Magic Login
Magic Login adds passwordless sign-in: users request a link by email, then open it (or enter an optional one-time code / scan a QR) to log in. Configure wp-login integration, shortcode forms, rate limits, CAPTCHA, and activity from the dedicated Magic Login admin page.
What it does
Section titled “What it does”- Sends time-limited magic links by email (default expiry 15 minutes, range 5-60).
- Optionally includes a QR code in the email and one-time code login.
- Shows Magic Login on
wp-login.phpwhen Show on login is enabled (default on). - Embeds a form with shortcode
[wp_powersuite_magic_login]- labels, colors, and optional CSS. - Restricts by role via Allowed roles (empty / all selected = all roles).
- Optional registration mode when WordPress registration is open.
- Rate-limits requests per IP and per email, plus code-attempt limits.
- Bot defenses: honeypot (default on), optional Simple Captcha / Google reCAPTCHA / Cloudflare Turnstile (when those modules are enabled).
- Optional WooCommerce login form integration and bypass 2FA (off by default).
- Stores links in a custom table and shows an activity list on the admin page; optional stats column on Users.
When to use it
Section titled “When to use it”- Members or customers prefer email links over passwords.
- You want a branded front-end login form via shortcode.
- You need rate limits and CAPTCHA on passwordless requests.
When not to use it
Section titled “When not to use it”Settings (Magic Login page)
Section titled “Settings (Magic Login page)”After enabling the module, open WP PowerSuite -> Magic Login. An active license is required. Key options:
- Show on login (
show_on_login, default on) - Link expiry (minutes) (
expiry_minutes, default 15, range 5-60) - Allowed roles (
allowed_roles, default all) - Include QR code (
include_qr_code, default on) - Enable code login (
enable_code_login, default on) - Enable registration (
enable_registration, default off) - requires WP registration to be on - Shortcode - copy
[wp_powersuite_magic_login]; configure title, copy, button text, colors,shortcode_css, optional WooCommerce login form (woo_login_form) - Rate limits - e.g. IP max/window (defaults 5 / 5 min), email max/window (defaults 3 / 2 min), code attempt limits
- Security - honeypot, CAPTCHA provider, AJAX submit, Bypass 2FA (
bypass_2fa, default off) - Activity - searchable list of magic-link rows; optional Users column stats
How to enable it
Section titled “How to enable it”- Go to WP PowerSuite -> Modules.
- Filter by Login & Users or search for “Magic Login”.
- Turn the module on.
- Open WP PowerSuite -> Magic Login and set expiry, roles, and security options.
- Confirm site email delivery (SMTP plugin or host mail).
How to use the shortcode
Section titled “How to use the shortcode”Add this to any page, post, or widget:
[wp_powersuite_magic_login]
Customize labels and styles on the Magic Login admin page (Shortcode section).
How to test it
Section titled “How to test it”- On
wp-login.php(or your custom login URL), request a link for a test user. ✅ Working: email arrives; opening the link signs you in before expiry. - ❌ Not working: no email - fix mail delivery; or check rate limits / allowed roles.
Place the shortcode on a draft page and submit from a private window. With code login on, enter the one-time code from the email / code screen. Confirm expired links fail after the expiry window.
Troubleshooting
Section titled “Troubleshooting”- No email. Check spam, SMTP, and that the address matches a user (unless registration mode applies).
- “Too many requests.” You hit IP or email rate limits - wait for the window or raise limits carefully.
- Role not allowed. Adjust Allowed roles.
- CAPTCHA errors. Enable the matching captcha module and select it under CAPTCHA provider.
- 2FA still required. Bypass 2FA is off by default (and needs the 2FA module available to enable).
How does Magic Login work?
The user enters their email, receives a time-limited magic link (and optionally a one-time code or QR), and is signed in when they use it. Links are stored in a custom database table and expire by default after 15 minutes.
Can I embed Magic Login on a page?
Yes. Use the shortcode [wp_powersuite_magic_login] on any page, post, or widget. Labels, colors, and optional custom CSS are configurable on the Magic Login admin page.
Does Magic Login bypass two-factor authentication?
Only if you enable Bypass 2FA and the Two-Factor Authentication module is available. It is off by default.
Where do I configure Magic Login?
From the dedicated Magic Login admin page under WP PowerSuite after you enable the module. Settings are not in a small gear modal.
Developer notes (hooks & filters)
Source: modules/magic-login/module.php, modules/magic-login/admin.php, modules/magic-login/includes/class-link-repository.php. Boots on the critical tier. Requires an active license. has_advanced_settings: false · has_custom_page: true.
Admin: submenu powersuite-magic-login.
Storage: table {$wpdb->prefix}wpps_magic_links. Cleanup cron wpps_magic_links_cleanup.
Shortcode: wp_powersuite_magic_login.
Login actions: wpps_ml, wpps_ml_code, verify/register handlers. AJAX: wpps_request_magic_link, wpps_verify_magic_code. Honeypot field wpps_ml_company.
Filters / actions (examples): wp_powersuite_magic_login_is_default_login_screen, wp_powersuite_magic_login_user_registered, wp_mail placeholder filter for email tokens / QR CID.