WordPress Passwordless Entry

View on WordPress.org // Source Code on GitHub // Issue Tracker // Wiki


WordPress Passwordless Entry is a plugin which allows users to authenticate into a WordPress installation against an existing account, without knowledge of the password for that account.

This is done by sending a single time authentication code to the email address for that user.

The reason I have developed this plugin is that I manage many WordPress installations, and some are within directories of a domain (meaning multiple sets of user credentials for the same domain, breaking most browser password memory functionalities).

When users forget their passwords, or are using very secure passwords across multiple devices, the easiest way back into their account is to request a password reset, follow the link in their email, set a new password, and then log in using that password. Repeating this process again every time they wish to authenticate.

If, like me, you use secure passwords generated by Safari or Chrome, you’ll never remember them. To shorten this workflow, an email is sent to your account (if an account is found by the specified email) with a link to log in, this link is only valid for one time use, and is only valid for 5 minutes. The code in the URL is generated by WP password generation.

Please note, that for all intents and purposes this does not conform to the specification of multi-factor authentication, as we do not verify the password of the user (this would defeat the point of the plugin), instead for two factor authentication we suggest using WordFence (we’d advise putting this on your site anyway, to protect security and authentication).