It’s a feature that provides an easy, secure, and passwordless way for users to authenticate on your WordPress website. Instead of relying on traditional username-password combinations, it uses a “magic link” technique.

The magic link is a secure method provided to the user that contains a token, which can act as a substitute for the password. To prevent malicious receipt of these magic links, most platforms necessitate some form of device registration.

After the user’s device or browser is authenticated, they can proceed to enter their username or email address at sign-on to receive this magic link. This link, generated by the authentication server, is embedded in a URL and sent to the user, who then has a limited time to use it before it expires, similar to a one-time password.

Despite the convenience of the magic link, users still have the option to revert to using a static password, which can also be used as a backup for recovery.

Pre-requisites

Download and install: Hide My WP Ghost Advanced Pack

Once Hide My WP Ghost Advanced Pack is installed, activate the feature from Hide My WP > Overview > Features

User Interaction

When a user wants to log in, visits the login page on your WordPress site. If the feature is active, the button “Login using a magic link appears” as an option.

Instead of entering their username and password, they click on “Login using a magic link” and provide their email address (which is already registered into the website).

Magic Link Generation

After submitting their email address, the system generates a unique magic link associated with that email. This link is sent directly to the user’s email inbox.

Use SMTP Mailer!

In order to send the email, you need to have a valid emailing system on your website. Use a SMTP Mailer plugin to make sure the emails are sent.

Email Delivery

The user receives an email containing the magic link.

The email typically includes a message like: “Click on this magic link to log in to your account.”

Authentication

The user clicks on the magic link in their email.

This action automatically authenticates them and grants access to their WordPress dashboard.

No password input is required!

Benefits

No Passwords: Users don’t need to remember or manage passwords.
No Resets: There’s no need for password resets.
No Strength Requirements: Password complexity rules become irrelevant.

Security Considerations

Magic links are secure because they are unique and destroyed after use.
They expire after a certain period (usually an hour) if unused.
Users must have access to their email account to use the link.
Works together with Brute Force protection and Two-factor authentication (2FA) for more security.

Magic Link Login simplifies the login process, enhances security, and eliminates the need for passwords. It’s a convenient and user-friendly way to access your WordPress dashboard!

Integrations

By default, when Magic Link Login is activated, the administrator has the option to send a login link by email to any user from the list of users. To create and send a magic link, simply click on “Send magic login link” from the user row actions and Hide My WP Ghost will send the link to the user email.

Note! The magic link is valid for 1 hour.

Magic Link Login is compatible with the WooCommerce login page. This means that users can conveniently log in without the need for a password.

They simply need to enter their username or email address, and a magic link will be sent to them.

First you need to activate the Woocommerce Magic Link from Hide My WP > Overview > Features

Once the feature is activated, the magic link option will appear on the WooCommerce Login page.

Troubleshooting

Customization

To customize the email subject and message, you can add this code in the theme functions.php

add_filter('hmwp_unique_login_subject', function($subject){
  return "Your Magic Login URL";
}, 1);

add_filter('hmwp_unique_login_message', function($message, $url){
  return sprintf( "Click on this magic link %s to log in to your account.", PHP_EOL . PHP_EOL . $url . PHP_EOL . PHP_EOL) ;
}, 2);

Errors

The server was unable to send the email: the error message is triggered when there is no SMTP plugin installed on your website or is not configured correctly. Make sure you can send emails with your websites and try again.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

What Is Magic Link Login?

How does Magic Link Login work?