2019
Does what it says it will do and for that you gotta love it — and offer up major props to the author. Thanks! Still, it wasn’t immediately apparent to me that you needed to link WP users with their SQRL identities. I know, I know…but still that’s one of those things that’s only obvious _after_ you realize it. Otherwise, it’s tough on newbies trying SQRL on their first attempt. Nothing that couldn’t be fixed by a FAQ on wordpress.org.

Up and running in seconds!

amoebob July 11, 2019
After activating the plugin and visiting the Users > Your Profile page, I scanned the QR code at the bottom and was good to go. Beautiful work, Daniel!

As the name says: Secure Quick Reliable logins

thisusnotnyrealnamebutsometimeiuseit July 9, 2019
This is possibly the most significant WP plugin to drop on the net. No – it is NOT PERFECT, but for users with concerns about MITM, eavesdropping, and maintaining control of their IDs, as well as site admins that care about maintaining privacy of their users, this is a game-changer. This plugin is a work-in-progress and as such, is undergoing active development and not all features may be yet implemented when you first get this. As a method to uniquely identify a website user while maintaining the users privacy during login, it works. As this is a security plugin, all server environment requirements must be met to ensure proper functionality ty. And as this plugin is still developing, it is ALMOST feature-complete per the sQRL:// protocol. This CANNOT BE OVERSTATED: You MUST download an SQRL app to create an identity BEFORE you can use this plugin for authentication. You MUST write down, print, or export the RECOVERY CODE shown right after create by identity. THERE IS NO ONE WHO CAN HELP YOU TO RECOVER A FORGOTTEN PASSWORD. As a website operator, you MIGHT require user to have an existing account with a verified email address prior to allowing users to login with SQRL. Since this is a TOTALLY DIFFERENT way of loggin-in than most users will be used to – expect a learning curve. But rest assured that once it is understood and properly used, it is friction-free.
Read all 9 reviews

Contributors & Developers

“SQRL Login” is open source software. The following people have contributed to this plugin.

Contributors
  • kalaspuffar

“SQRL Login” has been translated into 6 locales. Thank you to the translators for their contributions.

Translate “SQRL Login” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

Version 2.1.0

  • Changed login page design to make it clearer for new users.
  • Fixing registration selection page style.

Version 2.0.0

  • Multiple changes when introducing a test suite testing all vital paths.

Version 1.2.0

Features
* Added registration page.

Bugfixes
* Remove notice due to redirect_to (Thanks to @sanzeeb3)
* Handle issue “Google Crawl causes Exception” (Issue #36)

Version 1.1.2

Bugfixes
* White border around QRCode.

Version 1.1.1

Bugfixes
* Handle CANcel parameter correctly.
* Remove should disassociate identity from user
* Disable should only disable login with SQRL if not SQRLOnly is supplied.

Version 1.1.0

Improvements
* Use transient session for all login data.
* Handle case where user registration is not allowed

Bugfixes
* Javascript fixes to handle load issues.

Version 1.0.0

Improvements
* Update meta_key values to have prefix.
* Warn users who don’t have SSL enabled.

Version 0.8.0

Features
* Redirect URL setting
* Handle options hardlock and sqrlonly.

Improvements
* Better session handling

Bugfixes
* Added line-break after the last line.

Version 0.7.0

Features
* Handle redirect urls.
* Fix content length.

Version 0.6.4

Improvements
* Added content length
* Added path length for all return qry

Version 0.6.3

Improvements
* Visualize enabling, disabling and removing better.

Version 0.6.2

Bugfixes
* User association fix.

Version 0.6.1

Bugfixes
* Fixing styling issues.

Version 0.6.0

Features
* Using a javascript library to create QRCode
* Correctly check ip address during log in.
* Added functionallity to disable, enable and remove users.

Improvements
* Improved profile design.

Version 0.5.1

Bugfixes
* Handle new strpos function requirements in PHP 7.3

Version 0.5.0

Features
* Handle sub path installations. Eg. https://domain.com/wordpress_path/
* Keep user on the profile page if associating an existing user.

Version 0.4.1

Bugfixes
* Didn’t handle empty values correctly when looking for users.

Version 0.4.0

Features
* Handle previous keys

Bugfixes
* Reassociate correctly when registration is not allowed.

Version 0.3.0

Features
* Better error handling
* Disallow users to register if not allowed by server.

Version 0.2.3

Bugfixes
* Remove dependency to test site.

Version 0.2.2
* Added comments to increase readability.

Version 0.2.0
* Improvements to meet WordPress plugin guidelines.

Version 0.1.0
* Clean up and working towards a usable plugin to login

Version 0.0.1
* Proof of concept

Meta

  • Version 2.1.0
  • Last updated 3 years ago
  • Active installations 100+
  • WordPress version 5.2.2 or higher
  • Tested up to 5.9.10
  • PHP version 7.2 or higher
  • Languages

    English (Australia), English (Canada), English (New Zealand), English (US), Spanish (Chile), Spanish (Spain), and Swedish.

    Translate into your language

  • Tag
    login
  • Advanced View

Ratings

5 out of 5 stars.
  • 9 5-star reviews 5 stars 9
  • 0 4-star reviews 4 stars 0
  • 0 3-star reviews 3 stars 0
  • 0 2-star reviews 2 stars 0
  • 0 1-star reviews 1 star 0

Add my review

See all reviews

Contributors

  • kalaspuffar

Support

Got something to say? Need help?

View support forum

Donate

Would you like to support the advancement of this plugin?

Donate to this plugin

  • About
  • News
  • Hosting
  • Privacy
  • Showcase
  • Themes
  • Plugins
  • Patterns
  • Learn
  • Documentation
  • Developers
  • WordPress.tv ↗
  • Get Involved
  • Events
  • Donate ↗
  • Five for the Future
  • WordPress.com ↗
  • Matt ↗
  • bbPress ↗
  • BuddyPress ↗
WordPress.org
WordPress.org
  • Visit our X (formerly Twitter) account
  • Visit our Bluesky account
  • Visit our Mastodon account
  • Visit our Threads account
  • Visit our Facebook page
  • Visit our Instagram account
  • Visit our LinkedIn account
  • Visit our TikTok account
  • Visit our YouTube channel
  • Visit our Tumblr account
Code is Poetry