This little plugin for WordPress allows administrators to create autologin links via the profile edit pages for users which allows users to automatically login and view the WordPress page. This plugin at the moment is thought to be used to link friends/friendly users through to a private part of your website.to allow them to view your content or make comments.
Caution! This plugin bypasses the standard way of logging in to WordPress and therefore can expose additional vulnerabilities for attackers to exploit: Autologin links/codes are saved as plain text in the WordPress database. They can be viewed and used by server administrators, WordPress administrators and maliciuous plugins to hijack accounts. If you do not know what this means or what the implications of this are, consider not installing this plugin! For more information, please consult the security section of this article.
Table of Contents
The standard generated autologin link points to the wordpress mainpage:
However, it is possible to have the link point to any page on your WordPress website. Currently, this can only be done manually by adapting the link. If you, for example, want to link to your your “page 5″ ([...]?p=5 in your address bar), simply add the “p=5″ parameter to the autologin_address like this:
The resulting link will bring a visitor directly to your “page 5″.
Security – an important aspect for a plugin which offers an alternative login method. First of all, only admininstrators may edit autologin links, because only they (hopefully) know about the implications that a autologin link will bring with it and if a user should be granted the right to use such a link (think, for example, of the link leaking into the internet). For admininstrators here is more information to find about further security aspects:
Since autologin links can be viewed by administrators and users, they are saved as plain text in the WordPress database. Therefore, if your database is located at an insecure place, it will be easy for an attacker to hijack any account with an autologin link. A planned, future extension of this plugin will be able to generate hashed, one-time viewable login codes, but even this will not solve all issues. If an attacker gains write access to the WordPress database (for example, through a malicous plugin or hijacking an administrator account using a leaked autologin link), the attacker may set autologin codes for different users. This might be considered similar to a rogue administrator assigning new passwords to users, but it is not: Users will notice changed passwords but not a necessarily a new autologin link. Autologin links is a unusual WordPress plugin and if users do not use a autologin link on their own, they will not notice a setup link set as additional login method. This way an attacker can establish a way to login using the account of a unsuspecting user without knowing his password and without the user knowing that his account is hijacked!!!
The “read autologin code from database”-vulnerability can be resolved by hashing autologin links/codes, which however also prevents redisplaying them on the profile page (see todo-list). The “writing new autologin codes to database”-vulnerability cannot be solved (WordPress passwords in fact would suffer from the same problem).
- It is possible that double autologin links/codes are generated. If there are multiple equal login keys in the database, login is denied by using any of these links. However, the probability of this happening is currently 62^30…….
Things I might improve or will improve in the future (do not know yet though)
- Add a “generate autlogin link for current page” button to the top-bar when logged in, if a user currently has an autologin link.
- Revoke option for users. Users should always have the possibility to at least delete their own autologin links.
- Hashed autologin codes.