Magic Login – Passwordless Authentication for WordPress Plugin
Passwordless login for WordPress. Streamline the login process by sending magic links to your users.
Easy, secure, and passwordless authentication for WordPress.
Streamline the login process by sending links to your users. No more passwords to remember, no more password resets, and no more password strength requirements.
Learn more about Magic Login
How does it work? 🪄
Magic login uses a technique called “magic links”. The magic link is a unique link sent directly to your email inbox which allows you to authenticate.
Auto Login: Magic Login also supports auto-login links for outgoing emails. It’s useful when pending action from a user, such as reply a comment, complete the checkout, etc..
PRO Features 🎩
Here are the premium features that come with Magic Login Pro:
- Registration: Enable easy user registration directly from the login form or with a shortcode. Learn more.
- CLI Command: Use WP-CLI to create login links.
- Brute Force Protection: Limit rate of login attempts and block IP temporarily.
- Login request throttling: Limit login link generation for a certain period.
- IP Check: Enhance the security by restricting users to log in from the same IP address that requested the link.
- Domain Restriction: Allow only certain domains to use the magic link.
- Login Email Customization: Customize login message by using email placeholders.
- Login Redirect: Redirect users to a specific page right after login. You can also redirect different pages based on the user role.
- WooCommerce Integration: Seamless checkout experience for returning customers. Learn more.
- reCAPTCHA Integration: Safeguard your login and registration forms from spam with Google reCAPTCHA. Learn more.
- Cloudflare Turnstile Integration: Enhance spam protection for your login and registration forms using Cloudflare Turnstile. Learn more.
- API Support: Integrate Magic Login with your custom applications using the REST API.
By upgrading to Magic Login Pro you also get access to one-on-one help from our knowledgeable support team and our extensive documentation site.
Learn more about Magic Login Pro
Documentation
Our documentation can be found on https://handyplugins.co/docs-category/magic-login-pro/
Contributing & Bug Report
Bug reports and pull requests are welcome on Github. Some of our features are pro only, please consider before sending PR.
If you like Magic Login, then consider checking out our other projects:
Installation
Manual Installation
- Upload the entire
/magic-login
directory to the /wp-content/plugins/
directory. - Activate Magic Login through the ‘Plugins’ menu in WordPress.
Screenshots
Login Page
Settings Page
Login Email
Login Block
FAQ
What is passwordless authentication? Passwordless authentication is an authentication method in which a user can log in to a computer system without entering (and remembering) a password.
Are the magic links secure? Yes! In fact, we thought this is more secure than the regular login due to most of the users are using weak passwords. Since magic login generates a random token for a limited time frame it makes the links quite strong and secure.
When do login links expire? It expires in 5 minutes by default. You can change TTL under the “Token Lifespan” on the settings page. Enter “0” to disable automatic expiration.
Why am I not getting login links? Magic Login uses WordPress built-in mail functions. So, it depends on your configuration. We highly recommend to use an SMTP service for better email delivery.
How can I use a passwordless login form on any page? You can use [magic_login_form]
shortcode or block. Learn More.
Why are users redirected back to the page where they added the magic login form via shortcode? This behavior occurs because the magic login form is designed to use the current page as the target redirection URL by default. It’s a way to ensure a smooth user experience by bringing users back to the page they started from.
However, if you wish to alter this behavior, you can easily do so by passing an empty redirect_to=”” parameter within the shortcode. Learn More.
Changelog
2.3 (July 10, 2024)
- [Added] REST API option to UI.
- [Added] Passing
magic_login_form
to shortcode_attr for better customization. - [Updated] Dependency updates.
- Tested with WP 6.6
- Learn more about the new features: Magic Login 2.3
2.2 (May 29, 2024)
- [Added] Settings UI update with reflecting new PRO features.
- [Added] Custom events for AJAX requests.
- [Added] New filter
magic_login_token_ttl_by_user
to customize TTL for users. - [Added] New filter
magic_login_error_message
to customize error messages. - [Improved] Form styles.
- [Refactored] Improved settings page UI.
- [Refactored] Enhanced class autoloading.
- [Updated] Dependency updates.
- Learn more about the new features: Magic Login Pro 2.2
2.1.3 (April 19, 2024)
- Improvements on uninstallation process.
2.1.2 (April 08, 2024)
- Fix auto-login link when the recipient is specified in an array format.
- Dependency updates.
2.1.1 (March 13, 2024)
- Tested with WP 6.5
- Dependency updates.
2.1 (February 13, 2024)
- Updated settings page with PRO features.
- Added new attributes for shortcode; it’s more flexible than ever. Learn More
- Fix: Encode the redirect_to parameter in the login link. (Better nG firewall compatibility)
- Dependency updates.
2.0.1 (January 15, 2024)
- Fix German language that breaks auto-login links.
- Dependency updates.
2.0 (November 07, 2023)
- Add {{MAGIC_LINK}} support to all outgoing emails that received by a single user.
- Add new placeholder supports: {{FIRST_NAME}}, {{LAST_NAME}}, {{FULL_NAME}}, {{DISPLAY_NAME}}, {{USER_EMAIL}}
- Add ajax spinner to the login form.
- Dependency updates.
- Minor tweaks on settings form.
1.9.1 (October 26, 2023)
- Added French translation.
- Dependency updates.
- Fix deprecated variable format.
- Tested with WP 6.4
1.9 (July 25, 2023)
- Added: AJAX support for login requests.
- Bumped PHP requirement to 7.2+
- Small tweaks and improvements.
- Tested with WP 6.3
1.8.1 (May 15, 2023)
- Added: Styling for two-factor plugin.
- Minor UI changes.
- Small tweaks and improvements.
- Tested with WP 6.2
1.8 (February 18, 2023)
- New feature: Token Validity – allows to specify how many times a token can be used.
- Improvements on the default login screen
- i18n improvements
- Added: German translation.
- Added: Autocomplete support.
- Added: New token
{{TOKEN_VALIDITY_COUNT}}
to customize email content.
1.7 (January 21, 2023)
- PHP 8.1: fix deprecated ‘FILTER_SANITIZE_STRING’
- UI/UX improvements on default login screen
- i18n improvements. Props @emreerkan
- Fix: standard wordpress redirect functionality. Props @maartenhunink
- Fix: Skip the auto-login link for the magic login itself.
- Fix: Send email only once.
1.6 (October 26, 2022)
- New feature: Auto Login Links
1.5.2 (September 27, 2022)
- Bug fix: token validation
1.5.1 (September 26, 2022)
- Fixed: redirection issue.
- Minor UI updates.
- Small tweaks and improvements.
- Tested with WP 6.1
1.5 (September 12, 2022)
- Fixed: save tokens hashed in DB. Props @snicco
- Added: username-only mode. define
MAGIC_LOGIN_USERNAME_ONLY
in the config file to use it. - Email improvements: Check email contents before converting line breaks to
<br/>
tags. - Small tweaks and improvements.
1.3 (April 19, 2022)
- Tested with WP 6.0
- UI updates.
- Fire
wp_login
hook as WP Core does on successful login. - Add new filter:
magic_login_email_headers
. - Fix email title html escaping.
- Small tweaks and improvements.
1.2.2
- Tested with WP 5.9
- Update Shared UI
- Fix compatibility issue with TML plugin
- Add redirection cancellation option to the login block.
- Check
logged-in
while saving the settings - Small tweaks and improvements.
1.2.1
- New: Integrate with the standard login form.
- Fix: Enqueue admin assets on the settings page only.
- Allow login block only once for a post.
- Small tweaks and improvements.
1.2
- New: Magic Login Block – It’s much easier to add and customize the login form in the block editor.
- Customizable token intervals added. (removed 1-60 minutes restriction)
- New placeholder added: {{EXPIRES_WITH_INTERVAL}} to display TTL with the interval.
- Updated Shared UI
- Improved documentation on settings page.
- New: Show an error message when the user doesn’t exist.
- New filter: Added
magic_login_invalid_token_error_message
to customize error message.
1.1.3
- Fix: Scheduled expired token cleanup
1.1.2
- Update Shared UI
- Shortcode
magic_login_form
now supports redirect_to
attribute - fix: don’t display login form if the user already logged-in
1.1.1
- Hotfix: return shortcode output instead of printing
1.1
- Tested with WP 5.8
- Shortcode
magic_login_form
support added! - fix: make sure
deactivate_plugins
exists when manually switching versions
1.0.3
- Update Shared UI
- fix: add text-domain for missing strings
1.0.2
- Update Shared UI
- Tested with WP 5.7
1.0.1
1.0