Description
Elevation Magic Link Login allows your users to sign in without remembering a password. By simply entering their username or email address, they receive a secure, time-sensitive link via email that logs them in instantly.
This plugin is built with security as a priority, utilizing WordPress best practices such as nonces, input sanitization, output escaping, hashed tokens, and HMAC signatures to ensure your site and users remain protected.
Features
Adds a “Send Me a Magic Link” button to the default WP login form.
New: Toggle-based UI that hides the password field when requesting a link for a cleaner experience.
Secure, high-entropy token generation.
Tokens are hashed before storage for maximum security.
Cross-device support: Uses stateless HMAC signatures to validate links even if opened on a different device than requested.
One-time use links that expire after 15 minutes (filterable).
No-password fallback for users who forget their credentials.
Lightweight and developer-friendly.
Filterable redirect URL after successful login.
Installation
Upload the elevation-magic-link-login folder to the /wp-content/plugins/ directory.
Activate the plugin through the ‘Plugins’ menu in WordPress.
Your login page will now display the Magic Link button.
FAQ
-
How long do links stay valid?
-
By default, links expire after 15 minutes. Developers can change this using the emll_token_expiration filter.
-
Does this replace the standard password login?
-
No, it adds a secondary option. Users can still log in using their standard username and password.
-
How can I change the redirect URL?
-
You can use the emll_login_redirect filter in your theme’s functions.php. Example:
add_filter(’emll_login_redirect’, function($url, $user) { return home_url(‘/welcome’); }, 10, 2);
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Elevation Magic Link Login” is open source software. The following people have contributed to this plugin.
Contributors
Translate “Elevation Magic Link Login” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.2.2
Improved UI: The “Send Magic Link” button now toggles the form view, hiding the password field and showing a specific email submission button.
Added “Back to Password Login” link for better usability.
1.2.1
Security Update: Implemented Stateless HMAC Signature verification. This validates the link origin while allowing users to request on one device and login on another.
Fix: Replaced raw script tags with wp_add_inline_script for better WordPress standard compliance.
1.2
Added emll_login_redirect filter for custom redirect URLs.
Documentation updates.
1.1
Added hashed token storage.
Improved security checks for user identification.
Added CSRF protection via nonces.
1.0
Initial release.