View Categories

Magic Link Login

1 min read

The Magic Link feature enhances your site’s security by enabling passwordless authentication. Instead of remembering complex passwords, users can log in via a secure, single-use link sent directly to their email address. This eliminates the risk of password-related vulnerabilities like brute-force attacks or credential stuffing.

How Magic Link Login Works

  1. The user enters their email on the WordPress login page.
  2. The system generates and sends a secure, single-use link to that email.
  3. Clicking the link automatically authenticates and logs the user into the site.
  4. For added security, these links expire after a pre-configured amount of time.

Configuration Settings

  • Enable Magic Link Login: Toggle this switch to allow users to log in using secure email links.
  • Link Expiration Time: Use the dropdown to define how long the magic link remains valid after being sent (e.g., 10 minutes).
  • Enabled for Roles: Select specific user roles authorized to use passwordless login. You can use the Select All or Remove All buttons for quick selection. If left empty, the feature will be available for all user roles.

Security & Rate Limiting

To prevent abuse of the passwordless login system, you can configure strict security protocols for how links are requested and used.

  • Rate Limiting: Set the maximum number of magic link requests allowed per email address every hour. This prevents malicious actors from spamming a user’s inbox with login requests.
  • IP Address Verification: When enabled, the magic link must be used from the same IP address that originally requested it. This adds a layer of protection against session hijacking.

Display Settings

Control where the magic link option appears on your site to ensure a seamless user experience.

  • Show on WordPress Login: Toggle this to display the magic link option directly on the default WordPress login page (wp-login.php).
  • Show on WooCommerce Login: If you are running an e-commerce store, enable this to add the magic link option to the WooCommerce “My Account” login form.
  • Require CAPTCHA: To prevent bot-driven link requests, enable this to require CAPTCHA verification (using your configured reCAPTCHA or Turnstile settings) before a link is sent.

Email Customization

You can fully personalize the email users receive when they request a login link:

  • Email Subject: Enter a custom subject line. Use [Site Name] to include your site title automatically.
  • Email Template: Customize the body of the email. You must include the following placeholders for the system to function correctly:
    • {user_name}: The name of the user.
    • {site_name}: Your website name.
    • {magic_link}: The unique URL the user clicks to log in.
    • {expiry_minutes}: The time remaining before the link expires.

Shortcode Available

You can place a magic link login form anywhere on your site using this shortcode: [ultimate_security_magic_login]

Updated on February 25, 2026

What are your Feelings

  • Happy
  • Normal
  • Sad

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top