Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
25 Million+
Websites using our plugins
Years of WordPress experience
WordPress tutorials
by experts

How to Add Passwordless Login in WordPress with Magic Links

Editorial Note: We earn a commission from partner links on WPBeginner. Commissions do not affect our editors' opinions or evaluations. Learn more about Editorial Process.

Are you looking to add a passwordless login system to your website, such as magic links?

This will allow your users to log in to your WordPress website without needing to remember a password. They will simply click on a link that is sent to their email inbox to gain access to the site and their account.

In this article, we will show you how to add a passwordless login in WordPress with magic links.

How to Add Passwordless Login in WordPress with Magic Links

What Is Passwordless Login?

You use passwords to keep our WordPress websites secure. By requiring each user to enter a username and password when logging in, you keep unauthorized users from visiting sensitive areas of your websites.

This is especially important if you have a website where users need to log in regularly, such as a multi-author site, membership site, or online store.

But passwords are hard to create and remember, and they can cause security issues. For example, users may make weak passwords that can be easily guessed or use the same password on multiple sites.

They may also be costing you money. 75% of users quit when they forget and need to reset their password, and 30% of customers abandon their shopping carts when prompted to create a password. Password problems also place a burden on your support team.

Luckily, there are a number of ways you can improve password security on your site. You can force your users to use strong passwords and change their passwords regularly. We also recommend you use a password manager to securely manage your passwords.

However, you may wish to avoid passwords altogether. A passwordless login system allows your users to log in to your website without entering a password.

What Are Magic Links?

Magic links are the most common method of passwordless login.

When logging in to your WordPress website, a user is asked for their username or email address. Next, a special link is sent to that email address, and the user just has to click on the link to be taken to your website and automatically logged in.

This form of passwordless login is secure because the link can only be used once and will expire after a certain number of minutes. Also, the link can only be found in the user’s email account, which confirms that the user is who they say they are.

This is different from a temporary login link that you would give to a plugin developer or security expert who needs to run tests on your website. In that case, the login solution is only temporary, and an email address does not need to be entered each time.

With that being said, let’s take a look at how to add a passwordless login in WordPress with Magic links.

Video Tutorial

Subscribe to WPBeginner

If you’d prefer written instructions, then just keep reading.

How to Add Passwordless Login in WordPress With Magic Links

The first thing you need to do is install the Magic Login plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.

Note: In this tutorial, we will use the free plugin. There is also a Magic Login Pro plan that adds support and additional features such as brute force protection, login redirection, and the ability to customize the emails sent.

Upon activation, the plugin will automatically add a ‘Send me the login link’ button to your standard login screen. This will let your users sign in using their username (or email) and password if they remember it or request a magic link if they don’t.

The Plugin Automatically Adds a Magic Link Button to the Login Screen

If there is a valid account on your website for the username or email address entered, then the user will receive an email with a link to log in.

The link will work for 5 minutes and then expire. If you need, you can change the link’s lifespan in the plugin’s settings, as we show below.

Note: If you or your users did not receive the email and it isn’t in your spam folder, then there may be a problem with your website’s email. You should take a look at our guide on how to fix the WordPress not sending email issue.

If there is no account on your website with the username or email address that was entered, then an error message will be displayed instead.

An Error Message Is Displayed if There Is No Account for the Username or Email Address

Configuring the Magic Link Plugin

You can configure the Magic Link plugin by visiting Settings » Magic Login in your admin sidebar.

This page contains all of the options for the plugin, including premium options that can be used by Pro users.

Magic Login Settings

The first option is called ‘Force Magic Login.’ When enabled, your users will not be given the option of signing in with a password.

They simply enter their username or email address and then click the ‘Send me the link’ button. A magic link will be emailed to their inbox.

The 'Force Magic Login' Setting Removes the Password From the Login Screen

Alternatively, you can use the shortcode [magic_login_form] to add a magic link login form to any page or widget. See our guide on how to add a shortcode in WordPress for details.

The second option is enabled by default and adds a magic login button to the standard login form. When this switch is toggled off, the magic link button is removed from that login form.

The next two options are related to security. By default, the Token Lifespan setting makes magic links expire after 5 minutes. We recommend keeping this setting short, but you could increase it to 10 or 20 minutes if your users have issues.

Magic Login Settings

The Token Validity setting is set to 1 by default. This means that each magic link will work for a single login. We recommend you keep this setting.

Next comes a feature called ‘Auto Login Links.’ When enabled, a magic link will be added to all emails sent out by WordPress, such as WooCommerce order confirmations, automated coupons, and comment notifications. The user will be logged in automatically when responding to the email.

After that comes a number of premium features for Pro users. These include:

  • Brute Force Protection
  • Login Request Throttling
  • IP Check
  • Domain Restriction
  • Email Subject
  • Email Content
  • Login Redirection

There is also a button for all users that will reset the tokens.

Magic Login Settings

Once you have finished configuring the plugin, make sure you click the ‘Update Settings’ button at the bottom of the page to store the settings.

Expert Guides on WordPress Login

Now that you know how to add passwordless login, you may like to see some other guides related to improving the WordPress login experience.

We hope this tutorial helped you learn how to add passwordless login in WordPress with magic links. You may also want to see our guide on how to get a free email domain or our expert pick of the best WordPress security plugins.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

8 CommentsLeave a Reply

  1. Syed Balkhi says

    Hey WPBeginner readers,
    Did you know you can win exciting prizes by commenting on WPBeginner?
    Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
    You can get more details about the contest from here.
    Start sharing your thoughts below to stand a chance to win!

  2. Mrteesurez says

    You said it is different from “temporarily login”, I have understood temporarily login, but I want to figure out this passwordless login, as I am seeing this one now, users will already be a registered users but forget his password then go for “send login link” and the link expired at one click ? Am I correct.

  3. Dennis Muthomi says

    I run an online store, and the statistic that 75% of users quit when they forget and need to reset their password might explain why my conversion rate for new prospects has been low.

    the hassle of creating a new password is likely causing shopping cart abandonment. I’ll definitely give the Magic Login plugin a try to see if implementing passwordless login improves things.

    thanks for sharing this valuable tip! seriously!!

  4. Jiří Vaněk says

    So my understanding is that this is basically a lot like the password reset link for a forgotten password? Just with the difference that the user does not have to change the password and just logs in using the link?

  5. Kim Nisbet says

    Hi I have setup the trail version and was wondering if I need to setup SMTP Mail as well? The link is coming into my email box, but I have used other plugins where they go to the Junk/Spam folder, which is what I am trying to avoid.

    • WPBeginner Support says

      There is no guarantee that an email will reach an inbox but adding SMTP would help as it lets the email provider know it is a more trustworthy source than a general email.


Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.