iThemes Security Passwordless Logins

The Passwordless Login Settings


Enable Lockout Bypass

When enabled, this option will allow you to login while your username or IP has been locked out.

Enable Passwordless Login

Enable to start using the passwordless login method.

Passwordless Login Per-User Availability

By default, the passwordless login method is enabled for all users. Changing the default to disabled for all users will require every user to enable the method manually.

Allow Two-Factor Bypass for Passwordless Login

The allow two-factor bypass option will give selected users the option to disable two-factor authentication when using the passwordless login method. Note: Users should only bypass two-factor authentication if they have also enabled two-factor authentication for the email account that will receive the Passwordless Login Link. 

Passwordless Login Flow

Choose what screen users see first in the passwordless login flow.

User First Screen 

Magic Link Username

Method First Screen

Magic Link Method First Screen

Configuring iThemes Passwordless Logins

To start using passwordless logins, enable the iThemes Security Pro Magic Links settings.

In the Magic Links settings, using the Enable Passwordless Login select which user roles will be allowed to use the login method.

Set the Passwordless Login Per-User Availability to Enabled by Default.

Configure the Disable Two-Factor Bypass for Passwordless Login requirement to None, to allow all users to bypass two-factor authentication.

Set the Passwordless Login Flow to User First to allow users to send the Magic Link email in two steps.

Note: Users should only bypass Two-Factor Authentication if they have enabled 2fa on the email account that will receive the Magic Login Link.

Enabling Passwordless Logins From The User Profile Page

Setting the Passwordless Login Per-User Availability to Disabled by Default will allow each person to decide whether or not to allow passwordless logins for their user. 

After passwordless logins are enabled, the next time someone logs in they will see they have a new login method available to use.


If passwordless logins are set to be enabled on a per-user basis, the person logging in will see an error message after click the Send button. The error message will inform the user that they must first enable Passwordless Logins prior to using the login method.


To enable Passwordless logins, navigate to your User Profile page after logging in. Then click the checkbox to the right of the Enable Passwordless Login option.


Using the Passwordless Login Method

Now that we have enabled the Magic Login, it is time to take it for a test drive. The first thing we see on our login page is a place to enter our username or password. Enter your username and then click the Continue button.

Magic Link Username

On the next screen, click the Email Magic Button to send the email containing the passwordless login link.

Email Magic Link

You will now see a message confirming the email has been sent.

Passwordless Login Check Email

In your email inbox open the Magic Link email and the Login Now button.

Passwordless Login Email

If you have previously enabled two-factor authentication, you will be asked if you want to Enable or Disable two-factor when using the passwordless login method.

Passwordless Login 2FA Choice

If you choose to disable two-factor when using passwordless logins, you will now be able to log into your WordPress dashboard without entering a password or two-factor code.


Enable Passwordless Logins for WooCommerce 


You also have the ability to add the Passwordless Login feature to your WooCommerce login. To enable this feature, simply scroll to the bottom of the module and you will see the option to enable Passwordless Login for WooCommerce Login. 


After you enable WooCommerce and save the settings, you will then see a Passwordless Login link on your WooCommerce cart login. 



To enable guest checkout on your WooCommerce plugin navigate to WooCommerce> Settings> Accounts and Privacy and checkbox Allow customers to place orders without an account. If you uncheck the Allow customers to place orders without an account box, this will force users to create an account when they buy from your WooCommerce store.

Have more questions? Submit a request
Powered by Zendesk