Are you looking to add a passwordless login system to your website, like magic links?
This will allow your users to log into your WordPress website without needing to remember a password. They will simply click a link sent to their email inbox to gain access to the site and their account.
In this article, we will show you how to add a passwordless login in WordPress with magic links.
What is passwordless login?
Use passwords to keep our WordPress websites secure. By requiring each user to enter a username and password at login, you prevent unauthorized users from visiting sensitive areas of your websites.
This is especially important if you have a website where users need to log in regularly, such as a multi-author site, membership site, or online store.
But passwords are difficult to create and remember, and can cause security problems. For example, users can create weak passwords that can be easily guessed or use the same password on multiple sites.
They may also be costing you money. 75% of users quit when they forget and need to reset their password, and 30% of customersabandon your shopping cart when prompted to create a password. Password issues also put a burden on your support team.
Fortunately, there are several ways to improve password security on your site. You can force your users to use strong passwords and change their passwords regularly. We also recommend that you use a password manager to securely manage your passwords.
However, you may want to avoid passwords altogether. A passwordless login system allows your users to log into your website without entering a password.
What are magic links?
Magic links are the most common passwordless login method.
When logging into your WordPress website, the user is prompted for their username or email address. A special link is then sent to that email address, and the user just has to click the link to go to your website and be automatically logged in.
This form of passwordless login is secure because the link can only be used once and will expire after a certain number of minutes. Furthermore, the link can only be found in the user’s email account, confirming that the user is who they say they are.
This is different from a temporary login link you would give to a plugin developer or security expert who needs to test your website. In that case, the login solution is only temporary and you don’t need to enter an email address every time.
With that being said, let’s take a look at how to add a passwordless login in WordPress with magic links.
How To Add A Passwordless WordPress Login With Magic Links
The first thing you need to do is install the passwordless login plugin. For more details, check out our step by step guide on how to install a WordPress plugin.
Upon activation, the plugin will automatically add a “Send me login link” button to your standard login screen. This will allow your users to log in with their username (or email) and password if they remember it, or request a magic link if they don’t.
If there is a valid account on your website for the entered username or email address, the user will receive an email with a login link.
The link will work for 5 minutes and then it will expire. If you need, you can change the link lifetime in the plugin settings, as shown below.
Note: If you or your users did not receive the email and it is not in your spam folder, then there may be a problem with your website’s email. You should take a look at our guide on how to fix WordPress not sending email issue.
If there is no account on your website with the username or email address entered, an error message will be displayed instead.
Magic Link Plugin Settings
You can configure the Magic Link plugin by visiting Settings » Magic login in the admin sidebar.
This page contains all the options for the plugin, including the premium options that Pro users can use.
The first option is called ‘Force Magic Login’. When enabled, your users will not have the option to log in with a password.
They simply enter their username or email address and then click the ‘Send me the link’ button. A magic link will be sent to your inbox.
Alternatively, you can use the shortcode
[magic_login_form] to add a magic link login form to any page or widget. Check out our guide on how to add a shortcode in WordPress for more details.
The second option is enabled by default and adds a magic login button to the standard login form. When this switch is off, the magic link button is removed from that login form.
The next two options are related to security. By default, the Token Lifespan setting causes magic links to expire after 5 minutes. We recommend keeping this setting short, but you can increase it to 10-20 minutes if your users are having issues.
The token validity setting is set to 1 by default. This means that each magic link will work for only one login. We recommend that you keep this setting.
Then comes a feature called ‘Auto Login Links’. When enabled, a magic link will be added to all emails sent by WordPress, such as WooCommerce order confirmations, automated coupons, and comment notifications. The user will be automatically logged in upon replying to the email.
After that comes a number of premium features for Pro users. These include:
- brute force protection
- Limiting login requests
- IP check
- domain restriction
- Email subject
- Email content
- login redirect
There is also a button for all users that will reset the tokens.
Once you have finished configuring the plugin, make sure to click the ‘Update Settings’ button at the bottom of the page to store the settings.
We hope this tutorial helped you learn how to add a passwordless WordPress login with magic links. You might also want to learn how to get a free email domain or check out our list of common WordPress errors and how to fix them.
If you liked this article, please subscribe to our YouTube channel for WordPress video tutorials. You can also find us at Twitter and Facebook