=== Passwordless Login ===

Contributors: Corsair
Donate link: http://www.corsairnow.com
Tags: corsair login
Requires at least: 3.9
Tested up to: 5.3.2
Stable tag: 1.0


login form via shortcode: [corsair-login]


== Description ==

[Corsair Login](https://www.corsairnow.com) is a modern way to loggin

This is how it works:

* Instead of asking users for a password when they try to log in to your website, we simply ask them for their username or email
* The plugin creates a temporary authorization token and saves it in a WordPress transient that expires after 10 minutes
* Then we send the user an email with a link and the token
* The user clicks the link and sends the authorization code to your server
* The plugin then checks if the code is valid and creates the log in WordPress cookie, successfully authenticating the user.

You can use the shortcode [corsair-login] in a page or widget.

If you're looking to create front-end user registration and profile forms we recommend [Profile Builder](https://www.cozmoslabs.com/wordpress-profile-builder/). 

NOTE:

Dose not replace the default login functionality in WordPress.


== Installation ==

1. Upload the corsair_login folder to the '/wp-content/plugins/' directory
1. Activate the plugin through the 'Plugins' menu in WordPress
1. Create a new page and use the shortcode available

== Frequently Asked Questions ==

= Is this secure? =

Yes. The token is created using wp_hash and it's based on the user id, the current time and the salt in wp-config.php

= Couldn't anyone login if they have that link? =

The token expires after 10 minutes and can only be used once. If people have access to that link it's supposed they have access to your email, in which case it's as safe as the default login, since they could reset their passwords.

= Isn't it more complicated they just entering a password? =

Weak passwords are used every day by users. There are also people who use the same password across various services and websites. By using the Passwordless Login plugin your users will have one less password to worry about.

= But what if my users don't want to login every time via their email?  =

You can extend the auth cookie expiration to something like 1 month or 3 months (this can be changed by using the wpa_change_link_expiration filter). Also, you can offer Passwordless Login as an alternative login system and enforce stronger passwords on registration using <a href="http://wordpress.org/plugins/profile-builder/">Profile Builder plugin.</a>


== Changelog ==
= 1.1.1 =
1. Added Login and logout menu based on menu locations.
2. Added setting to restict default wp-admin and set up new page for login.
3. Added Login error Url
= 1.0 =
1. Added slider Recaptcha.
2. Added login based on custom user table.
3. Added login based on external Api
4. Added redirection based on user role.
5. Added Logout url based on page selected from the backend.
5. Added login request url.

Initial version. Added a passwordless login form as a shortcode.
= 0.1 =
Initial version. Added a passwordless login form as a shortcode.