Our readers often complain about endless password reset requests and frustrated users getting locked out of their accounts. Many of them turn to a secure and user-friendly login alternative: passwordless authentication using magic links.
Your users simply enter their email address, click a button, and a unique login link is delivered straight to their inbox. They never need to memorize passwords or struggle with two-factor authentication. They now have a simple and secure way to access your WordPress site.
In this article, we will show you how to add a password login in WordPress with magic links, giving a smoother, more enjoyable login experience for your users.
What Is Passwordless Login?
You use passwords to keep our WordPress websites secure. By requiring each user to enter a username and password when logging in, you keep unauthorized users from visiting sensitive areas of your websites.
This is especially important if you have a website where users need to log in regularly, such as a multi-author site, membership site, or online store.
But passwords are hard to create and remember, and they can cause security issues. For example, users may make weak passwords that can be easily guessed or use the same password on multiple sites.
They may also be costing you money. 75% of users quit when they forget and need to reset their password, and 30% of customers abandon their shopping carts when prompted to create a password. Password problems also place a burden on your support team.
Luckily, there are a number of ways you can improve password security on your site. You can force your users to use strong passwords and change their passwords regularly. We also recommend you use a password manager to securely manage your passwords.
However, you may wish to avoid passwords altogether. A passwordless login system allows your users to log in to your website without entering a password.
What Are Magic Links?
Magic links are the most common method of passwordless login.
When logging in to your WordPress website, a user is asked for their username or email address. Next, a special link is sent to that email address, and the user just has to click on the link to be taken to your website and automatically logged in.
This form of passwordless login is secure because the link can only be used once and will expire after a certain number of minutes. Also, the link can only be found in the user’s email account, which confirms that the user is who they say they are.
This is different from a temporary login link that you would give to a plugin developer or security expert who needs to run tests on your website. In that case, the login solution is only temporary, and an email address does not need to be entered each time.
With that being said, let’s take a look at how to add a passwordless login in WordPress with Magic links.
Video Tutorial
If you’d prefer written instructions, then just keep reading.
How to Add Passwordless Login in WordPress With Magic Links
The first thing you need to do is install the Magic Login plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.
Note: In this tutorial, we will use the free plugin. There is also a Magic Login Pro plan that adds support and additional features such as brute force protection, login redirection, and the ability to customize the emails sent.
Upon activation, the plugin will automatically add a ‘Send me the login link’ button to your standard login screen. This will let your users sign in using their username (or email) and password if they remember it or request a magic link if they don’t.
If there is a valid account on your website for the username or email address entered, then the user will receive an email with a link to log in.
The link will work for 5 minutes and then expire. If you need, you can change the link’s lifespan in the plugin’s settings, as we show below.
Note: If you or your users did not receive the email and it isn’t in your spam folder, then there may be a problem with your website’s email. You should take a look at our guide on how to fix the WordPress not sending email issue.
If there is no account on your website with the username or email address that was entered, then an error message will be displayed instead.
Configuring the Magic Link Plugin
You can configure the Magic Link plugin by visiting Settings » Magic Login in your admin sidebar.
This page contains all of the options for the plugin, including premium options that can be used by Pro users.
The first option is called ‘Force Magic Login.’ When enabled, your users will not be given the option of signing in with a password.
They simply enter their username or email address and then click the ‘Send me the link’ button. A magic link will be emailed to their inbox.
Alternatively, you can use the shortcode [magic_login_form] to add a magic link login form to any page or widget. See our guide on how to add a shortcode in WordPress for details.
The second option is enabled by default and adds a magic login button to the standard login form. When this switch is toggled off, the magic link button is removed from that login form.
The next two options are related to security. By default, the Token Lifespan setting makes magic links expire after 5 minutes. We recommend keeping this setting short, but you could increase it to 10 or 20 minutes if your users have issues.
The Token Validity setting is set to 1 by default. This means that each magic link will work for a single login. We recommend you keep this setting.
Next comes a feature called ‘Auto Login Links.’ When enabled, a magic link will be added to all emails sent out by WordPress, such as WooCommerce order confirmations, automated coupons, and comment notifications. The user will be logged in automatically when responding to the email.
After that comes a number of premium features for Pro users. These include:
- Brute Force Protection
- Login Request Throttling
- IP Check
- Domain Restriction
- Email Subject
- Email Content
- Login Redirection
There is also a button for all users that will reset the tokens.
Once you have finished configuring the plugin, make sure you click the ‘Update Settings’ button at the bottom of the page to store the settings.
Expert Guides on WordPress Login
We hope this tutorial helped you learn how to add passwordless login in WordPress with magic links. You may want to see some other guides on improving the WordPress login experience:
- How to Create a Custom WordPress Login Page (Ultimate Guide)
- How to Add One-Click Login With Google in WordPress
- How to Add CAPTCHA in WordPress Login and Registration Form
- How to Add Two-Factor Authentication in WordPress (Free Method)
- How to Add Security Questions to the WordPress Login Screen
- How and Why You Should Limit Login Attempts in WordPress
- How to Redirect Users After Successful Login in WordPress
- How to Remove the Login Shake Effect in WordPress (Updated)
- How to Add a Custom Login URL in WordPress (Step by Step)
- Best WordPress Login Page Plugins (Secure & Customizable)
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Mrteesurez
You said it is different from “temporarily login”, I have understood temporarily login, but I want to figure out this passwordless login, as I am seeing this one now, users will already be a registered users but forget his password then go for “send login link” and the link expired at one click ? Am I correct.
WPBeginner Support
That is correct
Admin
Dennis Muthomi
I run an online store, and the statistic that 75% of users quit when they forget and need to reset their password might explain why my conversion rate for new prospects has been low.
the hassle of creating a new password is likely causing shopping cart abandonment. I’ll definitely give the Magic Login plugin a try to see if implementing passwordless login improves things.
thanks for sharing this valuable tip! seriously!!
Mrteesurez
Thanks for the insight! I can totally relate to this issue. I have never thought a password reset frustrations could be a significant factor in cart abandonment. Implementing the Magic Login plugin for a passwordless login experience sounds like a game-changer. I’m eager to try it out too. Thanks for sharing this valuable tip, it’s seriously something that could make a big difference for many of us!
Jiří Vaněk
So my understanding is that this is basically a lot like the password reset link for a forgotten password? Just with the difference that the user does not have to change the password and just logs in using the link?
WPBeginner Support
Correct!
Admin
Jiří Vaněk
Thank you for confirming my assumption. This system is very useful to me, and it’s great that I came across this excellent guide. I will save it because I have needed this function more than once and have dealt with it in a completely different way.
Kim Nisbet
Hi I have setup the trail version and was wondering if I need to setup SMTP Mail as well? The link is coming into my email box, but I have used other plugins where they go to the Junk/Spam folder, which is what I am trying to avoid.
WPBeginner Support
There is no guarantee that an email will reach an inbox but adding SMTP would help as it lets the email provider know it is a more trustworthy source than a general email.
Admin