{"id":222114,"date":"2025-03-26T18:31:33","date_gmt":"2025-03-26T18:31:33","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/secure-passkeys\/"},"modified":"2026-01-30T19:50:20","modified_gmt":"2026-01-30T19:50:20","slug":"secure-passkeys","status":"publish","type":"plugin","link":"https:\/\/pcd.wordpress.org\/plugins\/secure-passkeys\/","author":18261195,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.2.4","stable_tag":"1.2.4","tested":"6.9.4","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"Secure Passkeys","header_author":"Mohamed Endisha","header_description":"Secure Passkeys is a powerful WordPress plugin that enables passwordless authentication using WebAuthn technology.","assets_banners_color":"eaf9f8","last_updated":"2026-01-30 19:50:20","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/endisha.ly\/","header_author_uri":"https:\/\/endisha.ly","rating":4.8,"author_block_rating":0,"active_installs":1000,"downloads":5520,"num_ratings":18,"support_threads":3,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"endisha","date":"2025-03-26 18:55:05"},"1.1.0":{"tag":"1.1.0","author":"endisha","date":"2025-08-04 11:13:32"},"1.2.0":{"tag":"1.2.0","author":"endisha","date":"2025-08-10 11:40:13"},"1.2.1":{"tag":"1.2.1","author":"endisha","date":"2025-08-21 16:04:28"},"1.2.2":{"tag":"1.2.2","author":"endisha","date":"2025-09-17 14:22:38"},"1.2.3":{"tag":"1.2.3","author":"endisha","date":"2025-12-03 20:36:38"},"1.2.4":{"tag":"1.2.4","author":"endisha","date":"2026-01-30 19:50:20"}},"upgrade_notice":{"1.0.0":"<p>This is the initial release of the Secure Passkeys plugin.<\/p>"},"ratings":{"1":1,"2":0,"3":0,"4":0,"5":17},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3262385,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3262385,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3262385,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3262385,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.1.0","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3262385,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3262385,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3262385,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3342239,"resolution":"4","location":"assets","locale":""},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3342239,"resolution":"5","location":"assets","locale":""},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3342239,"resolution":"6","location":"assets","locale":""},"screenshot-7.png":{"filename":"screenshot-7.png","revision":3262385,"resolution":"7","location":"assets","locale":""},"screenshot-8.png":{"filename":"screenshot-8.png","revision":3262385,"resolution":"8","location":"assets","locale":""},"screenshot-9.png":{"filename":"screenshot-9.png","revision":3262385,"resolution":"9","location":"assets","locale":""}},"screenshots":{"1":"Overview","2":"Passkeys","3":"Activity Log","4":"General Settings","5":"Display Settings","6":"Advanced Settings","7":"Admin Edit Profile and User Page","8":"Admin Add New Passkey","9":"Login"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[602,222353,9223,125,183349],"plugin_category":[38,54],"plugin_contributors":[197510],"plugin_business_model":[],"class_list":["post-222114","plugin","type-plugin","status-publish","hentry","plugin_tags-login","plugin_tags-passkeys","plugin_tags-passwordless","plugin_tags-secure","plugin_tags-webauthn","plugin_category-authentication","plugin_category-security-and-spam-protection","plugin_contributors-endisha","plugin_committers-endisha"],"banners":{"banner":"https:\/\/ps.w.org\/secure-passkeys\/assets\/banner-772x250.png?rev=3262385","banner_2x":"https:\/\/ps.w.org\/secure-passkeys\/assets\/banner-1544x500.png?rev=3262385","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/secure-passkeys\/assets\/icon-128x128.png?rev=3262385","icon_2x":"https:\/\/ps.w.org\/secure-passkeys\/assets\/icon-256x256.png?rev=3262385","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/secure-passkeys\/assets\/screenshot-1.png?rev=3262385","caption":"Overview"},{"src":"https:\/\/ps.w.org\/secure-passkeys\/assets\/screenshot-2.png?rev=3262385","caption":"Passkeys"},{"src":"https:\/\/ps.w.org\/secure-passkeys\/assets\/screenshot-3.png?rev=3262385","caption":"Activity Log"},{"src":"https:\/\/ps.w.org\/secure-passkeys\/assets\/screenshot-4.png?rev=3342239","caption":"General Settings"},{"src":"https:\/\/ps.w.org\/secure-passkeys\/assets\/screenshot-5.png?rev=3342239","caption":"Display Settings"},{"src":"https:\/\/ps.w.org\/secure-passkeys\/assets\/screenshot-6.png?rev=3342239","caption":"Advanced Settings"},{"src":"https:\/\/ps.w.org\/secure-passkeys\/assets\/screenshot-7.png?rev=3262385","caption":"Admin Edit Profile and User Page"},{"src":"https:\/\/ps.w.org\/secure-passkeys\/assets\/screenshot-8.png?rev=3262385","caption":"Admin Add New Passkey"},{"src":"https:\/\/ps.w.org\/secure-passkeys\/assets\/screenshot-9.png?rev=3262385","caption":"Login"}],"raw_content":"<!--section=description-->\n<p>Secure Passkeys is a powerful WordPress plugin that enables seamless passwordless authentication using WebAuthn technology. By eliminating the need for traditional passwords, it enhances security and improves the user login experience. With support for biometric authentication, security keys, and device-bound credentials, Secure Passkey provides a robust and user-friendly solution for modern authentication.<\/p>\n\n<p>Unlike traditional password-based authentication, Secure Passkey leverages cryptographic key pairs to ensure secure logins. The private key remains securely stored on the user\u2019s device, while the public key is registered with the WordPress site. This method protects against phishing attacks and password breaches, ensuring that only authorized users can gain access.<\/p>\n\n<p>Secure Passkeys integrates effortlessly into WordPress, allowing users to register and manage their passkeys from their profile settings. Once registered, users can log in using their fingerprint, face recognition, or a hardware security key without the need to remember or enter a password.<\/p>\n\n<h3>Features<\/h3>\n\n<ul>\n<li><strong>Passwordless Login:<\/strong> Secure authentication via WebAuthn with biometric devices, security keys, Touch ID, Face ID, and more.<\/li>\n<li><strong>Enhanced User Experience:<\/strong>  Password-free login for a smoother user journey.<\/li>\n<li><strong>Integration Support:<\/strong>\n\n<ul>\n<li>WordPress default login form<\/li>\n<li>WooCommerce login page<\/li>\n<li>MemberPress login form<\/li>\n<li>Easy Digital Downloads login form<\/li>\n<li>Ultimate Member login form<\/li>\n<\/ul><\/li>\n<li><strong>Admin Management:<\/strong>  Administrators can delete, activate, or deactivate users directly from plugin settings or user profiles.<\/li>\n<li><strong>Passkeys Reminder Notice:<\/strong>  New option to enable or disable the passkeys reminder notice in the WordPress admin area for users who have not yet enabled passkeys.<\/li>\n<li><strong>Activity Logging:<\/strong>  Monitor activity logs and track last login\/registration of passkeys.<\/li>\n<li><strong>Multiple Passkeys:<\/strong> Supports multiple passkey registrations per user, with the option to set a registration limit or allow unlimited registrations.<\/li>\n<li><strong>Role Restrictions:<\/strong> Restrict and exclude specific user roles from using passkey authentication.<\/li>\n<li><strong>Customizable Settings:<\/strong>  Adjust timeout settings for passkey registration and login.<\/li>\n<li><strong>User Verification:<\/strong> Enforce user verification for enhanced security.<\/li>\n<li><strong>Frontend Customization:<\/strong> Easily customize frontend themes or add your own with basic frontend skills.<\/li>\n<li><strong>Theme Support:<\/strong> Supports pre-built themes like YOOtheme (UIkit) for frontend shortcodes.<\/li>\n<li><strong>Shortcodes:<\/strong> Embed passkey login and registration forms on custom frontend pages.<\/li>\n<li><strong>Passkey Display:<\/strong> Show passkey details in admin user lists and profiles.<\/li>\n<li><strong>Multisite:<\/strong> Supports WordPress Multisite and single-site installations.<\/li>\n<li><strong>Database Optimization:<\/strong>  Option to allow or disallow automatic deletion of old challenge records and activity logs (configurable schedule).<\/li>\n<\/ul>\n\n<h4>Requirements<\/h4>\n\n<ul>\n<li>WordPress 6.0 or newer.<\/li>\n<li>PHP version 7.4 or newer.<\/li>\n<\/ul>\n\n<h3>License<\/h3>\n\n<p>Secure Passkeys is licensed under the GNU General Public License v2 or later.<\/p>\n\n<!--section=installation-->\n<h4>Minimum Requirements<\/h4>\n\n<ul>\n<li>PHP 7.4 or greater is recommended<\/li>\n<li>MySQL 5.6 or greater is recommended<\/li>\n<\/ul>\n\n<h4>Automatic installation<\/h4>\n\n<p>Automatic installation is the easiest option \u2014 WordPress will handles the file transfer, and you won\u2019t need to leave your web browser. To do an automatic install of Secure Passkeys, log in to your WordPress dashboard, navigate to the Plugins menu, and click \u201cAdd New.\u201d<\/p>\n\n<p>In the search field type \u201cSecure Passkeys\u201d then click \u201cSearch Plugins.\u201d Once you\u2019ve found us,  you can view details about it such as the point release, rating, and description. Most importantly of course, you can install it by! Click \u201cInstall Now,\u201d and WordPress will take it from there.<\/p>\n\n<h4>Manual installation<\/h4>\n\n<p>Manual installation method requires downloading the Secure Passkeys plugin and uploading it to your web server via your favorite FTP application. The WordPress codex contains <a href=\"https:\/\/wordpress.org\/support\/article\/managing-plugins\/#manual-plugin-installation\">instructions on how to do this here<\/a>.<\/p>\n\n<!--section=faq-->\n<dl>\n<dt id=\"how%20do%20i%20enable%20and%20configure%20the%20secure%20passkeys%3F\"><h3>How do I enable and configure the Secure Passkeys?<\/h3><\/dt>\n<dd><p>After activating the plugin, a \"Secure Passkeys\" menu item will appear in your WordPress admin dashboard's sidebar.<\/p><\/dd>\n<dt id=\"how%20can%20i%20add%20a%20new%20theme%20for%20frontend%20shortcodes%3F\"><h3>How can I add a new theme for frontend shortcodes?<\/h3><\/dt>\n<dd><p>You can add a custom theme for frontend shortcodes using the <code>secure_passkeys_themes<\/code> and <code>secure_passkeys_themes_paths<\/code> filters.<\/p>\n\n<p><strong>Register the Theme:<\/strong> Use the <code>secure_passkeys_themes<\/code> filter to register your new theme and make it available in the plugin settings.<\/p>\n\n<pre><code>&lt;?php\n\nadd_filter('secure_passkeys_themes', function ($themes)\n{\n    $themes['new_theme'] = 'New Theme';\n    return $themes;\n}, 10, 1);\n<\/code><\/pre>\n\n<p><strong>Specify the Theme Path:<\/strong> Use the <code>secure_passkeys_themes_paths<\/code> filter to define the file path to your custom theme's directory.<\/p>\n\n<pre><code>&lt;?php\n\nadd_filter('secure_passkeys_themes_paths', function ($themes)\n{\n    $themes['new_theme'] = 'your\/path\/new\/theme\/folder';\n    return $themes;\n}, 10, 1);\n<\/code><\/pre>\n\n<p><strong>Override Template Files:<\/strong>  Copy the template files you wish to customize from <code>secure-passkeys\/src\/views\/frontend\/default\/<\/code> to your custom theme's folder (your\/path\/to\/new\/theme\/folder).  Any files not copied to your custom theme folder will be loaded from the plugin's default theme, providing a fallback mechanism.  This allows you to customize only the files you need to change.<\/p><\/dd>\n<dt id=\"how%20can%20i%20redirect%20users%20to%20a%20custom%20page%20after%20they%20log%20in%20using%20a%20passkey%3F\"><h3>How can I redirect users to a custom page after they log in using a passkey?<\/h3><\/dt>\n<dd><p>Yes, you can redirect users after a passkey login by using the <code>secure_passkeys_login_redirect_url<\/code> filter. You can add the following code snippets to your theme's <code>functions.php<\/code> file.<\/p>\n\n<p><strong>Example \u2013 Redirect to a Specific URL:<\/strong><\/p>\n\n<p>This example redirects all users to a specific URL after they log in.<\/p>\n\n<pre><code>&lt;?php\n\nadd_filter('secure_passkeys_login_redirect_url', function ($redirect_to) {\n    \/\/ Redirect users to a custom URL after logging in with a passkey\n    return 'https:\/\/your-domain.com\/your-custom-path';\n});\n<\/code><\/pre>\n\n<p><strong>Example \u2013 Redirect Based on User Role:<\/strong><\/p>\n\n<p>This example redirects users based on their assigned role.<\/p>\n\n<pre><code>&lt;?php\n\nadd_filter('secure_passkeys_login_redirect_url', function ($redirect_to) {\n    $user = wp_get_current_user();\n\n    \/\/ Redirect administrators to the WP admin dashboard\n    if (in_array('administrator', $user-&gt;roles)) {\n        return admin_url();\n    }\n\n    \/\/ Redirect subscribers to a custom dashboard page\n    if (in_array('subscriber', $user-&gt;roles)) {\n        return home_url('\/dashboard');\n    }\n\n    \/\/ Default fallback URL\n    return $redirect_to;\n});\n<\/code><\/pre><\/dd>\n<dt id=\"are%20there%20other%20filters%20and%20actions%3F\"><h3>Are there other filters and actions?<\/h3><\/dt>\n<dd><p>Yes! The plugin offers a variety of filters and actions that allow developers to customize and extend its functionality. If you're a developer, we encourage you to explore these hooks and tailor the plugin to meet your specific needs.<\/p>\n\n<p>For a complete list of available hooks and examples, refer to the plugin\u2019s codebase.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.2.4 2026-01-30<\/h4>\n\n<ul>\n<li>Add - Added support for <code>Heimlane Vault<\/code> authenticator with its AAGUID.<\/li>\n<li>Fix - Resolved compatibility issues where 2FA plugins would block passkey login.<\/li>\n<\/ul>\n\n<h4>1.2.3 2025-12-03<\/h4>\n\n<ul>\n<li>Add - Added support for <code>AliasVault<\/code> authenticator with its AAGUID.<\/li>\n<li>Tweak - Updated <code>iCloud Keychain<\/code> entry to <code>Apple Passwords<\/code> with new icon.<\/li>\n<\/ul>\n\n<h4>1.2.2 2025-09-17<\/h4>\n\n<ul>\n<li>Security - Enhanced permission checks for administrative functions to prevent potential unauthorized access.<\/li>\n<li>Add - Added support for <code>initial<\/code> authenticator with its AAGUID.<\/li>\n<li>Fix - Resolved multiple PHP notices by correcting the improper use of <code>wpdb::prepare()<\/code> on static database queries.<\/li>\n<li>Tweak - Corrected a typo in the plugin description for proper grammar.<\/li>\n<\/ul>\n\n<h4>1.2.1 2025-08-21<\/h4>\n\n<ul>\n<li>Add - Updated Microsoft Password Manager AAGUID icon.<\/li>\n<li>Add - Added Chromium Browser AAGUID icon (previously had no icon).<\/li>\n<li>Fix - Fixed \u201cYou are not authorized to make this request\u201d error caused by missing or empty <code>HTTP_REFERER<\/code>.<\/li>\n<\/ul>\n\n<h4>1.2.0 2025-08-10<\/h4>\n\n<ul>\n<li>Add - Added option to enable\/disable passkeys reminder notice in WordPress admin for users without passkeys enabled.<\/li>\n<li>Add - Added support for Microsoft Password Manager authenticator with its AAGUID.<\/li>\n<li>Tweak - Changed excluded roles selection from multiple select dropdown to individual checkboxes for better usability.<\/li>\n<li>Fix - Improved autoloader class file path handling for better compatibility across different operating systems and environments.<\/li>\n<\/ul>\n\n<h4>1.1.0 2025-08-04<\/h4>\n\n<ul>\n<li>Add - Added support for the Ultimate Member plugin.<\/li>\n<li>Add - Added an option to automatically generate security key name for new passkeys, so users are no longer required to enter one manually.<\/li>\n<li>Add - Added an option to disable the logging of user activity.<\/li>\n<li>Tweak - Added <code>extra_wrapper_classes<\/code> and <code>extra_button_classes<\/code> attributes to the <code>[secure_passkeys_login_form]<\/code> shortcode for easier CSS customization.<\/li>\n<li>Fix - Corrected an issue where the <code>used_at<\/code> timestamp for a challenge was not being updated correctly in the database.<\/li>\n<li>Fix - Removed the <code>Accept-Encoding<\/code> header from the fingerprint calculation to prevent potential validation errors.<\/li>\n<li>Fix - Improved localization by removing HTML from translatable strings, ensuring they can be translated properly.<\/li>\n<li>Fix - Resolved a PHP warning on the \"Activity Log\" caused by an attempt to process a non-existent <code>is_active<\/code> property on log records.<\/li>\n<\/ul>\n\n<h4>1.0.0 2025-03-05<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<\/ul>","raw_excerpt":"Secure Passkeys is a powerful WordPress plugin that enables passwordless authentication using WebAuthn technology.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/222114","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=222114"}],"author":[{"embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/endisha"}],"wp:attachment":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=222114"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=222114"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=222114"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=222114"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=222114"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=222114"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}