iThemes Security Passwordless Logins

 

The Passwordless Login Settings

passwordless-login-settings.png

 

Enable Passwordless Login

Enable Passwordless Login to bypass the password and Two-Factor requirements upon login. The Passwordless Login email contains a special login that redirects to the WordPress login page. The email will be sent to the email address shown in your user profile. 

Passwordless Login Per-User Availability

By default, the passwordless login method is enabled for all users. Changing the default to select users individually will require every user to enable the method manually if they are not selected. 

Allow Two-Factor Bypass for Passwordless Login

The allow Two-Factor bypass option will give selected users the option to disable Two-Factor authentication when using the passwordless login method. Note: Users should only bypass Two-Factor authentication if they have also enabled Two-Factor authentication for the email account that will receive the Passwordless Login Link. 

Passwordless Login Flow

Choose what screen users see first in the passwordless login flow. The User First screen will request the username or email address used for the account. The Method First option allows you to choose between the traditional and Passwordless Login methods before entering a username or email address.

User First Screen 

Magic Link Username

Method First Screen

Magic Link Method First Screen

Configuring iThemes Passwordless Logins

To start using PasswordlessLlogins, you must first enable the iThemes Security Pro Magic Links module. To enable the Lockout Bypass feature you must first go to Security> Settings> Magic Links and enable the Magic Links Module. Once Magic Links are enabled, the Lockout Bypass option will allow you to login while your username or IP has been locked out.

Magic_Links_Lockout_Bypass.png

- The Enable For setting allows you to choose if you would like to select All Users, Non-Privileged Users or select which user roles will be allowed to use the login method manually.

- Set the Passwordless Login Per-User Availability to Enabled by Default

By default, all user roles will be able to use Passwordless Login. Change Passwordless Login Per-User Availability to “Disabled” if you prefer to have users opt-in to use Passwordless Login on their individual profiles.

- Configure the Disable Two-Factor Bypass for Passwordless Login requirement to All Users to add the option in the WordPress user profile to bypass Two-Factor Authentication when using Passwordless Login. You can also change this method to Non-Privileged Users, Select Roles Manually or No One. 

Note: Users should only bypass Two-Factor Authentication if they have enabled Two-Factor Authentication on the email account that will receive the Magic Login Link.

- Set the Passwordless Login Flow to Username First to allow users to enter their username or email address first before selecting the login method.

 

Enabling Passwordless Logins From The User Profile Page

Setting the Passwordless Login Per-User Availability to Disabled by Default will allow each person to decide whether or not to allow Passwordless Logins for their user. 

After Passwordless Logins are enabled, the next time someone logs in they will see they have a new login method available to use.

magic-link-login-prompt.png

If Passwordless Logins are set to be enabled on a per-user basis, the person logging in will see an error message after clicking the Send button. The error message will inform the user that they must first enable Passwordless Logins prior to using the login method.

passwordless-login-not-enabled.png

To enable Passwordless Logins, navigate to your User Profile page after logging in. Then click the checkbox to the right of the Enable Passwordless Login option.

passwordless-profile-settings.png

Using the Passwordless Login Method

Now that we have enabled the Magic Link Login, it is time to take it for a test drive. The first thing we see on our login page is a place to enter our username or email address. Enter your username and then click the Continue button.

Magic Link Username

On the next screen, click the Email Magic Link button to send the email containing the Passwordless Login link.

Email Magic Link

You will now see a message confirming the email has been sent.

Passwordless Login Check Email

In your email inbox open the Magic Link email and the Login Now button. If the email does not come to your inbox, you will need to check your spam or trash to see if the email was accidentally rerouted. 

Passwordless Login Email

If you have previously enabled Two-Factor authentication, you will be asked if you want to Enable or Disable Two-Factor Authentication when using the Passwordless Login method.

Passwordless Login 2FA Choice

If you choose to disable Two-Factor Authentication when using Passwordless Logins, you will now be able to log into your WordPress dashboard without entering a password or Two-Factor code.

 

Enable Passwordless Logins for WooCommerce 

3Enable_for_WooCommerce.png

You also have the ability to add the Passwordless Login feature to your WooCommerce login. To enable this feature, simply scroll to the bottom of the module and you will see the option to enable Passwordless Login for WooCommerce Login. 

PWL_Login_for_WooCommerce.png 

After you enable WooCommerce and save the settings, you will then see a Passwordless Login link on your WooCommerce cart login. 

 

Guest_Checkout_for_Woo.png

To enable guest checkout on your WooCommerce plugin navigate to WooCommerce> Settings> Accounts and Privacy and click the checkbox to Allow customers to place orders without an account. If you uncheck the Allow customers to place orders without an account box, this will force users to create an account when they buy from your WooCommerce store.

 

Enable Passwordless Login on Custom Pages

You can add this code into your theme templates to enable Passwordless Login for specific pages.

ITSEC_Passwordless_Login_Utilities::render_modal_link()

 

Powered by Zendesk