Back
MksDdn Reddy Auth

MksDdn Reddy Auth

By Max
Details
View on WordPress
Back

MksDdn Reddy Auth provides OTP-based authentication with:

  • WordPress cookie session login for the frontend (shortcode, or REST with issue_session: true).
  • Optional Bearer token issuing for REST clients (issue_token: true; cookie not set by default on REST login).
  • Rate limiting and one-time OTP verification.
  • Optional site and REST API protection for unauthenticated visitors.
  • Optional allowed request sources (Origin/Referer) for plugin REST endpoints.

The plugin maps each Reddy ID to a WordPress user and can create an account automatically on first successful login.

Getting Started

1. Configure the Reddy bot token

For production, define the token in wp-config.php:

define( 'MKSDDN_REDDY_BOT_TOKEN', 'your-bot-token' );

For local development you can store the token in Settings > Reddy Auth instead. Use Bot connection test to verify delivery to a Reddy user.

2. Set up the login page

Create a WordPress page (for example, /login/) and insert:

[mksddn_reddy_login]

Users enter their Reddy ID, receive a one-time code in Reddy, and sign in through the form.

3. Review protection settings

By default, both protection options are disabled so your site stays accessible after activation. Enable them only after the login page is configured:

  • Protect site content — redirects unauthenticated visitors to the login page.
  • Protect all REST API content — returns 401 for protected REST routes.

Public auth routes remain available without login:

  • POST /wp-json/mksddn-reddy-auth/v1/auth/send-code
  • POST /wp-json/mksddn-reddy-auth/v1/auth/login

4. Use REST API for headless clients

Typical flow:

  1. POST /auth/send-code with { "reddy_id": "123456" }
  2. POST /auth/login with { "reddy_id": "123456", "code": "111111", "issue_token": true } for headless clients. Add "issue_session": true only when the browser must also receive a WordPress cookie (same-origin SPA).
  3. Call protected REST routes with Authorization: Bearer <token>.
  4. GET /auth/me to read the current user (Bearer or cookie session).
  5. POST /auth/logout to end the cookie session and revoke the Bearer token when provided.

Protect site content checks the WordPress cookie session (shortcode login or REST login with issue_session: true). It does not accept Bearer tokens. Protect all REST API content requires a Bearer token and ignores cookie-only sessions.

Download OpenAPI and Postman files from Settings > Reddy Auth > Developer Resources.

5. Optional: restrict REST callers by browser source

In Settings > Reddy Auth, Allowed request sources limits plugin REST traffic (/mksddn-reddy-auth/v1/*) to listed Origin or Referer URLs. Leave empty to allow any client (recommended for server-to-server integrations). This is a soft guard for browser apps, not a secret key.

External services

This plugin connects to the Reddy bot API at https://bot.reddy.team to deliver one-time passwords and optional admin connection test messages.

What the service is used for

  • Deliver OTP codes to a Reddy user during login.
  • Send an optional admin “bot connection test” message from Settings > Reddy Auth.

What data is sent and when

  • OTP send / login: Reddy user ID (userKey) and message text containing the one-time code (and expiry hint). Message text is configurable in Settings > Reddy Auth > Bot Messages (placeholders {code}, {ttl}). Sent when a user requests a code via the login form or REST API.
  • Bot connection test: Reddy user ID (userKey) and a configurable test message from Settings > Reddy Auth > Bot Messages. Sent only when an administrator runs Bot connection test in Settings > Reddy Auth.
  • Bot token: Your bot token is included in the API request URL path (configured via MKSDDN_REDDY_BOT_TOKEN in wp-config.php or the development fallback field in settings). It is not sent to WordPress.org.

Data is transmitted only when OTP delivery or the connection test is triggered. The plugin does not send site content, post data, or WordPress user passwords to Reddy.

This service is provided by Reddy: terms of use and privacy policy at https://help.reddy.team/pages/user-agreement

No other third-party services are required for core plugin operation.

Details

Plugin code:
mksddn-reddy-auth
Plugin version:
1.0.0
Author:
Max
Outdated:
No
WP version:
6.2 or higher
PHP version:
7.4 or higher
Test up to WP version:
7.0
Total installations:
0
Last updated:
2026-06-03
Rating:
Times rated:
0
authentication
login
otp
rest-api

Related plugins

Plugins that also contain the tag authentication

Limit Login Attempts
Limit Login Attempts
InfiniteWP Client
InfiniteWP Client
WPS Limit Login
WPS Limit Login
Two Factor
Two Factor
WP-Members Membership Plugin
WP-Members Membership Plugin
Google Authenticator
Google Authenticator
We use cookies on our website to enhance your browsing experience. By using our site, you agree to the use of cookies, including those from Google Analytics and Google AdSense, for analytics and personalized advertising. You can view our full privacy policy by clicking here. Thank you for visiting!
Got it
Searchable WordPress plugin database - Plugin for that
Popular tags
gutenberg
admin
elementor
images
pages
button
link
tracking
statistics
stats
google
seo
rss
automation
feed
content
shortcode
ecommerce
spam
booking
About

Plugin for that tries to help you find the WordPress plugin you are looking for.

Please enjoy an image of Crush (this awesome turtle) and have a lovely day!Crush

We do not own any plugin listed on this site and do not work for or work with WordPress.com or it's associated companies. We simply provide a searchable list of the available WordPress plugins.

Plugin for that - Created with by Intology