Login With Ajax – Fast Logins, 2FA, Redirects Plugin

Login With Ajax is for sites that need user logins or registrations and would like to avoid the normal wordpress login pages, or add AJAX effects to the regular login pages. This plugin adds the capability of placing a login widget in the sidebar with smooth AJAX login effects.

Some of the features:

• AJAX-powered logins, no screen refreshes!
  • Login
  • Registration
  • Remember/Reset Password
• 2FA – Two-Factor Authentication
  • TOTP – Time-based One-Time Password
  • Scan a QR code with popular authenticator apps like Google Authenticator, Authy, etc.
  • Email – Send a code to the user’s email address
  • Backup Codes – Generate and use backup codes
• Integrate 2FA setup options in other plugin account pages
  • WooCommerce
  • BuddyPress
  • BuddyBoss
• “AJAXify” other login forms
  • Create a better login experience in the default WP login form with AJAX effects for logins, password recovery and registration.
  • Regular WP login and registration forms
  • WooCommerce login forms
  • Events Manager login forms
• Many ways to display and customize your login form:
  • Gutenberg Blocks
  • Full-site editor compatible
  • Widgets (classic and blocks)
  • Shortcode
  • Template Tags
  • PHP API
• Flexible templates and options
  • Multiple templates to choose from
  • Including Modal/Pop-Up login forms
  • Responsive and Accessible!
  • Choose a base color for each individual login form.
  • Individual display options via all display methods (e.g. Gutenberg Blocks, Shortcode etc.)
  • Create your own upgrade-safe templates, or override our own ones.
• Custom Login/Logout redirections
  • Redirect users to custom URLs on Login and Logout
  • Redirect users with different roles to custom URLs
  • WPML – Language-specific redirects
• Modify registration email templates
• Other Features
  • Disable CSS styling (via shortcode or PHP display methods)
  • SSL-compatible
  • Fallback mechanism, will still work on javascript-disabled browsers
  • Compatible with WordPress, MultiSite, BuddyPress and many other plugins
• Developer Friendly
  • Multiple PHP and JS hooks
  • Overridable CSS and JS files
  • Easy-to-customize and overridable template files
  • Well-documented

First released in 2009, the oldest login plugin for WordPress, regularly maintained and updated since then!

Pro Add-On Features

As of version 4.0, we now offer a Pro add-on which extends Login With AJAX with multiple new features:

• Security Features – Harden the security of your login forms
  • 2FA – Additional Two-Factor Authentication Methods:
  • SMS – Send a code to the user’s phone
  • WhatsApp – Send a message, user clicks a button, done!
  • Telegram – Send a message, user clicks a button, done!
  • PassKeys
  • Next-Generation security, no passwords required!
  • Users can log in without a username AND password.
  • Biometric support (fingerprint, face ID, etc.)
  • reCaptcha (v2, v2 Invisible and v3)
  • Login limiter
• 3rd Party Page Builder Blocks/Widgets/Modules
  • Divi
  • Elementor
• More on the way!

Getting Help/Support

Version 4 is a major overhaul of the plugin, which has remained largely unchanged for 11 years yet remained a staple tool for logins to WordPress! Changes include a complete rewrite of login templates updated to modern stadnards and practices, as well as new WP features such as Gutenberg Blocks.

If you’re stuck, we strongly suggest visiting our Documentation Site which contains exensive information and advice on setup and troubleshooting.

If you have any problems with the plugin after reading our Troubleshooting, please visit our freely supported community forums, or Go Pro for premium support.

Notes

Please visit our documentation site, which is regularly and extensively maintained and updated with all the information relevant to getting started, advanced setup and troubleshooting common issues.

1. Upload this plugin to the /wp-content/plugins/ directory and unzip it, or simply upload the zip file within your wordpress installation.

2. Activate the plugin through the ‘Plugins’ menu in WordPress

3. If you want login/logout redirections, go to Settings > Login With Ajax in the admin area and fill out the form.

4. Add the login with ajax widget to your sidebar, add a Gutenberg block or [lwa] on your pages, or use login_with_ajax() in your template.

5. For more options and installation instructions, see our documentation site.

1. 

   Beautiful, responsive login forms with smooth AJAX login effects.

2. 

   Easy and slick 2FA verification process, also with AJAX effects to reduce loadtimes and and enhance experience.

3. 

   Multiple templates to choose from, such as the minimalistic theme.

4. 

   Modal template variations allow for popup login forms.

5. 

   Multiple 2FA options in an easy-to-use setup menu, available in WP profile area, modals and other plugin account pages.

6. 

   Switch between login, registration and password recovery without leaving the page!

7. 

   Compatible with the WP Block and Full Site Editor (aka Gutenberg)

8. 

   Modal setup with Pro passkeys and WhatsApp enabled 2FA

9. 

   Example 2FA verification request with multiple options enabled by a user.

10. 

    AJAXify the regular WP login form

11. 

    Multitude of settings to customize the login experience, including redirects and email notifications

12. 

    Another login template, based on the default template from v3 and earlier.

13. 

    The original login template, no styling running on Twenty Twenty

4.3

• fixed incorrect use of path_join() preventing loading templates from the wp-content/plugin-templates/login-with-ajax folder
• added/fixed modal_button_html overwriting modal button output (only via PHP)
• added lwa_2FA_before_load action
• fixed v.minor security issue by hardening admin notices to prevent users with same caps dismissing other user notices

4.2

• changed LoginWithAJAX.submit() JS to return a Promise (currently jqXHR)
• removed dark theme CSS from pixelbones.scss
• fixed PHP 8.1 warnings
• added 2FA support
• fixed minor plugin vulnerability allowing unauthenticated users to dismiss admin upgrade notice
• fixed issues with gutenberg block
• added AJAXify features for WooCommerce and Events Manager
• added support for the wp-content/plugin-templates/login-with-ajax folder for overriding templates

4.1

• fixed PHP warnings in PHP 8.x,
• added lwa_remember_url and lwa_login_url filters,
• fixed remember/register link urls not getting output properly on the login forms,
• tweaked default (all) templates to remove template query param from register/remember links

4.0.1

• fixed ‘unexpected ‘const’ (T_CONST)’ PHP error for PHP versions < 7.1
• fixed PHP error when using shortcodes

4.0

• Major rewrite, see our migration guide for more information.
• Improvements to JS and minified JS production files
• Adding SCSS and minified versions of all CSS
• Overhaul of templates
• Added /wp-content/plugin-templates/login-with-ajax/ as a login template directory
• Added legacy mode for supporting previous templates
• Added AJAXification of the default WP login, registration and password recovery forms.
• Added block editor support (gutenberg, widgets, FSE)
• Changed spinner to SVG
• Added base color palette picker for native templates
• Many other minor improvements to code

3.1.11

• replaced deprecated JS functions due to jQuery 3.5 transition in WordPress 5.6-7

3.1.10

• fixed bug where login via wp-admin is not possible when %LASTURL% is the default redirect action

3.1.9

• added precautionary security sanitization/escaping of input data on admin pages and settings,
• added USERNICENAME for login redirects for url-friendly usernames
• fixed styling of template dropdown in admin page
• fixed invalid/confirmed status boxes getting class/style names confused on login failures/success attempts
• changed wp_redirect usage to wp_safe_redirect for extra security precaution
• changed use of site_url with wp_login_url where appropriate allowing for better plugin compatibility

3.1.8.1

• fixed translations from translate.wordpress.org not loading properly (languages must be translated %95 or more),
• fixed settings pages save button not working in 3.1.8 release

3,1,8

• removed langs file, as WP translate services now handle translation and updates automatically
• updated admin area to include %LANG% hints in redirect templates and split login/logout for clearler explanations of other placeholders that can be used
• fixed s2member redirection compatibility issues

3.1.7

• fixed XSS security vulnerability on LWA settings page allowing code injection if an authorized user follows a properly structured url to that page, this does not affect the security of the login forms, only the settings page. Kudos Neven Biruski from DefenceCode for responsible disclosure.
• changed our hooks logout_url and login_redirect added as actions to filters which prevented functionality in some situations

3.1.6

• added Persian translation, thanks to Mohammad Akbari
• fixed PHP 7 deprecated construct error
• fixed deprecated get_currentuserinfo function PHP warning
• added option to show direct links (no AJAX forms) to password recovery and registration forms
• fixed missing text domain in widget/modal/widget_out.php
• fixed server errors when deactivating BuddyPress whilst LWA is active

3.1.5

• fixed 4.3 password update which now sends a link for user to set password instead
• fixed login redirect issues when using shortcode and template tags
• added script localization via LWA JS parameter,
• changed JS destination url to admin-ajax.php which fixes some incompatibilities with WPML
• fixed WPML status messages not being translated upon login/registration/password-recovery
• added and updated loads of languages, see here for full list – http://translate.netweblogic.com/projects/login-with-ajax/
• added some minor label layout improvements for admin area labels/forms
• added minor widget admin settings layout improvements

3.1.4

• fixed MIME type errors between HTTP <> HTTPS ajax requests,
• added redirect shortcode attribute

3.1.3

• fixed JS/CSS file overriding problems
• fixed class html error in widget/default/widget_in.php
• fixed redirection issues when not using JS
• fixed MultiSite registrations not adding user to blog with default role only ‘subscriber’ (props to Renato Baccaro)
• fixed vulnerability where registration is still possible even if registration is disabled in settings (props to Kevin Niehage @weizenspreu)
• fixed problems when trying to log in from an http page when admin ssl is enforced
• fixed CSS to hide table borders of default widget for the twenty fourteen theme
• added Hebrew, thanks to Menachem Shapiro
• fixed HTML validation issues in widgets
• added error fallback during ajax request
• added new icons and headers for wordpress.org plugin pages
• added redirect shortcode attribute for custom redirect

3.1.2

• updated Russian, Swedish and POT language files
• added Afrikaans translation
• added login_form action to divs-only and modal templates,
• fixed php warning in login-with-ajax.php
• fixed custom registration email not working since 3.1
• fixed logged in ‘hi’ title not showing up and is now configurable in widget settings

3.1.1

• fixed graceful fallback for themes with broken JS
• added loading of source JS if WP_DEBUG is enabled
• moved reveal.js source code into source js file
• fixed shortcode php warning
• added template shortcode/template attribute
• profile_link and registration arguments are now considered true/1 by default, to avoid confusion with missing links
• added ‘remember’ argument which controls whether to show/hide password recovery link
• fixed widget settings not remembering unchecked checkboxes
• added Slovak
• removed strtolower and using CSS now in widget_in.php
• moved register_widget into own function called by widgets_init
• changed some lwa-… ids to classes in widget_in.php
• added Slovak, updated Russian languages
• updated the POT file

3.1

• fixed json_encode issue
• overhaul of JS, now leaner and meaner
• modified template structure to allow multiple login forms
• added template selection to each widget
• added title choice to widget
• removed inclusion of wp-includes/registration.php during regsitration (not needed since WP 3.1)
• added two new templates to choose in widgets
• new light-weight modal using tweaked Reveal library – http://zurb.com/playground/reveal-modal-plugin
• improved css
• improved html structures in widget templates
• added sainitization in widget templates
• fixed CSRF vulnerability in admin settings page – thanks to Charlie Eriksen via Secunia SVCRP
• moved WP Widget before/after and open/close tags out of templates and into the WP_Widget class
• LoginWithAjax class is now completely static
• added some MS fixes for registration, now works with BuddyPress

3.0.4.1

• fixed xss vulnerability for re-enlistment on wordpress repo, more on the way

3.0.4

• updated russian translation
• added japanese
• updated iranian
• added registration attribute to template tags/shortcode

3.0.3

• scrollbar issue in default widget
• added hungarian

3.0.2

• got rid of (hopefully all) php warnings

3.0.1

• Fixed unexpected #LoginWithAjax_Footer showing up at bottom
• Fixed link problems for sub-directory blogs (using bloginfo(‘wpurl’) now)
• Added Albanian
• Replace Spanish with revised version

3.0

• Option to choose from various widget templates.

3.0b3

• %LASTURL% now works for logins as well
• Profile link plays nice with buddypress
• Added fix to stop wp_new_user_notification conflicts
• Empty logins now have an error message too.

3.0b

• Various bug fixes
• Improved JavaScript code
• Ajax Registration Option

2.21

• Redirect bug fix
• Hopefully fixed encoding issue

2.2

• Added Polish, Turkish and Brazilian Translation
• Fixed buddypress avatar not showing when logged in
• Removed capitalization of username in logged in widget
• Fixed all other known bugs
• Added placeholders for redirects (e.g. %USERNAME% for username when logged in)
• Added seamless login, screen doesn’t refresh upon successful login.

2.1.5

• Changed logged in widget to fix avatar display issue for both BuddyPress and WP. (Using ID instead of email for get_avatar and changed depreciated BP function).
• Added Danish Translation

2.1.4

• Added Chinese Translations
• CSS compatability with themes improvement.

2.1.3

• Added Italian Translations
• Added space in widget after “Hi” when logged in.
• CSS compatability with themes improvement.

2.1.2

• Added German Translations
• Fixed JS url encoding issue

2.1.1

• Added Finnish, Russian and French Translations
• Made JS success message translatable
• Fixed encoding issue (e.g. # fails in passwords) in the JS