WP-Safety

Multidots Passkey Login – Passwordless Login for WordPress Security & Risk Analysis

wordpress.org/plugins/multidots-passkey-login

Passwordless login for WordPress with Passkeys. Enable Touch ID, Face ID, and security keys for seamless, phishing-resistant authentication.

0 active installs v1.1 PHP 8.1+ WP 6.0+ Updated Dec 3, 2025
authenticationbiometric-loginloginpasskeypasswordless
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Multidots Passkey Login – Passwordless Login for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

Multidots Passkey Login – Passwordless Login for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The multidots-passkey-login plugin v1.1 demonstrates a generally strong security posture, with excellent adherence to secure coding practices. The complete absence of dangerous functions, all SQL queries utilizing prepared statements, and a near-perfect rate of output escaping are significant strengths. Furthermore, the plugin has no recorded vulnerability history, indicating a well-maintained and secure codebase. The presence of numerous nonce and capability checks further bolsters its defenses against common WordPress attacks.

However, a notable concern is the presence of one REST API route without permission callbacks. While the overall attack surface is moderate, this single unprotected entry point could potentially be exploited if it handles sensitive data or allows for unauthorized actions. The static analysis did not reveal any critical or high severity taint flows, which is a positive sign, but the lack of taint analysis flows analyzed (0) means this aspect of security is not fully validated. The absence of bundled libraries is also a positive, reducing the risk of using outdated components.

In conclusion, the plugin is commendably secure with robust coding practices. The primary area for improvement and the sole deduction stems from the single unprotected REST API route. While the risk is currently low due to the absence of known vulnerabilities and taint issues, it represents a potential point of failure that should be addressed to maintain its high security standard.

Key Concerns

  • REST API route without permission callbacks
Vulnerabilities
None known

Multidots Passkey Login – Passwordless Login for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Multidots Passkey Login – Passwordless Login for WordPress Release Timeline

v1.1Current
v1.0
Code Analysis
Analyzed Apr 16, 2026

Multidots Passkey Login – Passwordless Login for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
17 prepared
Unescaped Output
1
190 escaped
Nonce Checks
12
Capability Checks
7
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared17 total queries

Output Escaping

99% escaped191 total outputs
Attack Surface
1 unprotected

Multidots Passkey Login – Passwordless Login for WordPress Attack Surface

Entry Points18
Unprotected1

AJAX Handlers 9

authwp_ajax_mdlogin_passkey_get_user_credentialsadmin/class-mdlogin-passkey-admin.php:67
authwp_ajax_mdlogin_passkey_delete_credentialadmin/class-mdlogin-passkey-admin.php:68
authwp_ajax_mdlogin_passkey_delete_all_credentialsadmin/class-mdlogin-passkey-admin.php:69
authwp_ajax_mdlogin_get_nonceincludes/class-mdlogin-passkey-loader.php:63
noprivwp_ajax_mdlogin_get_nonceincludes/class-mdlogin-passkey-loader.php:64
authwp_ajax_mdlogin_passkey_profile_registerincludes/class-mdlogin-passkey-profile.php:62
authwp_ajax_mdlogin_passkey_profile_verifyincludes/class-mdlogin-passkey-profile.php:63
authwp_ajax_mdlogin_passkey_profile_deleteincludes/class-mdlogin-passkey-profile.php:64
authwp_ajax_mdlogin_passkey_profile_get_credentialsincludes/class-mdlogin-passkey-profile.php:65

REST API Routes 7

POST/wp-json/mdlogin/v1/start-registrationincludes/class-mdlogin-passkey-api.php:313
POST/wp-json/mdlogin/v1/verify-registrationincludes/class-mdlogin-passkey-api.php:330
POST/wp-json/mdlogin/v1/start-loginincludes/class-mdlogin-passkey-api.php:338
POST/wp-json/mdlogin/v1/verify-loginincludes/class-mdlogin-passkey-api.php:346
GET/wp-json/mdlogin/v1/user-credentialsincludes/class-mdlogin-passkey-api.php:354
GET/wp-json/mdlogin/v1/current-userincludes/class-mdlogin-passkey-api.php:368
POST/wp-json/mdlogin/v1/delete-credentialincludes/class-mdlogin-passkey-api.php:376

Shortcodes 2

[mdlogin_passkey_login] includes/class-mdlogin-passkey-shortcodes.php:54
[mdlogin_passkey_register] includes/class-mdlogin-passkey-shortcodes.php:55
WordPress Hooks 20
actionadmin_menuadmin/class-mdlogin-passkey-admin.php:54
actionadmin_enqueue_scriptsadmin/class-mdlogin-passkey-admin.php:57
actionadmin_enqueue_scriptsadmin/class-mdlogin-passkey-admin.php:58
actionadmin_initadmin/class-mdlogin-passkey-admin.php:61
actionadmin_noticesadmin/class-mdlogin-passkey-users-list-table.php:158
actionrest_api_initincludes/class-mdlogin-passkey-api.php:305
actionlogin_enqueue_scriptsincludes/class-mdlogin-passkey-loader.php:54
actionlogin_formincludes/class-mdlogin-passkey-loader.php:57
actionlogin_formincludes/class-mdlogin-passkey-loader.php:60
actionmdlogin_passkey_cleanupincludes/class-mdlogin-passkey-loader.php:67
actionshow_user_profileincludes/class-mdlogin-passkey-profile.php:55
actionedit_user_profileincludes/class-mdlogin-passkey-profile.php:56
actionadmin_enqueue_scriptsincludes/class-mdlogin-passkey-profile.php:59
actionwp_enqueue_scriptsincludes/class-mdlogin-passkey-shortcodes.php:58
actionplugins_loadedmultidots-passkey-login.php:72
actioninitmultidots-passkey-login.php:75
actionadmin_noticesmultidots-passkey-login.php:90
actionadmin_noticesmultidots-passkey-login.php:223
actionadmin_noticesmultidots-passkey-login.php:229
actionadmin_noticesmultidots-passkey-login.php:235

Scheduled Events 1

mdlogin_passkey_cleanup
Maintenance & Trust

Multidots Passkey Login – Passwordless Login for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedDec 3, 2025
PHP min version8.1
Downloads437

Community Trust

Rating60/100
Number of ratings2
Active installs0
Alternatives

Multidots Passkey Login – Passwordless Login for WordPress Alternatives

Beyond Identity Passwordless

Beyond Identity Passwordless

beyond-identity-passwordless

A
85

A passwordless solution that allows users and admins to log into a WordPress website using passkeys with Beyond Identity.

0 No CVEs
Secure Passkeys

Secure Passkeys

secure-passkeys

A
99

Secure Passkeys is a powerful WordPress plugin that enables passwordless authentication using WebAuthn technology.

1K 1 CVE
Biometric Authentication

Biometric Authentication

biometric-authentication

A
85

Passkeys are a safer and easier alternative to passwords. Simply use your fingerprint or face ID to log in with ease.

100 No CVEs
Keyless Auth – Login without Passwords

Keyless Auth – Login without Passwords

keyless-auth

A
100

Secure, passwordless authentication for WordPress. Your users login via magic email links – no passwords to remember or forget.

30 No CVEs
Bye Bye Passwords

Bye Bye Passwords

bye-bye-passwords

A
100

Enable passwordless authentication for WordPress using WebAuthn/Passkeys. More secure, more convenient.

20 No CVEs
Developer Profile

Multidots Passkey Login – Passwordless Login for WordPress Developer Profile

MULTIDOTS Inc

9 plugins · 220 total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Multidots Passkey Login – Passwordless Login for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/multidots-passkey-login/assets/css/mdlogin-passkey-frontend.css/wp-content/plugins/multidots-passkey-login/assets/css/mdlogin-passkey-backend.css/wp-content/plugins/multidots-passkey-login/assets/js/mdlogin-passkey-frontend.js/wp-content/plugins/multidots-passkey-login/assets/js/mdlogin-passkey-backend.js
Version Parameters
multidots-passkey-login/assets/css/mdlogin-passkey-frontend.css?ver=multidots-passkey-login/assets/css/mdlogin-passkey-backend.css?ver=multidots-passkey-login/assets/js/mdlogin-passkey-frontend.js?ver=multidots-passkey-login/assets/js/mdlogin-passkey-backend.js?ver=

HTML / DOM Fingerprints

CSS Classes
mdlogin-passkey-login-formmdlogin-passkey-registration-formmdlogin-passkey-manage-credentials-form
Data Attributes
data-mdlogin-passkey-noncedata-mdlogin-passkey-user-iddata-mdlogin-passkey-action
JS Globals
mdlogin_passkey_frontend_paramsmdlogin_passkey_backend_params
REST Endpoints
/wp-json/mdlogin-passkey/v1/register-challenge/wp-json/mdlogin-passkey/v1/register-response/wp-json/mdlogin-passkey/v1/login-challenge/wp-json/mdlogin-passkey/v1/login-response/wp-json/mdlogin-passkey/v1/delete-credential/wp-json/mdlogin-passkey/v1/create-credential
Shortcode Output
[mdlogin_passkey_login_form][mdlogin_passkey_registration_form][mdlogin_passkey_manage_credentials_form]
FAQ

Frequently Asked Questions about Multidots Passkey Login – Passwordless Login for WordPress