Are you looking to add a passwordless login system to your website, such as magic links?
This will allow your users to log in to your WordPress website without needing to remember a password. They will simply click on a link that is sent to their email inbox to gain access to the site and their account.
In this article, we will show you how to add a passwordless login in WordPress with magic links.
What Is Passwordless Login?
You use passwords to keep our WordPress websites secure. By requiring each user to enter a username and password when logging in, you keep unauthorized users from visiting sensitive areas of your websites.
This is especially important if you have a website where users need to log in regularly, such as a multi-author site, membership site, or online store.
But passwords are hard to create and remember, and they can cause security issues. For example, users may make weak passwords that can be easily guessed or use the same password on multiple sites.
They may also be costing you money. 75% of users quit when they forget and need to reset their password, and 30% of customers abandon their shopping carts when prompted to create a password. Password problems also place a burden on your support team.
Luckily, there are a number of ways you can improve password security on your site. You can force your users to use strong passwords and change their passwords regularly. We also recommend you use a password manager to securely manage your passwords.
However, you may wish to avoid passwords altogether. A passwordless login system allows your users to log in to your website without entering a password.
What Are Magic Links?
Magic links are the most common method of passwordless login.
When logging in to your WordPress website, a user is asked for their username or email address. Next, a special link is sent to that email address, and the user just has to click on the link to be taken to your website and automatically logged in.
This form of passwordless login is secure because the link can only be used once and will expire after a certain number of minutes. Also, the link can only be found in the user’s email account, which confirms that the user is who they say they are.
This is different from a temporary login link that you would give to a plugin developer or security expert who needs to run tests on your website. In that case, the login solution is only temporary, and an email address does not need to be entered each time.
With that being said, let’s take a look at how to add a passwordless login in WordPress with Magic links.
Video Tutorial
If you’d prefer written instructions, then just keep reading.
How to Add Passwordless Login in WordPress With Magic Links
The first thing you need to do is install the Magic Login plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.
Note: In this tutorial, we will use the free plugin. There is also a Magic Login Pro plan that adds support and additional features such as brute force protection, login redirection, and the ability to customize the emails sent.
Upon activation, the plugin will automatically add a ‘Send me the login link’ button to your standard login screen. This will let your users sign in using their username (or email) and password if they remember it or request a magic link if they don’t.
If there is a valid account on your website for the username or email address entered, then the user will receive an email with a link to log in.
The link will work for 5 minutes and then expire. If you need, you can change the link’s lifespan in the plugin’s settings, as we show below.
Note: If you or your users did not receive the email and it isn’t in your spam folder, then there may be a problem with your website’s email. You should take a look at our guide on how to fix the WordPress not sending email issue.
If there is no account on your website with the username or email address that was entered, then an error message will be displayed instead.
Configuring the Magic Link Plugin
You can configure the Magic Link plugin by visiting Settings » Magic Login in your admin sidebar.
This page contains all of the options for the plugin, including premium options that can be used by Pro users.
The first option is called ‘Force Magic Login.’ When enabled, your users will not be given the option of signing in with a password.
They simply enter their username or email address and then click the ‘Send me the link’ button. A magic link will be emailed to their inbox.
Alternatively, you can use the shortcode [magic_login_form] to add a magic link login form to any page or widget. See our guide on how to add a shortcode in WordPress for details.
The second option is enabled by default and adds a magic login button to the standard login form. When this switch is toggled off, the magic link button is removed from that login form.
The next two options are related to security. By default, the Token Lifespan setting makes magic links expire after 5 minutes. We recommend keeping this setting short, but you could increase it to 10 or 20 minutes if your users have issues.
The Token Validity setting is set to 1 by default. This means that each magic link will work for a single login. We recommend you keep this setting.
Next comes a feature called ‘Auto Login Links.’ When enabled, a magic link will be added to all emails sent out by WordPress, such as WooCommerce order confirmations, automated coupons, and comment notifications. The user will be logged in automatically when responding to the email.
After that comes a number of premium features for Pro users. These include:
- Brute Force Protection
- Login Request Throttling
- IP Check
- Domain Restriction
- Email Subject
- Email Content
- Login Redirection
There is also a button for all users that will reset the tokens.
Once you have finished configuring the plugin, make sure you click the ‘Update Settings’ button at the bottom of the page to store the settings.
Expert Guides on WordPress Login
Now that you know how to add passwordless login, you may like to see some other guides related to improving the WordPress login experience.
- How to Create a Custom WordPress Login Page (Ultimate Guide)
- How to Add One-Click Login With Google in WordPress
- How to Add CAPTCHA in WordPress Login and Registration Form
- How to Add Two-Factor Authentication in WordPress (Free Method)
- How to Add Security Questions to the WordPress Login Screen
- How and Why You Should Limit Login Attempts in WordPress
- How to Redirect Users After Successful Login in WordPress
- How to Remove the Login Shake Effect in WordPress (Updated)
- How to Add a Custom Login URL in WordPress (Step by Step)
- Best WordPress Login Page Plugins (Secure & Customizable)
We hope this tutorial helped you learn how to add passwordless login in WordPress with magic links. You may also want to see our guide on how to get a free email domain or our expert pick of the best WordPress security plugins.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Syed Balkhi says
Hey WPBeginner readers,
Did you know you can win exciting prizes by commenting on WPBeginner?
Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
You can get more details about the contest from here.
Start sharing your thoughts below to stand a chance to win!
Dennis Muthomi says
I run an online store, and the statistic that 75% of users quit when they forget and need to reset their password might explain why my conversion rate for new prospects has been low.
the hassle of creating a new password is likely causing shopping cart abandonment. I’ll definitely give the Magic Login plugin a try to see if implementing passwordless login improves things.
thanks for sharing this valuable tip! seriously!!
Jiří Vaněk says
So my understanding is that this is basically a lot like the password reset link for a forgotten password? Just with the difference that the user does not have to change the password and just logs in using the link?
WPBeginner Support says
Correct!
Admin
Kim Nisbet says
Hi I have setup the trail version and was wondering if I need to setup SMTP Mail as well? The link is coming into my email box, but I have used other plugins where they go to the Junk/Spam folder, which is what I am trying to avoid.
WPBeginner Support says
There is no guarantee that an email will reach an inbox but adding SMTP would help as it lets the email provider know it is a more trustworthy source than a general email.
Admin