CS BioLogin – Seamless Biometric Authentication
CS BioLogin – Seamless Biometric Authentication
Description
CS BioLogin adds passwordless sign-in to WordPress using the WebAuthn standard (FIDO2 / passkeys). Visitors can authenticate with Face ID, Touch ID, Windows Hello, or a platform fingerprint reader. Biometric templates never leave the user’s device; only public key credentials are stored in your WordPress database.
What this plugin does
- Adds a Sign in with Biometrics option on the WordPress login screen (with optional password fallback).
- Lets logged-in users register, rename, update, and remove passkeys from their profile, a front-end shortcode page, or WooCommerce My Account.
- Provides an admin screen for settings, security logs, and per-user device management.
- Applies rate limiting and lockout on authentication attempts.
What this plugin does NOT do
- It does not send user data, credentials, or biometrics to third-party servers. All verification runs on your site over HTTPS.
- It does not store fingerprint or face images—only WebAuthn public keys and device metadata you configure.
How it works
- Administrator enables the plugin under Settings CS BioLogin and chooses which roles may use biometrics.
- User opens their profile (WordPress admin profile,
[csbisebi_device_manager]page, or WooCommerce My Account CS BioLogin) and clicks Add Biometric Device. The browser shows the OS passkey/biometric prompt. - Login — On
wp-login.php(or WooCommerce login), the user chooses biometric sign-in. The plugin issues a WebAuthn challenge via the REST API, verifies the signed response, and creates a normal WordPress session.
REST routes live under csbisebi-biometric-login/v1 on your own site (for example /wp-json/csbisebi-biometric-login/v1/auth/options). No external API keys are required.
WooCommerce
When WooCommerce is active, CS BioLogin adds a My Account tab, checkout/account login prompts, and automatic use of the account area instead of a standalone management page.
Requirements
- WordPress 6.2 or later
- PHP 7.4+ with OpenSSL
- HTTPS on production (WebAuthn requires a secure context;
localhostand*.localare allowed for development)
Privacy and data storage
- Biometric samples stay on the user’s device.
- The plugin stores passkey public keys, optional device labels, timestamps, and security log entries in your WordPress database.
- Uninstalling the plugin (when data removal is enabled via uninstall) drops the custom credentials table and plugin options.
Installation
- Upload the plugin folder
cs-biologin-seamless-biometric-authenticationto/wp-content/plugins/(the zip must containreadme.txtandcs-biologin.phpat the root of that folder—not inside atrunk/subfolder). - Activate CS BioLogin – Seamless Biometric Authentication on the Plugins screen.
- Ensure your site uses HTTPS in production.
- Go to Settings CS BioLogin and save your preferences.
- Log in as a test user, open Users Profile (or WooCommerce My Account CS BioLogin), and register a passkey before testing front-end login.
Screenshots
Faq
No. WebAuthn keeps biometrics on the device. The site only stores a public key used to verify future logins.
No. Challenges, verification, and credential storage all run on your WordPress installation. JavaScript and CSS are bundled with the plugin (no third-party CDNs).
Yes, for production sites. The plugin shows an admin notice if HTTPS is missing (localhost and .local hosts are exempt for development).
Yes, when Allow Password Fallback is enabled in settings.
Only if Settings General Membership Anyone can register is enabled, or if you explicitly enable Allow REST account registration when WordPress registration is disabled under Settings CS BioLogin. Account creation is rate-limited and disabled by default otherwise.
Yes. Device management appears under My Account, and biometric login can appear on WooCommerce login forms when enabled.
Recent Chrome, Safari, Edge, and Firefox on desktop and mobile, where the OS provides a platform authenticator or passkey store. Unsupported browsers can hide the login button via settings.
Extensions such as 1Password, Bitwarden, or LastPass may intercept passkey prompts. Enable passkey support in the manager or disable autofill for your site so the native OS dialog (Touch ID, Face ID, Windows Hello) can appear.
Yes. Use Settings CS BioLogin User Management to reset devices, view logs, and register passkeys on behalf of users (with appropriate capability checks).
Reviews
Changelog
1.2.1
- Fixed the minor issue where activating the plugin triggered, fatal error.
1.2.0
- Fixed the issue where, the registration working when ZOHO vault is enabled
- Added i18n support in js files for translation
1.0.0
- Initial release on the WordPress Plugin Directory.
- WebAuthn / FIDO2 / Passkeys registration and authentication (ES256 and RS256).
- Passwordless login on the WordPress login screen with optional password fallback.
- WooCommerce: My Account endpoint, checkout and account login popups, and device management UI.
- Multi-device support with rename, update passkey, remove, and duplicate-device handling.
- Admin settings (roles, force biometric, rate limits, lockout, UI options) plus security event logs and user device management.
- Passkey setup reminder banner for users without a registered device.
- No external services or CDNs; credentials stored locally in the database.




