CS BioLogin – Seamless Biometric Authentication
·
Secure biometric login (WebAuthn / FIDO2 / Passkeys) for WordPress and WooCommerce using Face ID, Touch ID, or fingerprint.
CS BioLogin adds passwordless sign-in to WordPress using the WebAuthn standard (FIDO2 / passkeys). Visitors can authenticate with Face ID, Touch ID, Windows Hello, or a platform fingerprint reader. Biometric templates never leave the user's device; only public key credentials are stored in your WordPress database.
What this plugin does
- Adds a Sign in with Biometrics option on the WordPress login screen (with optional password fallback).
- Lets logged-in users register, rename, update, and remove passkeys from their profile, a front-end shortcode page, or WooCommerce My Account.
- Provides an admin screen for settings, security logs, and per-user device management.
- Applies rate limiting and lockout on authentication attempts.
What this plugin does NOT do
- It does not send user data, credentials, or biometrics to third-party servers. All verification runs on your site over HTTPS.
- It does not store fingerprint or face images—only WebAuthn public keys and device metadata you configure.
How it works
- Administrator enables the plugin under Settings → CS BioLogin and chooses which roles may use biometrics.
- User opens their profile (WordPress admin profile,
[csbisebi_device_manager]page, or WooCommerce My Account → CS BioLogin) and clicks Add Biometric Device. The browser shows the OS passkey/biometric prompt. - Login — On
wp-login.php(or WooCommerce login), the user chooses biometric sign-in. The plugin issues a WebAuthn challenge via the REST API, verifies the signed response, and creates a normal WordPress session.
REST routes live under csbisebi-biometric-login/v1 on your own site (for example /wp-json/csbisebi-biometric-login/v1/auth/options). No external API keys are required.
WooCommerce
When WooCommerce is active, CS BioLogin adds a My Account tab, checkout/account login prompts, and automatic use of the account area instead of a standalone management page.
Requirements
- WordPress 6.2 or later
- PHP 7.4+ with OpenSSL
- HTTPS on production (WebAuthn requires a secure context;
localhostand*.localare allowed for development)
Privacy and data storage
- Biometric samples stay on the user's device.
- The plugin stores passkey public keys, optional device labels, timestamps, and security log entries in your WordPress database.
- Uninstalling the plugin (when data removal is enabled via uninstall) drops the custom credentials table and plugin options.