Are you looking to add a passwordless login system to your website, such as magic links?
This will allow your users to log in to your WordPress website without needing to remember a password. They will simply click on a link that is sent to their email inbox to gain access to the site and their account.
In this article, we will show you how to add a passwordless login in WordPress with magic links.
What Is Passwordless Login?
You use passwords to keep our WordPress websites secure. By requiring each user to enter a username and password when logging in, you keep unauthorized users from visiting sensitive areas of your websites.
But passwords are hard to create and remember, and they can cause security issues. For example, users may make weak passwords that can be easily guessed or use the same password on multiple sites.
They may also be costing you money. 75% of users quit when they forget and need to reset their password, and 30% of customers abandon their shopping carts when prompted to create a password. Password problems also place a burden on your support team.
Luckily, there are a number of ways you can improve password security on your site. You can force your users to use strong passwords and change their passwords regularly. We also recommend you use a password manager to securely manage your passwords.
However, you may wish to avoid passwords altogether. A passwordless login system allows your users to log in to your website without entering a password.
What Are Magic Links?
Magic links are the most common method of passwordless login.
When logging in to your WordPress website, a user is asked for their username or email address. Next, a special link is sent to that email address, and the user just has to click on the link to be taken to your website and automatically logged in.
This form of passwordless login is secure because the link can only be used once and will expire after a certain number of minutes. Also, the link can only be found in the user’s email account, which confirms that the user is who they say they are.
This is different from a temporary login link that you would give to a plugin developer or security expert who needs to run tests on your website. In that case, the login solution is only temporary, and an email address does not need to be entered each time.
With that being said, let’s take a look at how to add a passwordless login in WordPress with Magic links.
If you’d prefer written instructions, then just keep reading.
How to Add Passwordless Login in WordPress With Magic Links
Note: In this tutorial, we will use the free plugin. There is also a Magic Login Pro plan that adds support and additional features such as brute force protection, login redirection, and the ability to customize the emails sent.
Upon activation, the plugin will automatically add a ‘Send me the login link’ button to your standard login screen. This will let your users sign in using their username (or email) and password if they remember it or request a magic link if they don’t.
If there is a valid account on your website for the username or email address entered, then the user will receive an email with a link to log in.
The link will work for 5 minutes and then expire. If you need, you can change the link’s lifespan in the plugin’s settings, as we show below.
Note: If you or your users did not receive the email and it isn’t in your spam folder, then there may be a problem with your website’s email. You should take a look at our guide on how to fix the WordPress not sending email issue.
If there is no account on your website with the username or email address that was entered, then an error message will be displayed instead.
Configuring the Magic Link Plugin
You can configure the Magic Link plugin by visiting Settings » Magic Login in your admin sidebar.
This page contains all of the options for the plugin, including premium options that can be used by Pro users.
The first option is called ‘Force Magic Login.’ When enabled, your users will not be given the option of signing in with a password.
They simply enter their username or email address and then click the ‘Send me the link’ button. A magic link will be emailed to their inbox.
Alternatively, you can use the shortcode
[magic_login_form] to add a magic link login form to any page or widget. See our guide on how to add a shortcode in WordPress for details.
The second option is enabled by default and adds a magic login button to the standard login form. When this switch is toggled off, the magic link button is removed from that login form.
The next two options are related to security. By default, the Token Lifespan setting makes magic links expire after 5 minutes. We recommend keeping this setting short, but you could increase it to 10 or 20 minutes if your users have issues.
The Token Validity setting is set to 1 by default. This means that each magic link will work for a single login. We recommend you keep this setting.
Next comes a feature called ‘Auto Login Links.’ When enabled, a magic link will be added to all emails sent out by WordPress, such as WooCommerce order confirmations, automated coupons, and comment notifications. The user will be logged in automatically when responding to the email.
After that comes a number of premium features for Pro users. These include:
- Brute Force Protection
- Login Request Throttling
- IP Check
- Domain Restriction
- Email Subject
- Email Content
- Login Redirection
There is also a button for all users that will reset the tokens.
Once you have finished configuring the plugin, make sure you click the ‘Update Settings’ button at the bottom of the page to store the settings.
We hope this tutorial helped you learn how to add passwordless login in WordPress with magic links. You may also want to see our guide on how to get a free email domain or our expert pick of the best WordPress security plugins.