Facial Recognition Authentication

For years, users worldwide have faced security risks due to insecure login pages. WordPress sites are no exception to these challenges. Our plugin provides an innovative solution for login security by integrating facial recognition technology with traditional username and password methods.

Currently, users log in using either a username and password or a Two-Factor Authentication (2FA) method. While 2FA enhances security, it has its own vulnerabilities:

1. Phishing attacks: Hackers can deceive users into entering their 2FA codes on fake websites.
2. Lost or stolen devices: If the device used to receive 2FA codes (e.g., a mobile phone) is lost or stolen, unauthorized access becomes possible.
3. SMS-based 2FA: SMS codes can be intercepted through SIM swapping attacks.
4. Access issues: Users may face challenges accessing 2FA codes due to technical issues.
5. Software flaws: Authentication apps can have security vulnerabilities.

Our plugin addresses these issues by leveraging facial recognition for authentication. When a user attempts to log in, our plugin communicates with a secure Django server for authentication, ensuring no sensitive user data is stored in WordPress databases. The facial recognition system can distinguish between a live user and a static photo, making unauthorized access virtually impossible.

For a complete tutorial on installing and using the plugin, watch this video.

Key Features:

• Facial recognition authentication using a simple webcam.
• No storage of user credentials in WordPress databases.
• Interaction between the plugin and server is conducted through secure APIs with encrypted data transmission.
• Enhanced security with PBKDF2 password hashing (870,000 iterations with salt) on the Django server.
• Seamless integration with WordPress login pages, adding an extra layer of security.
• Simplified registration process for users to set up facial recognition and credentials.
• New Manage Account section for users to change their password, update photo, or delete their account, secured with OTP and facial recognition.
• Activation email sent during registration, with a 24-hour expiration period.
• Each user can only register with a single email address.

Why Choose Our Plugin?

1. Protects against brute-force attacks targeting WordPress login pages.
2. Eliminates reliance on weak password hashing mechanisms in WordPress.
3. Enhances user experience by enabling secure logins without expensive hardware.
4. Provides a scalable solution for future platforms beyond WordPress.

Try Our Demo Before Installing!

Want to test our plugin in a safe environment before installing it on your own site? We’ve set up a demo WordPress site where you can experience the plugin in action.

Email us at [support@newwaypmsco.com] to request access – we’ll send you the demo site link, along with a username and password to log in and test the plugin.

Once you’re satisfied, you can install it on your own WordPress site with confidence!

External Services

This plugin connects to an external Django server to perform facial recognition authentication. The communication between the plugin and the server is secure, ensuring the safety of user data through encrypted transmission.

Third-Party Service Details

1. Service Name: Django Server for Facial Recognition Authentication

   • Purpose: To authenticate users using facial recognition.
   • Data Sent:
     • During login:
     • Username and password entered by the user.
     • Facial image captured by the webcam for authentication.
     • During registration:
     • Username and password chosen by the user.
     • Facial image captured by the webcam to set up facial recognition.
   • Storage & Security:
     • All data is transmitted securely using SSL encryption.
     • Facial data is stored on our Django server with AES-256 encryption.
     • No facial data is stored in WordPress databases.
   • Conditions: Data is sent only when users initiate login or registration.
   • User Control: We’re working on adding a feature to let users delete their facial data in future updates. For now, contact our support team at [support@newwaypmsco.com] for assistance with data management.
   • Terms of Service: https://api.newwaypmsco.com/terms-of-service/
   • Privacy Policy: https://api.newwaypmsco.com/privacy-policy/

2. External API Endpoints Used:

   • https://api.newwaypmsco.com/api/user/login/
   • https://api.newwaypmsco.com/api/user/register/

By using this plugin, users acknowledge and agree to the terms and conditions outlined above.

Resources

This plugin uses the open-source SweetAlert library for user alerts. Non-minified source code is available in:
– assets/js/bootstrap.js (non-minified version)
– assets/js/sweetalert.min.js (SweetAlert library)

• Official SweetAlert Website: https://sweetalert.js.org/
• SweetAlert CDN: https://cdnjs.com/libraries/sweetalert/2.1.2
• GitHub Repository: https://github.com/t4t5/sweetalert