Secure Login Collector

Description

Secure Login Collector gives agencies and freelancers a safe hand-off point for client credentials. Clients fill in a branded form, everything is encrypted before it leaves their browser, and your team only unlocks it inside WordPress. No more password spreadsheets, chat messages, or liability-inducing emails.

How a login data submission flows

1. Client opens your credential intake page and fills in the required fields (name, email, service, username, password, notes (optiona)).
2. The data is locked on their device before it is sent anywhere [browser-based Web Crypto + RSA-2048 key exchange + AES-256-GCM payloads].
3. The encrypted package lands in your WP database table together with metadata for auditing [Zero-knowledge encryption].
4. Your team gets notified, signs in to WordPress, and decrypts items inside the admin dashboard.

Free version features (included)

• Client-side sealing – credentials are encrypted before they leave the browser, so email or transport leaks cannot expose them.
• Zero-knowledge encryption – the server never sees the unwrapped private key; secrets are only readable once an admin unlocks them locally inside WordPress.
• WP admin decryption – only logged-in admins with the proper capability and the correct password can unlock submissions inside the dashboard, keeping everything in one place.
• Submission inbox & search – view, sort, and filter all requests with name, service, timestamps, and notes, then copy credentials when you need them.
• Instant notifications – each submission triggers an email so projects keep moving without checking the dashboard every hour.
• Accessible client experience – responsive form, password visibility toggle, optional help text, and field-level validation keep clients confident while still being secure.

Pro version extras (via Secure Login Collector Pro)

• Passkey-first approvals – require Touch ID, Windows Hello, YubiKey, or password-manager passkeys before every decrypt/export event.
• Spam and bot defense – invisible honeypot fields, nonce verification, rate limiting, and IP-aware hooks block automated dumps without annoying clients.
• Retention & cleanup controls – choose how long data stays accessible and let the plugin redact expired payloads automatically.
• Bulk decrypt & export – decrypt multiple entries at once and export directly to Bitwarden, 1Password, LastPass, Dashlane, CSV, or JSON for team password vaults.

Freemius & privacy

This plugin bundles the Freemius SDK for licensing, secure payments, and (optional) telemetry. Nothing is shared until you explicitly opt in. When you do, only environment details (site URL, WP/PHP version, plugin version) plus contact email/locale are sent to Freemius so upgrades and receipts work. Client submissions, encrypted payloads, and decrypted credentials never leave your hosting environment.

Disclaimer

Security is a shared responsibility. We ship the tools, but you control how and where they are used. Install SSL, keep WordPress updated, limit admin access, and review submissions promptly. We are not liable for any damage, data loss, or regulatory issues that arise from using this plugin—use it at your own risk.

External Services

This plugin bundles the Freemius SDK to handle optional telemetry, licensing, and upgrade flows. Opt-in is required before any data is shared.

What is sent (only after opt-in):
* Site URL, WordPress version, PHP version, and plugin version – for compatibility checks.
* Admin email and locale – so Freemius can send license receipts and support messages if you later purchase Pro.

No client submissions, passwords, or encrypted payloads ever leave your server. All credential data stays inside your WordPress database.

Freemius Terms: https://freemius.com/terms/
Freemius Privacy: https://freemius.com/privacy/