OneCode Login

OneCode Login provides a modern, passwordless authentication experience for your WordPress site. Instead of traditional passwords, users receive a secure 6-digit verification code via email.

Key Features

• Passwordless Authentication – Users log in with just their email address
• 6-Digit Verification Codes – Secure, time-limited codes sent via email
• Rate Limiting – Built-in protection against brute force attacks
• Request ID Binding – Each code is bound to a specific login session for enhanced security
• Neutral Feedback – Prevents user enumeration attacks by not revealing if an email exists
• Customizable – Configure expiry times, cooldowns, and email templates
• Accessible – Full keyboard navigation and screen reader support
• Gutenberg Block – Easy to add login forms to any page
• Shortcode Support – Use [onecode_login] anywhere
• wp-login.php Integration – Optionally replace the default WordPress login

Security Features

• Cryptographically secure code generation
• Configurable code expiry (default: 10 minutes)
• Resend cooldown to prevent spam
• IP-based and email-based rate limiting
• Automatic lockout after failed attempts
• Codes are single-use and invalidated after successful login

Use Cases

• Membership sites where password fatigue is an issue
• Customer portals requiring simple authentication
• Internal tools where security without complexity is needed
• Any site wanting to improve user experience