May 082009

When I am traveling I frequently publish my travel stories from internet cafés on this weblog. However, these places are not the safest computing places. I have seen a lot of worrying messages from virus scanners nobody pays attention to.

Because of this I have been searching for ways to improve security. One measure I took was installing the Semisecure Login Reimagined plugin to send the WordPress password encrypted from the browser to the server (a better way is to use SSL, but my hosting provider doesn’t support that).

However, sending the password encrypted doesn’t prevent keylogging. A possible solution is to use a virtual keyboard (on-screen keyboard). Because I don’t want to search for or install a virtual keyboard each time, I wanted a virtual keyboard integrated in my login screen. I couldn’t find something existing, so I decided to write a new WordPress plugin to accomplish this. The short name of this plugin is WP-Login-Vkb.

After pressing the keyboard icon next to the password box, my login screen looks like this now:

WP-Login-Vkb plugin

Install now

The plugin was tested with WordPress version 2.7 on a standard (not customized) login screen. Please let me know if the plugin does work with other WordPress versions (especially older versions).

Disclaimer: I cannot guarantee this plugin will prevent keylogging in all cases.

The plugin is licensed under the GNU General Public License version 3. The plugin uses the Javascript Virtual Keyboard downloaded from The  Code Project. The keyboard icon was downloaded from Wikimedia Commons.

Remarks, comments and questions are as always very welcome.

 Posted by at 13:07  Tagged with:

  30 Responses to “WordPress plugin: Login virtual keyboard”

  1. Hi,

    I just installed (and donated) the (and to) plugin and it is not showing up on the login screen any idea how to fix this??



  2. I just downloaded the plugin but I can not install it

  3. I have download the login plugin
    WP-Login-Vkb and install it and i want to call it on my page how i do this

    • Just logout and you will see the keyboard icon to activate the virtual keyboard.

      • I donot want this i want the login form plugin which can be used on page as normally on user face when we click a form open and ask for email , password
        if any idea then tell which is suitable for me

  4. Thank you for such a usefull plug-in. I have a question

    I want to disable password input box and force users to use vk. I did that, but when focused password box, I want to enable vk automaticly. Is there a way ?

    • Upgrade to the just released version 1.2 and check both ‘Keyboard initial visible’ and ‘Virtual keyboard mandatory’ (new) settings and you should have what you want.

      • Thank you so much, but that did not do what I wish. Here is what I did :

        1- Opened wp-login.php and password’s inputbox, I included two extra property :

        2- Opened wp-login-vkb.php and addded extra JS to do the changeProp work in //Add style sheet & JavaScript to the head of the page section

        Right now I have a VKB which opens keypad after clicking password box.
        It will be nice in v.1.3

        • I hope the just released version 1.3 does what you want; let me know if it does not. It was a good idea to use the focus event to display the virtual keyboard when it is mandatory. Losing the focus removes the keyboard too.

  5. Hi, this plugin works on search field also?!

  6. i have use Branded Login Screen plugin but WP-Login-Vkb plugin is not working :(( i have see keyboard icon but when i click, it is not opening. Can you help me? ultraslan939[at]yahoo[dot]com

  7. i want to know that does this virtual keyboard change its keys position after refresh or reload.

    and how can i use this for my application ?????/

    please help

  8. Thanks for the plug-in it is fine with WP2.8.2. I would further ask how to make all texts embraced in the keyboard boundary. Like shorten AltGr to Alt or BackSpace to BkSpace?

    • If you want to edit the keyboard layout, take a look in the chapter Creating Your Own Language Layout of the documentation of the JavaScript Virtual Keyboard library.

      Please note the plugin is not working in Internet Explorer.

      A easier and safer way to protect your WordPress password is the One-Time password plugin.

      • Great thanks for that, it looks lengthy and will digest it. It doesn’t matter for I.E., I use FF a lot.
        I used One-Time password already, tks again and both work fine with WP2.8.3 locally and remotely.

  9. Not working for ie .

  10. Using an onscreen keyboard does not fool but the most basic (stupid) keyloggers/spywares. I can recommend the comparison of technologies at for different approaches and their advantages and disadvantages.

    • Using an onscreen keyboard does not fool but the most basic (stupid) keyloggers/spywares.

      I am wondering if you can justify this statement.

      • I think it is quite obvious: there is nothing to stop the spyware to capture your input – no matter how exactly this input is made. Keyloggers/Spyware nowadays can capture areas that have received mouse clicks, the clipboard, and all sorts of system calls. Use google to find out…

        • I don’t deny that more advanced keyloggers can and will capture input from other sources than the keyboard. However, I am not convinced that data captured in that way is used on a large scale (in an automated way) for malicious purposes, yet.

          • With the lack of reliable sources of information about what is really going on “in the wild” (and I would expect that this may greatly vary by location) I can only speculate. And basing security decisions on speculation – well that’s the definition of risk, isn’t it?