What is Magic Link Login?
It’s a feature that provides an easy, secure, and passwordless way for users to authenticate on your WordPress website. Instead of relying on traditional username-password combinations, it uses a “magic link” technique.
The magic link is a secure method provided to the user that contains a token, which can act as a substitute for the password. To prevent malicious receipt of these magic links, most platforms necessitate some form of device registration.
After the user’s device or browser is authenticated, they can enter their username or email address at sign-on to receive this magic link. This link, generated by the authentication server, is embedded in a URL and sent to the user, who has a limited time to use it before it expires, similar to a one-time password.
Despite the convenience of the magic link, users still have the option to revert to using a static password, which can also be used as a backup for recovery.
How to Use Magic Link Login with WP Ghost
Download and install: WP Ghost Advanced Pack
Activate Magic Link Login
Once WP Ghost Advanced Pack is installed, activate the feature from WP Ghost > Overview > Features
User Interaction
When a user wants to log in, visits the login page on your WordPress site. If the feature is active, the button “Login using a magic link appears” as an option.
Instead of entering their username and password, they click on “Login using a magic link” and provide their email address (which is already registered into the website).
Magic Link Generation
After submitting their email address, the system generates a unique magic link associated with that email. This link is sent directly to the user’s email inbox.
Use SMTP Mailer! To send the email, you need to have a valid emailing system on your website. Use an SMTP Mailer plugin to make sure the emails are sent.
Email Delivery
The user receives an email containing the magic link.
The email typically includes a message like: “Click on this magic link to log in to your account.”
Authentication
The user clicks on the magic link in their email.
This action automatically authenticates them and grants access to their WordPress dashboard.
No password input is required!
Benefits:
- No Passwords: Users don’t need to remember or manage passwords.
- No Resets: There’s no need for password resets.
- No Strength Requirements: Password complexity rules become irrelevant.
Security Considerations
- Magic links are secure because they are unique and destroyed after use.
- They expire after a certain period (usually an hour) if unused.
- Users must have access to their email account to use the link.
- Works together with Brute Force protection and Two-factor authentication (2FA) for more security.
Magic Link Login simplifies the login process, enhances security, and eliminates the need for passwords. It’s a convenient and user-friendly way to access your WordPress dashboard!
Integrations
All Users Section
By default, when Magic Link Login is activated, the administrator has the option to send a login link by email to any user from the list of users. To create and send a magic link, simply click on “Send magic login link” from the user row actions and WP Ghost will send the link to the user’s email.
Note! The magic link is valid for 1 hour.
Woocommerce Login
Magic Link Login is compatible with the WooCommerce login page. This means that users can conveniently log in without the need for a password.
They simply need to enter their username or email address, and a magic link will be sent to them.
First you need to activate the Woocommerce Magic Link from Hide My WP > Overview > Features
Once the feature is activated, the magic link option will appear on the WooCommerce Login page.
Customization
To customize the email subject and message, you can add this code in the theme functions.php
add_filter('hmwp_unique_login_subject', function($subject){
return "Your Magic Login URL";
}, 1);add_filter('hmwp_unique_login_message', function($message, $url){
return sprintf( "Click on this magic link %s to log in to your account.", PHP_EOL . PHP_EOL . $url . PHP_EOL . PHP_EOL) ;
}, 2);Troubleshooting
The server was unable to send the email: the error message is triggered when there is no SMTP plugin installed on your website or is not configured correctly. Make sure you can send emails with your websites and try again.
