Method for logging into a WordPress website via passwordless random email link

Naiba believes that wherever passwords are involved, there will always be cases of forgetting them. For example,WordPress Password Forgotten_Three Methods to Recover the Administrator PasswordThe plugin introduced in this article allows you to no longer need to remember a password; you only need WordPress to send you an email with a login link to access the website without a password.

Passwordless Login to WordPress

Plugin Introduction

The plugin that enables passwordless login for WordPress is calledPasswordless Login. It is a freeWordPress PluginPlugin, and its workflow is as follows:

• When a user attempts to log in to your website, instead of asking for a password, we only request their username or email.
• The plugin creates a temporary authorization token for them to log in, and the login link will expire after 10 minutes.
• Then, we send an email to the user containing the link and token.
• The user clicks the link, and the authorization code is sent to your server.
• The plugin then checks if the code is valid and creates a login session in the WordPress Cookie, thereby successfully authenticating the user.

Download Link

Plugin usage method

After downloading and installing Passwordless Login, you can invoke it using the shortcode [passwordless-login]. It can be inserted into Posts or Widgets. However, using Passwordless Login has a prerequisite: your server's email system must be functioning properly. Typically, most servers cannot send emails directly and require SMTP for sending. You can refer to this article:Recommended WordPress SMTP Email Plugins I Have UsedAdditionally, this plugin does not replace WordPress's default login functionality; both login methods can coexist. However, you can consider hiding the WordPress Admin Dashboard login address to enforce login via email link. Refer to the article:Hide WordPress Admin Login URL to Enhance Security with WPS Hide Login

Why Use Passwordless Login for WP

The main reason for using email links for passwordless login to WordPress is to enhance website security, especially for sites with multiple authors or users. We know that most people use simple passwords or the same password across multiple websites. While you might maintain password security yourself, other users on your site may not proactively set a secure password for your site. By implementing the email-based passwordless login described in this article, you can enforce improved security for WordPress. After using this Passwordless Login plugin, if someone wants to steal a user's password to log in, they would need to:

1. Guess the username or email
2. Steal the target's email account (and do so within ten minutes)

Which Websites Are Suitable for Passwordless Login

Passwordless login is not suitable for WordPress websites with a very large user base, as your emails might be flagged as spam, or you might exceed sending limits, preventing users from receiving the email and logging in.Passwordless login is suitable for use on corporate websites. Because the vast majority of corporate employees do not prioritize website security (since they are just employees), administrators can set a complex password when creating an account for staff, then hide the real Admin Dashboard login address, forcing the use of email link login. (After all, the email is their own, so security should still be considered.)