{"id":271395,"date":"2026-01-05T12:28:28","date_gmt":"2026-01-05T12:28:28","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/onecode-login\/"},"modified":"2026-01-05T19:16:05","modified_gmt":"2026-01-05T19:16:05","slug":"onecode-login","status":"publish","type":"plugin","link":"https:\/\/frp.wordpress.org\/plugins\/onecode-login\/","author":13379012,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.0","stable_tag":"trunk","tested":"6.9.4","requires":"5.8","requires_php":"7.4","requires_plugins":null,"header_name":"OneCode Login","header_author":"oaron","header_description":"Passwordless login using email verification codes. Simple, secure, and accessible.","assets_banners_color":"","last_updated":"2026-01-05 19:16:05","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/bitron.hu","rating":5,"author_block_rating":0,"active_installs":10,"downloads":168,"num_ratings":1,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":[],"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":1},"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":{"onecode-login\/login-form":{"name":"onecode-login\/login-form","title":"OneCode Login"}},"tagged_versions":[],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3432992,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3432992,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3432992,"resolution":"3","location":"assets","locale":""}},"screenshots":{"1":"Admin settings page with all configuration options","2":"Email input form for passwordless login","3":"6-digit verification code entry screen"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[710,267,602,9210,9223],"plugin_category":[38,41],"plugin_contributors":[93346],"plugin_business_model":[],"class_list":["post-271395","plugin","type-plugin","status-publish","hentry","plugin_tags-authentication","plugin_tags-email","plugin_tags-login","plugin_tags-otp","plugin_tags-passwordless","plugin_category-authentication","plugin_category-communication","plugin_contributors-oaron","plugin_committers-oaron"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/onecode-login.svg","icon_2x":false,"generated":true},"screenshots":[{"src":"https:\/\/ps.w.org\/onecode-login\/assets\/screenshot-1.png?rev=3432992","caption":"Admin settings page with all configuration options"},{"src":"https:\/\/ps.w.org\/onecode-login\/assets\/screenshot-2.png?rev=3432992","caption":"Email input form for passwordless login"},{"src":"https:\/\/ps.w.org\/onecode-login\/assets\/screenshot-3.png?rev=3432992","caption":"6-digit verification code entry screen"}],"raw_content":"<!--section=description-->\n<p>OneCode Login provides a modern, passwordless authentication experience for your WordPress site. Instead of traditional passwords, users receive a secure 6-digit verification code via email.<\/p>\n\n<h4>Key Features<\/h4>\n\n<ul>\n<li><strong>Passwordless Authentication<\/strong> - Users log in with just their email address<\/li>\n<li><strong>6-Digit Verification Codes<\/strong> - Secure, time-limited codes sent via email<\/li>\n<li><strong>Rate Limiting<\/strong> - Built-in protection against brute force attacks<\/li>\n<li><strong>Request ID Binding<\/strong> - Each code is bound to a specific login session for enhanced security<\/li>\n<li><strong>Neutral Feedback<\/strong> - Prevents user enumeration attacks by not revealing if an email exists<\/li>\n<li><strong>Customizable<\/strong> - Configure expiry times, cooldowns, and email templates<\/li>\n<li><strong>Accessible<\/strong> - Full keyboard navigation and screen reader support<\/li>\n<li><strong>Gutenberg Block<\/strong> - Easy to add login forms to any page<\/li>\n<li><strong>Shortcode Support<\/strong> - Use [onecode_login] anywhere<\/li>\n<li><strong>wp-login.php Integration<\/strong> - Optionally replace the default WordPress login<\/li>\n<\/ul>\n\n<h4>Security Features<\/h4>\n\n<ul>\n<li>Cryptographically secure code generation<\/li>\n<li>Configurable code expiry (default: 10 minutes)<\/li>\n<li>Resend cooldown to prevent spam<\/li>\n<li>IP-based and email-based rate limiting<\/li>\n<li>Automatic lockout after failed attempts<\/li>\n<li>Codes are single-use and invalidated after successful login<\/li>\n<\/ul>\n\n<h4>Use Cases<\/h4>\n\n<ul>\n<li>Membership sites where password fatigue is an issue<\/li>\n<li>Customer portals requiring simple authentication<\/li>\n<li>Internal tools where security without complexity is needed<\/li>\n<li>Any site wanting to improve user experience<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>onecode-login<\/code> folder to <code>\/wp-content\/plugins\/<\/code><\/li>\n<li>Activate the plugin through the Plugins menu in WordPress<\/li>\n<li>Go to Settings &gt; OneCode Login to configure options<\/li>\n<li>Add the login form using the [onecode_login] shortcode or Gutenberg block<\/li>\n<\/ol>\n\n<h4>Shortcode Options<\/h4>\n\n<ul>\n<li><code>redirect_to<\/code> - URL to redirect after successful login<\/li>\n<li><code>button_text<\/code> - Custom text for the send code button<\/li>\n<li><code>verify_text<\/code> - Custom text for the verify button<\/li>\n<\/ul>\n\n<p>Example: <code>[onecode_login redirect_to=\"\/dashboard\" button_text=\"Get Code\"]<\/code><\/p>\n\n<!--section=faq-->\n<dl>\n<dt id='does%20this%20replace%20password%20login%20completely%3F'><h3>Does this replace password login completely?<\/h3><\/dt>\n<dd><p>By default, no. OneCode Login works alongside traditional password login. However, you can enable the \"Replace wp-login.php\" option to use OneCode Login as the primary login method.<\/p><\/dd>\n<dt id='what%20happens%20if%20the%20email%20does%20not%20arrive%3F'><h3>What happens if the email does not arrive?<\/h3><\/dt>\n<dd><p>Users can request a new code after the cooldown period (default: 60 seconds). Check your server email configuration if emails consistently fail to deliver.<\/p><\/dd>\n<dt id='is%20this%20secure%3F'><h3>Is this secure?<\/h3><\/dt>\n<dd><p>Yes. The plugin uses cryptographically secure random number generation, time-limited codes, rate limiting, and request binding to prevent various attack vectors.<\/p><\/dd>\n<dt id='can%20i%20customize%20the%20email%20template%3F'><h3>Can I customize the email template?<\/h3><\/dt>\n<dd><p>Yes. Go to Settings &gt; OneCode Login &gt; Email tab to customize the subject and body of verification emails. You can use placeholders like {code}, {expires}, {site_name}, and {user_email}.<\/p><\/dd>\n<dt id='does%20it%20work%20with%20multisite%3F'><h3>Does it work with multisite?<\/h3><\/dt>\n<dd><p>The plugin is designed for single-site installations. Multisite compatibility may be added in future versions.<\/p><\/dd>\n<dt id='what%20if%20a%20user%20does%20not%20have%20an%20account%3F'><h3>What if a user does not have an account?<\/h3><\/dt>\n<dd><p>The plugin only allows existing users to log in. For security reasons, it does not reveal whether an email address has an account - users always see the same \"check your email\" message.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<li>Passwordless login with 6-digit verification codes<\/li>\n<li>Rate limiting and brute force protection<\/li>\n<li>Customizable email templates<\/li>\n<li>Gutenberg block and shortcode support<\/li>\n<li>wp-login.php integration option<\/li>\n<li>Full accessibility support<\/li>\n<\/ul>","raw_excerpt":"Simple and secure passwordless login using email verification codes. No passwords to remember, just enter your email and verify with a 6-digit code.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/271395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=271395"}],"author":[{"embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/oaron"}],"wp:attachment":[{"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=271395"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=271395"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=271395"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=271395"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=271395"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=271395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}