{"id":315026,"date":"2026-06-18T18:11:52","date_gmt":"2026-06-18T18:11:52","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/cs-biologin-seamless-biometric-authentication\/"},"modified":"2026-06-18T18:27:48","modified_gmt":"2026-06-18T18:27:48","slug":"cs-biologin-seamless-biometric-authentication","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/cs-biologin-seamless-biometric-authentication\/","author":23500825,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.0","stable_tag":"1.0.0","tested":"7.0","requires":"6.2","requires_php":"7.4","requires_plugins":null,"header_name":"CS BioLogin \u2013 Seamless Biometric Authentication","header_author":"Concatstring Solutions","header_description":"Replace passwords with fingerprints, FaceID, and TouchID. Secure your WordPress login using modern WebAuthn standards.","assets_banners_color":"2d3c71","last_updated":"2026-06-18 18:27:48","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/concatstring.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":72,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"concatstring","date":"2026-06-18 18:27:48"}},"upgrade_notice":{"1.0.0":"<p>First WordPress.org release. Use HTTPS in production, configure settings under <strong>Settings \u2192 CS BioLogin<\/strong>, then register a passkey from your profile or WooCommerce account.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3577670,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3577670,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3577670,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3577670,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3577670,"resolution":"1","location":"assets","locale":"","width":1280,"height":800},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3577670,"resolution":"2","location":"assets","locale":"","width":1280,"height":800},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3577670,"resolution":"3","location":"assets","locale":"","width":1280,"height":800},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3577670,"resolution":"4","location":"assets","locale":"","width":1280,"height":800},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3577670,"resolution":"5","location":"assets","locale":"","width":1280,"height":800}},"screenshots":{"1":"Biometric login popup on the WordPress login page.","2":"Device management in WooCommerce My Account.","3":"Registration flow with browser prompt.","4":"Admin settings page with security options.","5":"Security logs showing login events.","6":"Device already registered warning dialog."}},"plugin_section":[],"plugin_tags":[15783,39810,602,600,183349],"plugin_category":[38,54],"plugin_contributors":[266302,247404,141771,171506,266582,267773],"plugin_business_model":[],"class_list":["post-315026","plugin","type-plugin","status-publish","hentry","plugin_tags-biometric","plugin_tags-fingerprint","plugin_tags-login","plugin_tags-security","plugin_tags-webauthn","plugin_category-authentication","plugin_category-security-and-spam-protection","plugin_contributors-concatstring","plugin_contributors-hlakkad1998","plugin_contributors-kakshak","plugin_contributors-shobhit2412","plugin_contributors-sumittejani","plugin_contributors-vrutti22","plugin_committers-concatstring"],"banners":{"banner":"https:\/\/ps.w.org\/cs-biologin-seamless-biometric-authentication\/assets\/banner-772x250.png?rev=3577670","banner_2x":"https:\/\/ps.w.org\/cs-biologin-seamless-biometric-authentication\/assets\/banner-1544x500.png?rev=3577670","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/cs-biologin-seamless-biometric-authentication\/assets\/icon-128x128.png?rev=3577670","icon_2x":"https:\/\/ps.w.org\/cs-biologin-seamless-biometric-authentication\/assets\/icon-256x256.png?rev=3577670","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/cs-biologin-seamless-biometric-authentication\/assets\/screenshot-1.png?rev=3577670","caption":"Biometric login popup on the WordPress login page."},{"src":"https:\/\/ps.w.org\/cs-biologin-seamless-biometric-authentication\/assets\/screenshot-2.png?rev=3577670","caption":"Device management in WooCommerce My Account."},{"src":"https:\/\/ps.w.org\/cs-biologin-seamless-biometric-authentication\/assets\/screenshot-3.png?rev=3577670","caption":"Registration flow with browser prompt."},{"src":"https:\/\/ps.w.org\/cs-biologin-seamless-biometric-authentication\/assets\/screenshot-4.png?rev=3577670","caption":"Admin settings page with security options."},{"src":"https:\/\/ps.w.org\/cs-biologin-seamless-biometric-authentication\/assets\/screenshot-5.png?rev=3577670","caption":"Security logs showing login events."}],"raw_content":"<!--section=description-->\n<p><strong>CS BioLogin<\/strong> adds passwordless sign-in to WordPress using the WebAuthn standard (FIDO2 \/ passkeys). Visitors can authenticate with Face ID, Touch ID, Windows Hello, or a platform fingerprint reader. Biometric templates never leave the user's device; only public key credentials are stored in your WordPress database.<\/p>\n\n<h4>What this plugin does<\/h4>\n\n<ul>\n<li>Adds a <strong>Sign in with Biometrics<\/strong> option on the WordPress login screen (with optional password fallback).<\/li>\n<li>Lets logged-in users <strong>register, rename, update, and remove<\/strong> passkeys from their profile, a front-end shortcode page, or WooCommerce My Account.<\/li>\n<li>Provides an admin screen for <strong>settings, security logs, and per-user device management<\/strong>.<\/li>\n<li>Applies <strong>rate limiting and lockout<\/strong> on authentication attempts.<\/li>\n<\/ul>\n\n<h4>What this plugin does NOT do<\/h4>\n\n<ul>\n<li>It does <strong>not<\/strong> send user data, credentials, or biometrics to third-party servers. All verification runs on your site over HTTPS.<\/li>\n<li>It does <strong>not<\/strong> store fingerprint or face images\u2014only WebAuthn public keys and device metadata you configure.<\/li>\n<\/ul>\n\n<h4>How it works<\/h4>\n\n<ol>\n<li><strong>Administrator<\/strong> enables the plugin under <strong>Settings \u2192 CS BioLogin<\/strong> and chooses which roles may use biometrics.<\/li>\n<li><strong>User<\/strong> opens their profile (WordPress admin profile, <code>[csbisebi_device_manager]<\/code> page, or WooCommerce <strong>My Account \u2192 CS BioLogin<\/strong>) and clicks <strong>Add Biometric Device<\/strong>. The browser shows the OS passkey\/biometric prompt.<\/li>\n<li><strong>Login<\/strong> \u2014 On <code>wp-login.php<\/code> (or WooCommerce login), the user chooses biometric sign-in. The plugin issues a WebAuthn challenge via the REST API, verifies the signed response, and creates a normal WordPress session.<\/li>\n<\/ol>\n\n<p>REST routes live under <code>csbisebi-biometric-login\/v1<\/code> on your own site (for example <code>\/wp-json\/csbisebi-biometric-login\/v1\/auth\/options<\/code>). No external API keys are required.<\/p>\n\n<h4>WooCommerce<\/h4>\n\n<p>When WooCommerce is active, CS BioLogin adds a <strong>My Account<\/strong> tab, checkout\/account login prompts, and automatic use of the account area instead of a standalone management page.<\/p>\n\n<h4>Requirements<\/h4>\n\n<ul>\n<li>WordPress 6.2 or later<\/li>\n<li>PHP 7.4+ with OpenSSL<\/li>\n<li><strong>HTTPS<\/strong> on production (WebAuthn requires a secure context; <code>localhost<\/code> and <code>*.local<\/code> are allowed for development)<\/li>\n<\/ul>\n\n<h4>Privacy and data storage<\/h4>\n\n<ul>\n<li>Biometric samples stay on the user's device.<\/li>\n<li>The plugin stores passkey public keys, optional device labels, timestamps, and security log entries in your WordPress database.<\/li>\n<li>Uninstalling the plugin (when data removal is enabled via uninstall) drops the custom credentials table and plugin options.<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin folder <code>cs-biologin-seamless-biometric-authentication<\/code> to <code>\/wp-content\/plugins\/<\/code> (the zip must contain <code>readme.txt<\/code> and <code>cs-biologin.php<\/code> at the root of that folder\u2014not inside a <code>trunk\/<\/code> subfolder).<\/li>\n<li>Activate <strong>CS BioLogin \u2013 Seamless Biometric Authentication<\/strong> on the <strong>Plugins<\/strong> screen.<\/li>\n<li>Ensure your site uses <strong>HTTPS<\/strong> in production.<\/li>\n<li>Go to <strong>Settings \u2192 CS BioLogin<\/strong> and save your preferences.<\/li>\n<li>Log in as a test user, open <strong>Users \u2192 Profile<\/strong> (or WooCommerce <strong>My Account \u2192 CS BioLogin<\/strong>), and register a passkey before testing front-end login.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20store%20my%20fingerprint%20or%20face%20on%20the%20server%3F\"><h3>Does this store my fingerprint or face on the server?<\/h3><\/dt>\n<dd><p>No. WebAuthn keeps biometrics on the device. The site only stores a public key used to verify future logins.<\/p><\/dd>\n<dt id=\"does%20the%20plugin%20call%20external%20services%3F\"><h3>Does the plugin call external services?<\/h3><\/dt>\n<dd><p>No. Challenges, verification, and credential storage all run on your WordPress installation. JavaScript and CSS are bundled with the plugin (no third-party CDNs).<\/p><\/dd>\n<dt id=\"is%20https%20required%3F\"><h3>Is HTTPS required?<\/h3><\/dt>\n<dd><p>Yes, for production sites. The plugin shows an admin notice if HTTPS is missing (localhost and <code>.local<\/code> hosts are exempt for development).<\/p><\/dd>\n<dt id=\"can%20users%20still%20log%20in%20with%20a%20password%3F\"><h3>Can users still log in with a password?<\/h3><\/dt>\n<dd><p>Yes, when <strong>Allow Password Fallback<\/strong> is enabled in settings.<\/p><\/dd>\n<dt id=\"can%20visitors%20create%20wordpress%20accounts%20through%20the%20plugin%3F\"><h3>Can visitors create WordPress accounts through the plugin?<\/h3><\/dt>\n<dd><p>Only if <strong>Settings \u2192 General \u2192 Membership \u2192 Anyone can register<\/strong> is enabled, or if you explicitly enable <strong>Allow REST account registration when WordPress registration is disabled<\/strong> under <strong>Settings \u2192 CS BioLogin<\/strong>. Account creation is rate-limited and disabled by default otherwise.<\/p><\/dd>\n<dt id=\"is%20woocommerce%20supported%3F\"><h3>Is WooCommerce supported?<\/h3><\/dt>\n<dd><p>Yes. Device management appears under <strong>My Account<\/strong>, and biometric login can appear on WooCommerce login forms when enabled.<\/p><\/dd>\n<dt id=\"which%20browsers%20are%20supported%3F\"><h3>Which browsers are supported?<\/h3><\/dt>\n<dd><p>Recent Chrome, Safari, Edge, and Firefox on desktop and mobile, where the OS provides a platform authenticator or passkey store. Unsupported browsers can hide the login button via settings.<\/p><\/dd>\n<dt id=\"password%20managers%20block%20the%20biometric%20prompt.%20what%20should%20i%20do%3F\"><h3>Password managers block the biometric prompt. What should I do?<\/h3><\/dt>\n<dd><p>Extensions such as 1Password, Bitwarden, or LastPass may intercept passkey prompts. Enable passkey support in the manager or disable autofill for your site so the native OS dialog (Touch ID, Face ID, Windows Hello) can appear.<\/p><\/dd>\n<dt id=\"can%20administrators%20manage%20user%20devices%3F\"><h3>Can administrators manage user devices?<\/h3><\/dt>\n<dd><p>Yes. Use <strong>Settings \u2192 CS BioLogin \u2192 User Management<\/strong> to reset devices, view logs, and register passkeys on behalf of users (with appropriate capability checks).<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release on the WordPress Plugin Directory.<\/li>\n<li>WebAuthn \/ FIDO2 \/ Passkeys registration and authentication (ES256 and RS256).<\/li>\n<li>Passwordless login on the WordPress login screen with optional password fallback.<\/li>\n<li>WooCommerce: My Account endpoint, checkout and account login popups, and device management UI.<\/li>\n<li>Multi-device support with rename, update passkey, remove, and duplicate-device handling.<\/li>\n<li>Admin settings (roles, force biometric, rate limits, lockout, UI options) plus security event logs and user device management.<\/li>\n<li>Passkey setup reminder banner for users without a registered device.<\/li>\n<li>No external services or CDNs; credentials stored locally in the database.<\/li>\n<\/ul>","raw_excerpt":"Secure biometric login (WebAuthn \/ FIDO2 \/ Passkeys) for WordPress and WooCommerce using Face ID, Touch ID, or fingerprint.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/315026","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=315026"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/concatstring"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=315026"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=315026"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=315026"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=315026"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=315026"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=315026"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}