The Passwordless Login Settings
Enable Passwordless Login
Enable Passwordless Login to bypass the password and Two-Factor requirements upon login. The Passwordless Login email contains a special login that redirects to the WordPress login page. The email will be sent to the email address shown in your user profile.
Passwordless Login Per-User Availability
By default, the passwordless login method is enabled for all users. Changing the default to select users individually will require every user to enable the method manually if they are not selected.
Allow Two-Factor Bypass for Passwordless Login
The allow Two-Factor bypass option will give selected users the option to disable Two-Factor authentication when using the passwordless login method. Note: Users should only bypass Two-Factor authentication if they have also enabled Two-Factor authentication for the email account that will receive the Passwordless Login Link.
Passwordless Login Flow
Choose what screen users see first in the passwordless login flow. The User First screen will request the username or email address used for the account. The Method First option allows you to choose between the traditional and Passwordless Login methods before entering a username or email address.
User First Screen
Method First Screen
Configuring iThemes Passwordless Logins
To start using PasswordlessLlogins, you must first enable the iThemes Security Pro Magic Links module. To enable the Lockout Bypass feature you must first go to Security> Settings> Magic Links and enable the Magic Links Module. Once Magic Links are enabled, the Lockout Bypass option will allow you to login while your username or IP has been locked out.
- The Enable For setting allows you to choose if you would like to select All Users, Non-Privileged Users or select which user roles will be allowed to use the login method manually.
- Set the Passwordless Login Per-User Availability to Enabled by Default
By default, all user roles will be able to use Passwordless Login. Change Passwordless Login Per-User Availability to “Disabled” if you prefer to have users opt-in to use Passwordless Login on their individual profiles.
- Configure the Disable Two-Factor Bypass for Passwordless Login requirement to All Users to add the option in the WordPress user profile to bypass Two-Factor Authentication when using Passwordless Login. You can also change this method to Non-Privileged Users, Select Roles Manually or No One.
Note: Users should only bypass Two-Factor Authentication if they have enabled Two-Factor Authentication on the email account that will receive the Magic Login Link.
- Set the Passwordless Login Flow to Username First to allow users to enter their username or email address first before selecting the login method.
Enabling Passwordless Logins From The User Profile Page
Setting the Passwordless Login Per-User Availability to Disabled by Default will allow each person to decide whether or not to allow Passwordless Logins for their user.
After Passwordless Logins are enabled, the next time someone logs in they will see they have a new login method available to use.
If Passwordless Logins are set to be enabled on a per-user basis, the person logging in will see an error message after clicking the Send button. The error message will inform the user that they must first enable Passwordless Logins prior to using the login method.
To enable Passwordless Logins, navigate to your User Profile page after logging in. Then click the checkbox to the right of the Enable Passwordless Login option.
Using the Passwordless Login Method
Now that we have enabled the Magic Link Login, it is time to take it for a test drive. The first thing we see on our login page is a place to enter our username or email address. Enter your username and then click the Continue button.
On the next screen, click the Email Magic Link button to send the email containing the Passwordless Login link.
You will now see a message confirming the email has been sent.
In your email inbox open the Magic Link email and the Login Now button. If the email does not come to your inbox, you will need to check your spam or trash to see if the email was accidentally rerouted.
If you have previously enabled Two-Factor authentication, you will be asked if you want to Enable or Disable Two-Factor Authentication when using the Passwordless Login method.
If you choose to disable Two-Factor Authentication when using Passwordless Logins, you will now be able to log into your WordPress dashboard without entering a password or Two-Factor code.
Enable Passwordless Logins for WooCommerce
You also have the ability to add the Passwordless Login feature to your WooCommerce login. To enable this feature, simply scroll to the bottom of the module and you will see the option to enable Passwordless Login for WooCommerce Login.
After you enable WooCommerce and save the settings, you will then see a Passwordless Login link on your WooCommerce cart login.
To enable guest checkout on your WooCommerce plugin navigate to WooCommerce> Settings> Accounts and Privacy and click the checkbox to Allow customers to place orders without an account. If you uncheck the Allow customers to place orders without an account box, this will force users to create an account when they buy from your WooCommerce store.
Enable Passwordless Login on Custom Pages
You can add this code into your theme templates to enable Passwordless Login for specific pages.
ITSEC_Passwordless_Login_Utilities::render_modal_link()