Search Over 18,000 FREE Plugins from the Official WordPress Plugin Directory Repository

WP Plugins

Artisteer - Wordpress Theme Generator
Advanced WordPress Plugin Search  →  Expand 

Autologin Links

WARNING: THIS PLUGIN CAN BE INSECURE IF NOT USED CAUTIOUSLY. Allows selected users to autologin to your WordPress website via autologin links.

This plugin allows admininstators to generate autologin links for their WordPress website, logging in visitors under a certain user name. Administrators can edit (generate and delete) autologin links for users, users can only view their autologin links. Note that This plugin bypasses the standard authentication method of wordpress via login and password and should only be used if you understand the security issues mentioned below and on the plugin website.

Usage

Once this plugin is activated, administrators can generate autologin links on the edit profile administration pages for different users. Users can view their autlogin links on their profile pages. Autologin links are of the form:

http://yourwebsite/[subdirectory/]?autologin_code=ABC123

The login code thereby is 30 tonkens long (randomly generated for security reasons). The example above will bring you to your mainpage. You can also generate create autologin links to specifc pages. For this you change the link and append additional GET requests or specify further subdirectories:

http://yourwebsite/[subdirectory/]?autologin_code=ABC123&p=5

or

http://yourwebsite/[subdirectory/]this_content/?autologin_code=ABC123&x=1&y=2

The plugin will redirect the visitor to the corresponding page after logging in under the username that is linked to ABC123.

Security issues

Since autologin links are meant to be an OPEN way to login to your website and can be viewed by users on their profile, it might be considered an INSECURE plugin for WordPress. I did my best to make it as secure as possible to fit my own needs, but this lead to some design choices which might not sit well with all administrators:

Autologin codes are saved as plain text. This means that anyone who can execute queries on the WordPress database (plugins, administrators, system administrators) can obtain the autologin code for a certain user. I planned an extension of this plugin where login codes are hashed. However, this again has the disadvantage that noone can redisplay a once generated login link.

This is the most severe problem. For a full self-assesment of possible security issues regarding this problem, please visit the plugin website.

Author Paul Konstantin Gerke
Profile
Contributors WPAutoLogin
Tags auto, automatic, link, login
  1. Download autologin.zip
  2. Extract the contents of autologin.zip into /wp-contents/plugins
  3. Activate the plugin through the 'Plugins' menu in WordPress

1.01

  • First published version

1.02

  • Fixed directory name to match conventions on wordpress.org

1.03

  • Quick-fix was too quick, more inline directory strings changes were necessary
Share  
Download
Version 1.03

Requires WordPress version: 3.1 or higher

Compatible up to: 3.1.4

Last Updated 25 Jan 2012

Date Added: 25 Jan 2012

Plugin Homepage

Evaluation
star1
star2
star3
star4
star5

3 stars
2 ratings
650 downloads

Compatibility

Not Enough Data

Reports:
Works: 1
Broken: 0

Popular Searches


Privacy Policy

SearchWPPlugins was created with CodeCharge Studio

Copyright © 2011-2012. All Rights Reserved.