Title: Advanced Passkeys for Secure Login
Author: wppasskey
Published: <strong>11 de Junio de  2026</strong>
Last modified: 8 de Julio de  2026

---

Buscar plugins

![](https://ps.w.org/advanced-passkey-login/assets/banner-772x250.png?rev=3568208)

![](https://ps.w.org/advanced-passkey-login/assets/icon.svg?rev=3568208)

# Advanced Passkeys for Secure Login

 Por [wppasskey](https://profiles.wordpress.org/wppasskey/)

[Descargar](https://downloads.wordpress.org/plugin/advanced-passkey-login.1.1.11.zip)

 * [Detalles](https://cl.wordpress.org/plugins/advanced-passkey-login/#description)
 * [Reseñas](https://cl.wordpress.org/plugins/advanced-passkey-login/#reviews)
 *  [Instalación](https://cl.wordpress.org/plugins/advanced-passkey-login/#installation)
 * [Desarrollo](https://cl.wordpress.org/plugins/advanced-passkey-login/#developers)

 [Soporte](https://wordpress.org/support/plugin/advanced-passkey-login/)

## Descripción

Passwords are the single biggest security liability for your WordPress site. They
get leaked, reused, and exploited by automated brute-force attacks every single 
day. While standard Two-Factor Authentication (2FA) adds a layer of safety, typing
in temporary codes from SMS or authenticator apps introduces annoying workflow friction
that hurts user adoption and slows down your day.

**Advanced Passkeys for Secure Login** brings the future of un-phishable, lightning-
fast authentication directly to WordPress using the official FIDO2 / WebAuthn standard.

Give your users a modern login experience. Users register a secure passkey just 
once using their device’s built-in biometric sensor (Face ID, Touch ID, Windows 
Hello), device PIN, or a hardware security key (like a YubiKey). Future sign-ins
can bypass traditional password fields and reduce credential-theft risk.

### Out-of-the-Box WooCommerce & Membership Integrations

Don’t settle for basic alternatives that only support the default backend login 
page. Advanced Passkeys features intelligent, dependency-aware integration modules
that automatically inject secure passkey entry points into your existing platform
ecosystem. Experience seamless, zero-configuration support for:
 * **WooCommerce**(
Secure checkout & customer account login) * **MemberPress** & **Paid Memberships
Pro (PMPro)** (Frictionless member portal protection) * **LearnDash** (Instant student
sign-in to prevent account sharing) * **Ultimate Member** & **BuddyBoss** (Biometric
profiles for modern communities) * **Gravity Forms** (Protected frontend user-registration
flows)

### Why Smart Site Owners Choose Passkeys

 * **Strong Phishing Resistance:** Passkeys are cryptographically bound to your 
   specific domain name. A fake login page or copycat site cannot reuse a passkey
   issued for your real site.
 * **Reduce Brute-Force Risk:** Passkey login does not rely on a static password
   being typed into the login form, reducing exposure to automated password-guessing
   attacks.
 * **Painless Cross-Device Sync:** Works natively with iCloud Keychain, Google Password
   Manager, and 1Password for reliable, frictionless cross-device access across 
   desktop, mobile, and tablet.

### Features

 * **One-Click Passwordless Authentication:** Adds a native, highly visible “Sign
   in with Passkey” button directly to your core WordPress login screens.
 * **Conditional UI Autofill Support:** Offers optional browser-native passkey autofill
   prompts when a user focuses on the username field for an incredibly polished 
   user experience.
 * **Ecosystem-Aware Gutenberg Blocks & Shortcodes:** Automatically registers matching
   frontend login cards and components specifically tailored to your active third-
   party plugins.
 * **High-Yield Admin Nudge Notices:** Turn on built-in dashboard reminders that
   gently guide eligible users to secure their accounts with a passkey without administrator
   intervention.
 * **Granular Role-Based Security Policies:** Configure exactly which user roles
   are permitted to use biometric authentication (Default: Administrators-only out
   of the box).
 * **Developer-Managed Overrides:** Manage passkey settings in PHP using the centralized`
   advapafo_local_configuration` filter or the `ADVAPAFO_SETTINGS` constant.
 * **Theme Template Customization:** Seamlessly match your active brand by overriding
   the login button template layout via `/advanced-passkeys/login/button.php` inside
   your child theme.
 * **Advanced Analytics Dashboard:** Track credential performance over time with
   a live Authenticator Overview breakdown card and a Last Login audit trail log.
 * **Hardened Brute-Force Rate Limiting:** Enforce strict local connection limits
   to log and block malicious behavior, backed by automated daily cleanup crons 
   to keep your database lean.
 * **Multisite Network Provisioning:** Network-aware architecture instantly partitions
   tables dynamically and inherits security guardrails across newly deployed network
   sites.
 * **Clean Housekeeping Routine:** Implements a strict, responsible uninstall function
   that leaves behind absolutely zero orphaned database tables or leftover configuration
   choices.

### Developer Configuration

Advanced Passkeys supports code-managed configuration for developers, agencies, 
and infrastructure teams that deploy settings through version control. This helps
apply the same passkey policy across many sites without manual option changes.

#### Configuration evaluation priority order

When resolving a configuration key, the plugin respects this strict top-down hierarchy:

 1. Centralized `advapafo_local_configuration` hook filter
 2. Global `ADVAPAFO_SETTINGS` array constant definition
 3. Site-level `advapafo_settings` option array map
 4. Single historical legacy `advapafo_*` options
 5. Core plugin out-of-the-box system defaults

Values resolve individually by index key. Overriding a key like `login_challenge_ttl`
via code leaves your remaining settings completely manageable via the dashboard 
UI or database choices.

#### Example: Enforce HTTPS and restrict passkey enrollment to administrators

Drop this configuration array inside your active theme’s functions file or a custom
functionality plugin:

    ```
    <?php
    add_filter(
        'advapafo_local_configuration',
        static function ( array $configuration ): array {
            return array_replace(
                $configuration,
                array(
                    'enforce_https'  => true,
                    'eligible_roles' => array( 'administrator' ),
                )
            );
        }
    );
    ```

#### Example: Global array constant configuration within wp-config.php

For automated environments that favor infrastructure-level array maps, define this
constant:

    ```
    define(
        'ADVAPAFO_SETTINGS',
        array(
            'conditional_ui_enabled'     => true,
            'login_challenge_ttl'        => 300,
            'registration_challenge_ttl' => 300,
            'max_passkeys_per_user'      => 0,
        )
    );
    ```

## Capturas de pantalla

[⌊The unified site security dashboard panel tracking passkey performance metrics,
active provider charts, and live login logs.⌉⌊The unified site security dashboard
panel tracking passkey performance metrics, active provider charts, and live login
logs.⌉[

The unified site security dashboard panel tracking passkey performance metrics, 
active provider charts, and live login logs.

[⌊The core configuration settings view showing role management selections, biometric
behaviors, and integrated platform switches.⌉⌊The core configuration settings view
showing role management selections, biometric behaviors, and integrated platform
switches.⌉[

The core configuration settings view showing role management selections, biometric
behaviors, and integrated platform switches.

[⌊The advanced developer configuration panel exposing parameters for WebAuthn RP
IDs, token lifetimes, and security connection locks.⌉⌊The advanced developer configuration
panel exposing parameters for WebAuthn RP IDs, token lifetimes, and security connection
locks.⌉[

The advanced developer configuration panel exposing parameters for WebAuthn RP IDs,
token lifetimes, and security connection locks.

[⌊The helper copy dashboard offering copy-ready Gutenberg module paths and complete
shortcode templates for clean site layout assembly.⌉⌊The helper copy dashboard offering
copy-ready Gutenberg module paths and complete shortcode templates for clean site
layout assembly.⌉[

The helper copy dashboard offering copy-ready Gutenberg module paths and complete
shortcode templates for clean site layout assembly.

[⌊The frontend User Profile responsive administration panel where site users manage,
name, and revoke credentials.⌉⌊The frontend User Profile responsive administration
panel where site users manage, name, and revoke credentials.⌉[

The frontend User Profile responsive administration panel where site users manage,
name, and revoke credentials.

[⌊The standard core WordPress login layout showing the passkey sign-in button below
the password form.⌉⌊The standard core WordPress login layout showing the passkey
sign-in button below the password form.⌉[

The standard core WordPress login layout showing the passkey sign-in button below
the password form.

[⌊The returning user login state demonstrating the Last used device indicator pill
for returning passkey users.⌉⌊The returning user login state demonstrating the Last
used device indicator pill for returning passkey users.⌉[

The returning user login state demonstrating the Last used device indicator pill
for returning passkey users.

## Bloques

Este plugin proporciona 4 bloques.

 *   Passkey Login Button
 *   Passkey Register Button
 *   Account Passkeys
 *   Passkey Setup Prompt

## Instalación

#### Automatic installation

 1. In your WordPress dashboard, navigate to **Plugins > Add New**.
 2. Search for **Advanced Passkeys for Secure Login**.
 3. Click **Install Now** and then click **Activate**.
 4. Navigate to **Settings > Advanced Passkeys** to fine-tune your security configuration.

#### Manual installation

 1. Download the plugin ZIP archive file from WordPress.org.
 2. In your dashboard, go to **Plugins > Add New > Upload Plugin** and choose the downloaded
    file.
 3. Click **Activate**.
 4. Navigate to **Settings > Advanced Passkeys** to get started.

#### Quick Start Onboarding Guide

 1. Head to **Settings > Advanced Passkeys** — confirm passkeys are enabled and review
    your allowed user roles.
 2. Navigate directly to **Users > Your Profile** and register your first passkey.
 3. Sign out of your dashboard to confirm the secure **Sign in with Passkey** button
    appears below the password form.
 4. _Pro Tip:_ Register a secondary backup passkey (such as a mobile device or physical
    hardware key) to ensure you have a fallback access path.

#### Local Development & Staging Environments

The official WebAuthn protocol strictly mandates a secure connection context (HTTPS)
in production. To protect your site, the plugin blocks live passkey validation over
unsecured HTTP web connections.

If you are a developer testing locally on a development server environment without
a local SSL certificate installed, you can easily bypass this security restriction
by defining this helper flag inside your local `wp-config.php` file:

    ```
    define( 'ADVAPAFO_ALLOW_HTTP', true ); *(Warning: Never define this configuration constant on a live production environment!)*
    ```

## FAQ

### Does this replace standard WordPress passwords entirely?

No. Passkeys function as a high-security alternative login method. Users retain 
their standard WordPress password as a fallback authentication method if their passkey
device is missing or unavailable.

### Does this plugin require an active SSL Certificate (HTTPS)?

Yes, in live production environments. Secure biometric authentication requires an
encrypted HTTPS context to communicate safely with authenticators. To preview features
locally via standard HTTP, please refer to the local development instructions outlined
in the Installation section.

### Can developers manage passkey policies directly in code?

Yes, seamlessly. Agency teams and developers can manage the plugin’s complete option
array using the centralized `advapafo_local_configuration` filter or the global `
ADVAPAFO_SETTINGS` PHP array constant. Setting your policy in code locks the matching
WordPress admin dashboard control, displaying a clear **Managed via code** status
flag to prevent configuration drift.

### Which major browsers, platforms, and biometric devices are supported?

Any operating system and browser that supports modern WebAuthn standards (supported
by all primary vendors since 2022). This covers Apple Safari, Google Chrome, Mozilla
Firefox, and Microsoft Edge across macOS, iOS, Windows Hello biometrics, Android
fingerprint scanners, and physical FIDO2/U2F keys like YubiKeys.

### Can I restrict passkey creation to specific user roles?

Yes. Navigate to **Settings > Advanced Passkeys > Eligible Roles** to limit access.
The plugin defaults to Administrators only, and you can enable passkey access for
Subscribers, Customers, or custom membership roles as needed.

### Which dynamic shortcodes are packaged with the plugin?

**Global Core Shortcodes:**
 * `[advapafo_login_button]` — Renders the standalone
passkey login button. * `[advapafo_register_button]` — Places a passkey enrollment
trigger on any frontend layout. * `[advapafo_passkey_profile]` — Displays a full
credential management table for logged-in profiles. * `[advapafo_passkey_prompt]`—
Embeds an interactive onboarding registration area.

**Ecosystem Integration Shortcodes:** (Automatically responsive when companion plugins
are active)
 * `[advapafo_woocommerce_login]` * `[advapafo_edd_login]` * `[advapafo_memberpress_login]`*`[
advapafo_ultimate_member_login]` * `[advapafo_learndash_login]` * `[advapafo_buddyboss_login]`*`[
advapafo_gravityforms_login]` * `[advapafo_pmp_login]`

### Which integrated Gutenberg Blocks are available?

When an ecosystem dependency is active on your site, the plugin registers optimized,
native core editor blocks:
 * `advanced-passkey-login/woocommerce-login-card` * `
advanced-passkey-login/edd-login-card` * `advanced-passkey-login/memberpress-login-
card` * `advanced-passkey-login/ultimate-member-login-card` * `advanced-passkey-
login/learndash-login-card` * `advanced-passkey-login/buddyboss-login-card` * `advanced-
passkey-login/gravityforms-login-card` * `advanced-passkey-login/pmp-login-card`

### What system PHP extensions must be active on my server hosting?

The plugin runs on standard, lightweight modern server components requiring the `
openssl`, `mbstring`, and `json` extensions. These packages are pre-compiled and
running out of the box on nearly all managed WordPress web hosts.

### Is the plugin fully WordPress Multisite network compatible?

Yes. Database tables partition dynamically across your network using `$wpdb->prefix`.
Network activation provisions the plugin tables for existing sites and newly created
network sites.

### Can I use a custom Relying Party ID (RP ID) for complex subdomain setups?

Yes. For compatible subdomain setups, declare your root domain within your site’s`
wp-config.php` file:
 define( ‘ADVAPAFO_RP_ID’, ‘yourdomain.com’ );

### Can I override the passkey login button HTML templates in my theme files?

Yes. Copy the plugin’s internal markup template directly into your theme’s active
folder structure:
 /wp-content/themes/your-active-theme/advanced-passkeys/login/
button.php

### What happens to my database data if I delete the plugin?

Deactivating the plugin preserves passkey records and settings. Running the default
WordPress delete routine removes the plugin’s credential, rate-limit, and log tables
alongside matching `advapafo_*` configuration rows.

## Reseñas

No hay reseñas para este plugin.

## Colaboradores & Desarrolladores

“Advanced Passkeys for Secure Login” es software de código abierto. Las siguientes
personas han contribuido a este plugin.

Colaboradores

 *   [ wppasskey ](https://profiles.wordpress.org/wppasskey/)
 *   [ mbuiux ](https://profiles.wordpress.org/mbuiux/)

[Traduce “Advanced Passkeys for Secure Login” a tu idioma.](https://translate.wordpress.org/projects/wp-plugins/advanced-passkey-login)

### ¿Interesado en el desarrollo?

[Revisa el código](https://plugins.trac.wordpress.org/browser/advanced-passkey-login/),
echa un vistazo al [repositorio SVN](https://plugins.svn.wordpress.org/advanced-passkey-login/),
o suscríbete al [registro de desarrollo](https://plugins.trac.wordpress.org/log/advanced-passkey-login/)
por [RSS](https://plugins.trac.wordpress.org/log/advanced-passkey-login/?limit=100&mode=stop_on_copy&format=rss).

## Historial de cambios

#### 1.1.11

 * Improved: username-free passkey sign-in now shows clearer fallback guidance when
   a browser or authenticator does not support discoverable credentials.
 * Improved: passkey sign-in button now uses a refreshed user/key icon.
 * Fixed: admin switch checkbox rendering avoids native checkbox bleed-through in
   custom toggle controls.

#### 1.1.10

 * Added: code-managed local configuration via `advapafo_local_configuration` and`
   ADVAPAFO_SETTINGS`.
 * Added: admin UI indicators and locked controls for settings managed by code.
 * Improved: developer configuration filters now resolve through the centralized
   settings getter for cleaner policy management.
 * Fixed: conditional UI login elements now remain hidden consistently when conditional
   UI is enabled.
 * Improved: authenticator provider reporting resolves legacy credential/log payload
   variants more reliably.
 * Improved: registration errors now show friendlier passkey guidance for browser
   invalid-state failures.

#### 1.1.9

 * Improved: admin footer link styling and rating stars visibility for the settings
   screen.

#### 1.1.8

 * Fixed: passkey revoke reliability across compatibility credential tables.
 * Improved: authenticator provider normalization and typo tolerance for brand labeling.
 * Improved: reporting metadata normalization for authenticator detection.

#### 1.1.7

 * Improved: aligned plugin header author metadata with readme contributors.

#### 1.1.6

 * Improved: include WordPress.org assets directory in release source so banners,
   icon, and screenshots deploy via SVN automation.

#### 1.1.5

 * Improved: sanitize-early handling for transports and credential request inputs.
 * Improved: stricter nonce-gated debug query handling in settings.
 * Improved: output escaping hardening for integration-rendered markup and dynamic
   admin classes.
 * Improved: release and quality workflow validation guardrails (actionlint gate).

#### 1.1.4

 * Added: Dashboard tab with an Authenticator Overview card.
 * Added: Last Login activity card in the Dashboard tab.
 * Improved: nonce and capability enforcement across sensitive request handlers.
 * Improved: release packaging workflow with strict file allowlist validation.
 * Fixed: release automation now publishes real GitHub releases with attached installable
   ZIP.

#### 1.1.2

 * Added: integration manager for popular ecosystem plugins with dependency-aware
   module loading.
 * Added: integration-specific shortcodes and Gutenberg blocks.
 * Added: integration controls in settings with installed/not installed indicators.
 * Added: shortcode quick-start helper and improved shortcode documentation in admin
   UI.
 * Changed: removed legacy shortcode alias registrations and related legacy copy.
 * Changed: refreshed docs and translation template strings for current shortcode
   names.

#### 1.1.1

 * Updated: plugin name and user-facing references to “Advanced Passkeys for Secure
   Login”.
 * Updated: settings/UI copy to use the full plugin name.

#### 1.1.0

 * Added: dismissible “set up your passkey” nudge notice for eligible users.
 * Added: Passkeys column in the admin Users list showing count per user.
 * Added: Scheduled daily cleanup of expired rate-limit rows and old log entries.
 * Added: Challenge timeout setting in Settings > Advanced Passkeys for Secure Login
   > Advanced.
 * Added: Login redirect URL field in settings (fallback after passkey login).
 * Added: `[advapafo_login_button]` and `[advapafo_register_button]` shortcodes.
 * Added: Log retention period setting (days).
 * Improved: `get_challenge_ttl()` now reads from the settings UI.

#### 1.0.0

 * Initial release.

## Meta

 *  Versión **1.1.11**
 *  Última actualización **hace 9 horas**
 *  Instalaciones activas **Menos de 10**
 *  Versión de WordPress ** 6.0 o superior **
 *  Probado hasta **7.0**
 *  Versión de PHP ** 8.0 o superior **
 *  Idioma
 * [English (US)](https://wordpress.org/plugins/advanced-passkey-login/)
 * Etiquetas
 * [login](https://cl.wordpress.org/plugins/tags/login/)[passkeys](https://cl.wordpress.org/plugins/tags/passkeys/)
   [passwordless](https://cl.wordpress.org/plugins/tags/passwordless/)[security](https://cl.wordpress.org/plugins/tags/security/)
   [webauthn](https://cl.wordpress.org/plugins/tags/webauthn/)
 *  [Vista Avanzada](https://cl.wordpress.org/plugins/advanced-passkey-login/advanced/)

## Calificaciones

Aún no se han enviado valoraciones.

[Your review](https://wordpress.org/support/plugin/advanced-passkey-login/reviews/#new-post)

[Ver todas las reseñas](https://wordpress.org/support/plugin/advanced-passkey-login/reviews/)

## Colaboradores

 *   [ wppasskey ](https://profiles.wordpress.org/wppasskey/)
 *   [ mbuiux ](https://profiles.wordpress.org/mbuiux/)

## Soporte

¿Tienes algo que decir? ¿Necesitas ayuda?

 [Ver el foro de soporte](https://wordpress.org/support/plugin/advanced-passkey-login/)