Skip to content

Magic Login

Magic Login adds passwordless sign-in: users request a link by email, then open it (or enter an optional one-time code / scan a QR) to log in. Configure wp-login integration, shortcode forms, rate limits, CAPTCHA, and activity from the dedicated Magic Login admin page.

  • Sends time-limited magic links by email (default expiry 15 minutes, range 5-60).
  • Optionally includes a QR code in the email and one-time code login.
  • Shows Magic Login on wp-login.php when Show on login is enabled (default on).
  • Embeds a form with shortcode [wp_powersuite_magic_login] - labels, colors, and optional CSS.
  • Restricts by role via Allowed roles (empty / all selected = all roles).
  • Optional registration mode when WordPress registration is open.
  • Rate-limits requests per IP and per email, plus code-attempt limits.
  • Bot defenses: honeypot (default on), optional Simple Captcha / Google reCAPTCHA / Cloudflare Turnstile (when those modules are enabled).
  • Optional WooCommerce login form integration and bypass 2FA (off by default).
  • Stores links in a custom table and shows an activity list on the admin page; optional stats column on Users.
  • Members or customers prefer email links over passwords.
  • You want a branded front-end login form via shortcode.
  • You need rate limits and CAPTCHA on passwordless requests.

After enabling the module, open WP PowerSuite -> Magic Login. An active license is required. Key options:

  • Show on login (show_on_login, default on)
  • Link expiry (minutes) (expiry_minutes, default 15, range 5-60)
  • Allowed roles (allowed_roles, default all)
  • Include QR code (include_qr_code, default on)
  • Enable code login (enable_code_login, default on)
  • Enable registration (enable_registration, default off) - requires WP registration to be on
  • Shortcode - copy [wp_powersuite_magic_login]; configure title, copy, button text, colors, shortcode_css, optional WooCommerce login form (woo_login_form)
  • Rate limits - e.g. IP max/window (defaults 5 / 5 min), email max/window (defaults 3 / 2 min), code attempt limits
  • Security - honeypot, CAPTCHA provider, AJAX submit, Bypass 2FA (bypass_2fa, default off)
  • Activity - searchable list of magic-link rows; optional Users column stats
  1. Go to WP PowerSuite -> Modules.
  2. Filter by Login & Users or search for “Magic Login”.
  3. Turn the module on.
  4. Open WP PowerSuite -> Magic Login and set expiry, roles, and security options.
  5. Confirm site email delivery (SMTP plugin or host mail).

Add this to any page, post, or widget:

[wp_powersuite_magic_login]

Customize labels and styles on the Magic Login admin page (Shortcode section).

  • On wp-login.php (or your custom login URL), request a link for a test user. ✅ Working: email arrives; opening the link signs you in before expiry.
  • ❌ Not working: no email - fix mail delivery; or check rate limits / allowed roles.

Place the shortcode on a draft page and submit from a private window. With code login on, enter the one-time code from the email / code screen. Confirm expired links fail after the expiry window.

  • No email. Check spam, SMTP, and that the address matches a user (unless registration mode applies).
  • “Too many requests.” You hit IP or email rate limits - wait for the window or raise limits carefully.
  • Role not allowed. Adjust Allowed roles.
  • CAPTCHA errors. Enable the matching captcha module and select it under CAPTCHA provider.
  • 2FA still required. Bypass 2FA is off by default (and needs the 2FA module available to enable).
How does Magic Login work?

The user enters their email, receives a time-limited magic link (and optionally a one-time code or QR), and is signed in when they use it. Links are stored in a custom database table and expire by default after 15 minutes.

Can I embed Magic Login on a page?

Yes. Use the shortcode [wp_powersuite_magic_login] on any page, post, or widget. Labels, colors, and optional custom CSS are configurable on the Magic Login admin page.

Does Magic Login bypass two-factor authentication?

Only if you enable Bypass 2FA and the Two-Factor Authentication module is available. It is off by default.

Where do I configure Magic Login?

From the dedicated Magic Login admin page under WP PowerSuite after you enable the module. Settings are not in a small gear modal.

Developer notes (hooks & filters)

Source: modules/magic-login/module.php, modules/magic-login/admin.php, modules/magic-login/includes/class-link-repository.php. Boots on the critical tier. Requires an active license. has_advanced_settings: false · has_custom_page: true.

Admin: submenu powersuite-magic-login.

Storage: table {$wpdb->prefix}wpps_magic_links. Cleanup cron wpps_magic_links_cleanup.

Shortcode: wp_powersuite_magic_login.

Login actions: wpps_ml, wpps_ml_code, verify/register handlers. AJAX: wpps_request_magic_link, wpps_verify_magic_code. Honeypot field wpps_ml_company.

Filters / actions (examples): wp_powersuite_magic_login_is_default_login_screen, wp_powersuite_magic_login_user_registered, wp_mail placeholder filter for email tokens / QR CID.