WebAuthn is a new way for you to authenticate in web. It helps you replace your passwords with devices like Passkeys, USB Keys, fingerprint scanners, Windows Hello compatible cameras, FaceID/TouchID and more. Using WebAuthn, you can login to your a website with a glance or touch.

When using WebAuthn, you just need to click once and perform a simple verification on the authenticator, then you are logged in. No password needed. If your device supports Passkey, your authenticator can roam seamlessly across multiple devices for a more convenient login experience.

WP-WebAuthn is a plug-in for WordPress to enable WebAuthn on your site. Just download and install it, and you are in the future of web authentication.

WP-WebAuthn also supports usernameless authentication.

This plugin has 4 built-in shortcodes and 4 built-in Gutenberg blocks, so you can add components like register form to frontend pages.

Please refer to the documentation before using the plugin.

PHP extensions gmp and mbstring are required.

WebAuthn requires HTTPS connection or localhost to function normally.

You can contribute to this plugin on GitHub.

Please note that this plugin does NOT support Internet Explorer (including IE 11). To use FaceID or TouchID, you need to use iOS/iPadOS 14+.

Security and Privacy

WebAuthn has become a W3C Recommendation since March 2019, which enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users using hardware authenticators. WebAuthn focuses on both security and privacy, it offers the possibility to create a secure authentication process without having to transfer any private data such as recognition data and fingerprint data. It will be the future of web authentication.

GDPR Friendly

When authenticating with WebAuthn, no private data will leave user’s device and no third-party involvement. The credentials transferred are not associate to any user’s information but only for authentication. It’s GDPR Friendly.


  • Verifying
  • Verifying without username on iPad
  • The login page
  • The settings page
  • Profile


Цей плагін надає 1 блок.

  • WebAuthn Login Form


Notice: PHP extensions gmp and mbstring are required.

  1. Upload the plugin files to the /wp-content/plugins/wp-webauthn directory, or install the plugin through the WordPress plugins screen directly
  2. Activate the plugin through the ‘Plugins’ screen in WordPress
  3. Use the Settings->WP-WebAuthn screen to configure the plugin
  4. Make sure that all settings are set, and you can start to register authenticators in your profile page

Часті питання

What languages does this plugin support?

This plugin supports English, Chinese (Simplified), Traditional Chinese (Hong Kong), Traditional Chinese (Taiwan), Turkish, French & German currently. If you are using WordPress in none of those languages, English will be displayed as default language.

All translation files are hosted on translate.wordpress.org and GitHub. You can help us to translate WP-WebAuthn into other languages!

What should I do if the plugin could not work?

Make sure your are using HTTPS or host your site in localhost. Then check whether you have installed the gmp extension for PHP.

If you can’t solve the problem, open an issue on GitHub with plugin log.

Which browsers support WebAuthn?

The latest version of Chrome, FireFox, Edge and Safari are support WebAuthn. You can learn more on Can I Use.

To use FaceID or TouchID, you need to use iOS/iPadOS 14+.


Simply the best login solution for Wordpress. They are working on adding MagicLink support. With Web-Auth(Passkeys) and as a fallback MagicLink, Passwords are finally gone for good
This plugin will replace many others when U2F is retired from Chrome.
16.12.2021 4 replies
I like how it works, but I only give it 3 stars because of this: When I first registered my keys, it allowed to access with no password and just with the key inserted and a non-biometric touch. No PIN, and no fingerprint was required to access, I guess that it just uses FIDO U2F standard by default. This should never be allowed, at least by default. To solve it, I had to change, in the settings, "user verification". This should be mandatory. According to the owner, this is configured like that because mobile devices do not work with WebAuthn. I'd rather to allow always the possibility of using password + U2F than this option. U2F for passwordless authentication should NEVER be allowed. If it is corrected, I would give 5 stars, because besides this it works fine.
It does what it suppose to do, but simple and to the point. Also, it's open-source under GPL v3.0. Good job! Thanks.
Прочитати всі 11 відгуків

Учасники та розробники

“WP-WebAuthn” — проект з відкритим вихідним кодом. В розвиток плагіну внесли свій вклад наступні учасники:


“WP-WebAuthn” було перекладено на 6 локалізацій. Дякуємо перекладачам за їх роботу.

Перекладіть “WP-WebAuthn” на вашу мову.

Цікавитесь розробкою?

Перегляньте код, перегляньте сховище SVN або підпишіться на журнал розробки за допомогою RSS.

Журнал змін


Update: Translations


Add: Allow to login with email addresses
Add: Disable password reset
Add: After user registration
Add: Spanish-Latam translation (thanks to Eduardo Chongkan), Catalan translation (thanks to Aniol Pagès), Spanish and Italian translations (thanks to AlwaysReading)
Fix: Undefined username in Gutenberg Blocks
Fix: 2FA compatibility
Update: Translations
Update: Third party libraries


Fix: privilege check for admin panel


Add: Now a security warning will be shown if user verification is disabled
Fix: Style broken with some locales
Fix: privilege check for admin panel (thanks to @vanpop)
Update: Third party libraries


Update: Third party libraries


Update: German translation (thanks to niiconn)
Fix: HTTPS check


Add: French translation (thanks to Spomky) and Turkish translate (thanks to Sn0bzy)
Fix: HTTPS check
Update: Existing translations
Update: Third party libraries


Feat: Avoid locking users out if WebAuthn is not available
Update: translations
Update: Third party libraries


Fix: Cannot access to js files in apache 2.4+


Feat: Allow to disable password login completely
Feat: Now we use WordPress transients instead of PHP sessions
Feat: Move register related settings to user’s profile
Feat: Gutenberg block support
Feat: Traditional Chinese (Hong Kong) & Traditional Chinese (Taiwan) translation
Update: Chinese translation
Update: Third-party libraries


Add: Allow to remember login option
Add: Only allow a specific type of authenticator option
Fix: Toggle button may not working in login form
Update: Chinese translation
Update: Third-party libraries