Title: Keyless Login Author: susheelhbti Published: 2026 年 5 月 20 日 Last modified: 2026 年 5 月 20 日 --- 搜尋外掛 ![](https://s.w.org/plugins/geopattern-icon/keyless-login.svg) # Keyless Login 由 [susheelhbti](https://profiles.wordpress.org/susheelhbti/) 開發 [下載](https://downloads.wordpress.org/plugin/keyless-login.zip) * [詳細資料](https://tw.wordpress.org/plugins/keyless-login/#description) * [使用者評論](https://tw.wordpress.org/plugins/keyless-login/#reviews) * [安裝方式](https://tw.wordpress.org/plugins/keyless-login/#installation) * [開發資訊](https://tw.wordpress.org/plugins/keyless-login/#developers) [技術支援](https://wordpress.org/support/plugin/keyless-login/) ## 外掛說明 **Keyless Login** brings modern, phishing-resistant authentication to your WordPress site. Log in with your fingerprint, face, or a hardware security key — no password ever required or transmitted. Implemented entirely in pure PHP using only the built-in` openssl` extension. No Composer, no vendor folder, no third-party libraries. #### How It Works KeylessWP implements the [W3C WebAuthn Level 2](https://www.w3.org/TR/webauthn-2/) specification from scratch: * A custom CBOR decoder parses authenticator data * Custom ASN.1/DER builders construct public keys * PHP’s built-in `openssl_verify()` verifies ECDSA P-256 (ES256) and RSA-2048 ( RS256) signatures * Credentials are stored in a dedicated database table with sign-count clone detection #### Supported Authentication Methods * 🖐 Fingerprint sensors (Touch ID, Windows Hello) * 😊 Face recognition (Face ID, Windows Hello face camera) * 🔑 Hardware security keys (YubiKey, Google Titan Key, Feitian) * 🔐 Platform passkey managers (iCloud Keychain, Google Password Manager) #### Features * Full FIDO2 / WebAuthn Level 2 implementation — pure PHP * ECDSA P-256 (ES256) and RSA-2048 (RS256) signature verification * Zero external libraries — only PHP’s built-in `openssl` extension required * Passkey registration and management from the user profile page * Per-credential device naming, creation date, and last-used tracking * Sign-count verification on every authentication (clone detection) * Phishing-resistant: credentials are cryptographically bound to your domain * Admin settings page with live usage statistics * Graceful fallback: the standard password form remains available * Translatable — all strings use `__()` with the `keylesswp` text domain #### Privacy KeylessWP does not collect, transmit, or share any user data. No external services are contacted. Biometric data never leaves the user’s device — only a cryptographic public key is stored on the server. ## 安裝方式 1. Upload the `keylesswp` folder to `/wp-content/plugins/` 2. Activate the plugin via **Plugins Installed Plugins** 3. Go to **Users Your Profile** and click **Register New Passkey** 4. Follow your device’s biometric or security-key prompt 5. Log out and click **Sign in with Passkey** on the login page #### Requirements * PHP 8.0 or higher * PHP `openssl` extension (enabled by default on virtually all hosts) * HTTPS — required by the WebAuthn browser API * WordPress 6.4 or higher ## 常見問題集 ### Does this plugin require any external library or Composer? No. Everything — CBOR decoding, ASN.1/DER key building, ECDSA and RSA verification— is implemented in pure PHP using only the `openssl` extension that ships with PHP. ### Does this work without HTTPS? No. The WebAuthn browser API will refuse to run on non-secure origins. All modern WordPress hosting provides HTTPS. ### Can users still log in with their password? Yes. By default, the standard password form remains visible alongside the passkey button. You can change this under **Settings Keyless Login**. ### What data is stored on the server? Only the credential ID, public key (PEM format), sign count, device name, and timestamps. Biometric data is processed entirely on the user’s device and never transmitted. ### Is this compatible with multisite? Single-site support is the focus of v1.0. Multisite compatibility is planned for v1.1. ### Privacy Policy This plugin does not send any data to external servers. No tracking, no analytics, no third-party services are used. On uninstall, all plugin data is deleted from the database. ## 使用者評論 這個外掛目前沒有任何使用者評論。 ## 參與者及開發者 以下人員參與了開源軟體〈Keyless Login〉的開發相關工作。 參與者 * [ susheelhbti ](https://profiles.wordpress.org/susheelhbti/) [將〈Keyless Login〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/keyless-login) ### 對開發相關資訊感興趣? 任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/keyless-login/)、 查看 [SVN 存放庫](https://plugins.svn.wordpress.org/keyless-login/),或透過 [RSS](https://plugins.trac.wordpress.org/log/keyless-login/?limit=100&mode=stop_on_copy&format=rss) 訂閱[開發記錄](https://plugins.trac.wordpress.org/log/keyless-login/)。 ## 變更記錄 #### 1.0.0 * Initial release * Pure PHP CBOR decoder (RFC 7049) * Pure PHP WebAuthn attestation and assertion verifier * ES256 (ECDSA P-256) and RS256 (RSA-2048) support * Custom DB table with sign-count clone detection * Complete registration and authentication flows * Admin settings page with usage statistics * Full i18n support with `keylesswp` text domain ## 中繼資料 * 版本 **1.0.0** * 最後更新 **3 週前** * 啟用安裝數 **少於 10 次** * WordPress 版本需求 ** 6.4 或更新版本 ** * 已測試相容的 WordPress 版本 **6.9.4** * PHP 版本需求 ** 8.0 或更新版本 ** * 語言 * [English (US)](https://wordpress.org/plugins/keyless-login/) * 標籤: * [fido2](https://tw.wordpress.org/plugins/tags/fido2/)[passkey](https://tw.wordpress.org/plugins/tags/passkey/) [passwordless](https://tw.wordpress.org/plugins/tags/passwordless/)[security](https://tw.wordpress.org/plugins/tags/security/) [webauthn](https://tw.wordpress.org/plugins/tags/webauthn/) * [進階檢視](https://tw.wordpress.org/plugins/keyless-login/advanced/) ## 評分 這個項目尚無任何評論記錄。 [Your review](https://wordpress.org/support/plugin/keyless-login/reviews/#new-post) [查看全部使用者評論](https://wordpress.org/support/plugin/keyless-login/reviews/) ## 參與者 * [ susheelhbti ](https://profiles.wordpress.org/susheelhbti/) ## 技術支援 使用者可在技術支援論壇提出意見反應或使用問題。 [檢視技術支援論壇](https://wordpress.org/support/plugin/keyless-login/)