Descripción
Capsquery Facial Authentication adds a Login with Face button to wp-login.php and a [capsquery_facial_authentication] shortcode for front-end pages.
How it works
- A user can enrolls their face from Users Profile.
- They set a 4–8 digit PIN as a second factor.
- At login, the browser captures the face locally using face-api.js.
- An encrypted face descriptor is matched on the server.
- The user confirms their identity and enters their PIN.
- Face descriptors encrypted at rest (AES-256-GCM)
- PIN stored as a secure hash
- Rate limiting and brute-force protection
- GDPR export/erase support
Third-party library
Face detection and recognition run entirely in the visitor’s browser using face-api.js (MIT license), bundled under assets/vendor/. Its pretrained model weights are required for the plugin to function and are bundled under assets/models/. Since the raw weight files have no meaningful file extension, each one is stored base64-encoded inside a small .json wrapper file and decoded on request by a plugin REST endpoint — no external network calls or third-party servers are involved.
Requirements
- HTTPS (or localhost for development) — browsers require a secure context for camera access
- PHP OpenSSL extension
- A webcam on the client device
Support
Need help or have questions?
Website: https://capsquery.com/
Email: arijit.paul@capsquery.com
Capturas






Instalación
- Upload the plugin folder to
/wp-content/plugins/capsquery-facial-authentication/or install via Plugins Add New. - Activate the plugin.
- Go to Settings Facial Authentication and confirm Facial Authentication is enabled.
- As a user, open Users Profile, enroll your face, and set a PIN.
- Visit wp-login.php and click Login with Face.
Preguntas frecuentes
-
Who can use Capsquery Facial Authentication in the free version?
-
On a single site, this is typically users with the any role.
-
Are photos stored on the server?
-
No. The plugin stores an encrypted mathematical face descriptor (128 numbers), not an image.
-
Is face matching alone enough to log in?
-
No. A successful face match must be followed by the correct PIN.
-
Does it work without HTTPS?
-
No. Modern browsers block camera access except on HTTPS or localhost.
-
How do I add Facial Authentication to a page?
-
Use the shortcode:
[capsquery_facial_authentication]or[capsquery_facial_authentication redirect="/my-account"] -
What are the .json files under assets/models?
-
They are the pretrained face-api.js (MIT-licensed) neural network weights needed for on-device face detection and recognition. The library’s raw weight files have no standard file extension, so each one is base64-encoded and wrapped in a
.jsonfile; the plugin decodes and streams it back out through its own REST endpoint when the browser loads the model. They are required — the plugin cannot detect or recognize faces without them.
Reseñas
There are no reviews for this plugin.
Colaboradores y desarrolladores
“Capsquery Facial Authentication” es un software de código abierto. Las siguientes personas han colaborado con este plugin.
ColaboradoresTraduce “Capsquery Facial Authentication” a tu idioma.
¿Interesado en el desarrollo?
Revise el código , eche un vistazo al repositorio SVN , o suscríbase al log de desarrollo por RSS .
Registro de cambios
1.1.0
- Admin settings page (enable/disable, match sensitivity)
- Security fixes: removed user_id override, improved REST validation, proper rate-limit responses
- Privacy/GDPR export and erasure support
- uninstall.php for clean removal
- Conditional shortcode asset loading
1.1.1
- Security improvements
1.1.2
- Fixed issues reported during WordPress.org plugin review.
- Code cleanup and compliance improvements.
1.1.3
- Improved facial recognition security by lowering the default matching threshold.
- Updated available recognition sensitivity presets.
- Minor security and performance improvements.
- Improve face detection in low light visibility
- Minor design improvement
1.1.4
- Minor change in shortcode condition to fix shortcode js loading issue
