← Plugins

Authyo Passwordless Login

Authyo Passwordless Login enables secure OTP login for WordPress using email-based one-time passwords. It replaces traditional passwords with a modern passwordless authentication system that improv...

By Konceptwise Digital Media Pvt Ltd

Version 1.0.3 Active Installs 0+ Updated 1 day ago 2 months old
Download

Description

Authyo Passwordless Login enables secure OTP login for WordPress using email-based one-time passwords. It replaces traditional passwords with a modern passwordless authentication system that improves login security and simplifies the user experience.

Users simply enter their email address, receive a one-time password (OTP), verify the code, and are automatically logged in — no passwords required.

This plugin is officially developed and maintained by Konceptwise Digital Media Pvt. Ltd. and uses Authyo’s secure OTP authentication infrastructure.

With Authyo Passwordless Login, WordPress administrators can implement passwordless login, improve account security, and eliminate risks related to password leaks or weak credentials.

Key Features

  • Passwordless login for WordPress using email OTP
  • No passwords stored or required
  • Secure token-based authentication (single-use and time-limited)
  • OTP delivered via Authyo’s secure email service
  • Fallback Method: Optional two-factor authenticator app if email OTP fails
  • Works with the default WordPress login page
  • AJAX-powered login flow (no page reloads)
  • Automatic dashboard redirect after successful login
  • Enable or disable passwordless login anytime
  • Compatible with custom login URL plugins (e.g., WPS Hide Login)

Use Cases

This plugin is ideal for:

  • WordPress sites that want OTP login instead of passwords
  • Improving WordPress login security
  • Enabling passwordless authentication
  • Preventing password brute-force attacks
  • Membership websites and user portals
  • Sites that want a simple two-factor authentication alternative

How It Works

  1. User enters their email address on the WordPress login page
  2. Authyo sends a one-time password (OTP) via email
  3. User verifies the OTP
  4. WordPress logs the user in automatically using a secure single-use token

No password is required during the login process.

About Konceptwise & Authyo

Konceptwise Digital Media Pvt. Ltd. is the parent company and original developer of this plugin.

Authyo is a secure authentication platform developed by Konceptwise that provides OTP-based verification services for websites and applications.

This plugin integrates WordPress with Authyo’s authentication infrastructure to provide secure passwordless login functionality.

Video Tutorial

How to Use Authyo Passwordless Login

External Services

This plugin connects to Authyo’s external API to send and verify one-time passwords (OTP) for passwordless login functionality.

What data is sent:
– User email address (sent to Authyo API when requesting OTP)
– OTP code (sent to Authyo API for verification)
– Mask ID (returned by Authyo API, used for OTP verification)

When data is sent:
– When the user requests an OTP: Email address is sent to Authyo API
– When the user submits an OTP for verification: OTP code and Mask ID are sent to Authyo API

Authentication Flow:
– After successful OTP verification via Authyo API, the plugin generates a secure single-use token using WordPress core functions
– This token is browser-bound using a hashed User-Agent signature to prevent session hijacking
– The token is stored temporarily in WordPress transients and expires after 5 minutes
– The token allows WordPress to complete authentication without requiring a password
– Token is deleted immediately after verification (single-use security)

Purpose:
– To verify ownership of the provided email address through OTP verification
– After successful OTP verification, a secure browser-bound login token is generated
– The token allows WordPress to authenticate users without passwords

Data Storage:
– OTP session data (email, user ID, mask ID) is stored temporarily in WordPress transients (expires after 10 minutes)
– Login tokens are stored temporarily in WordPress transients (expires after 5 minutes and deleted immediately after use)
– No user data is permanently stored by this plugin

Terms of Service:
https://authyo.io/terms-service

Privacy Policy:
https://authyo.io/privacy-policy

Requirements

  • WordPress 5.0 or higher
  • PHP 7.2 or higher
  • An active Authyo account with API credentials

Configuration

Getting Authyo API Credentials

  1. Sign up for an account at https://authyo.io
  2. Log in to your Authyo dashboard
  3. Navigate to your application settings
  4. Copy your App ID, Client ID, and Client Secret

Plugin Setup

  1. Go to Settings Authyo Passwordless Login
  2. Enable Passwordless Login
  3. Enter your Authyo API credentials:
    • Authyo App ID
    • Authyo Client ID
    • Authyo Client Secret
  4. Click Save Settings

Once configured, the passwordless login form will appear on your WordPress login page.

Related plugins

View all alternatives

Plugin comparisons

See how this plugin stacks up against alternatives side by side.