Beschreibung
OneCode Login provides a modern, passwordless authentication experience for your WordPress site. Instead of traditional passwords, users receive a secure 6-digit verification code via email.
Key Features
- Passwordless Authentication – Users log in with just their email address
- 6-Digit Verification Codes – Secure, time-limited codes sent via email
- Rate Limiting – Built-in protection against brute force attacks
- Request ID Binding – Each code is bound to a specific login session for enhanced security
- Neutral Feedback – Prevents user enumeration attacks by not revealing if an email exists
- Customizable – Configure expiry times, cooldowns, and email templates
- Accessible – Full keyboard navigation and screen reader support
- Gutenberg Block – Easy to add login forms to any page
- Shortcode Support – Use [onecode_login] anywhere
- wp-login.php Integration – Optionally replace the default WordPress login
Security Features
- Cryptographically secure code generation
- Configurable code expiry (default: 10 minutes)
- Resend cooldown to prevent spam
- IP-based and email-based rate limiting
- Automatic lockout after failed attempts
- Codes are single-use and invalidated after successful login
Use Cases
- Membership sites where password fatigue is an issue
- Customer portals requiring simple authentication
- Internal tools where security without complexity is needed
- Any site wanting to improve user experience
Screenshots
Admin settings page with all configuration options 
Email input form for passwordless login 
6-digit verification code entry screen
Blöcke
Dieses Plugin bietet 1 Block.
- OneCode Login
Installation
- Upload the
onecode-loginfolder to/wp-content/plugins/ - Activate the plugin through the Plugins menu in WordPress
- Go to Settings > OneCode Login to configure options
- Add the login form using the [onecode_login] shortcode or Gutenberg block
Shortcode Options
redirect_to– URL to redirect after successful loginbutton_text– Custom text for the send code buttonverify_text– Custom text for the verify button
Example: [onecode_login redirect_to="/dashboard" button_text="Get Code"]
FAQ
-
Does this replace password login completely?
-
By default, no. OneCode Login works alongside traditional password login. However, you can enable the „Replace wp-login.php“ option to use OneCode Login as the primary login method.
-
What happens if the email does not arrive?
-
Users can request a new code after the cooldown period (default: 60 seconds). Check your server email configuration if emails consistently fail to deliver.
-
Is this secure?
-
Yes. The plugin uses cryptographically secure random number generation, time-limited codes, rate limiting, and request binding to prevent various attack vectors.
-
Can I customize the email template?
-
Yes. Go to Settings > OneCode Login > Email tab to customize the subject and body of verification emails. You can use placeholders like {code}, {expires}, {site_name}, and {user_email}.
-
Does it work with multisite?
-
The plugin is designed for single-site installations. Multisite compatibility may be added in future versions.
-
What if a user does not have an account?
-
The plugin only allows existing users to log in. For security reasons, it does not reveal whether an email address has an account – users always see the same „check your email“ message.
Rezensionen
Mitwirkende und Entwickler
„OneCode Login“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt:
Mitwirkende
Übersetze „OneCode Login“ in deine Sprache.
Interessiert an der Entwicklung?
Durchstöbere den Code, sieh dir das SVN-Repository an oder abonniere das Entwicklungsprotokoll per RSS.
Änderungsprotokoll
1.0.1
- Small bug fixes
1.0.0
- Initial release
- Passwordless login with 6-digit verification codes
- Rate limiting and brute force protection
- Customizable email templates
- Gutenberg block and shortcode support
- wp-login.php integration option
- Full accessibility support