Описание
Elevation Magic Link Login allows your users to sign in without remembering a password. By simply entering their username or email address, they receive a secure, time-sensitive link via email that logs them in instantly.
This plugin is built with security as a priority, utilizing WordPress best practices such as nonces, input sanitization, output escaping, hashed tokens, and HMAC signatures to ensure your site and users remain protected.
Features
Adds a «Send Me a Magic Link» button to the default WP login form.
New: Toggle-based UI that hides the password field when requesting a link for a cleaner experience.
Secure, high-entropy token generation.
Tokens are hashed before storage for maximum security.
Cross-device support: Uses stateless HMAC signatures to validate links even if opened on a different device than requested.
One-time use links that expire after 15 minutes (filterable).
No-password fallback for users who forget their credentials.
Lightweight and developer-friendly.
Filterable redirect URL after successful login.
Установка
Upload the elevation-magic-link-login folder to the /wp-content/plugins/ directory.
Activate the plugin through the ‘Plugins’ menu in WordPress.
Your login page will now display the Magic Link button.
Часто задаваемые вопросы
-
How long do links stay valid?
-
By default, links expire after 15 minutes. Developers can change this using the emll_token_expiration filter.
-
Does this replace the standard password login?
-
No, it adds a secondary option. Users can still log in using their standard username and password.
-
How can I change the redirect URL?
-
You can use the emll_login_redirect filter in your theme’s functions.php. Example:
add_filter(’emll_login_redirect’, function($url, $user) { return home_url(‘/welcome’); }, 10, 2);
Отзывы
Нет отзывов об этом плагине.
Участники и разработчики
«Elevation Magic Link Login» — проект с открытым исходным кодом. В развитие плагина внесли свой вклад следующие участники:
Участники
Перевести «Elevation Magic Link Login» на ваш язык.
Заинтересованы в разработке?
Посмотрите код, проверьте SVN репозиторий, или подпишитесь на журнал разработки по RSS.
Журнал изменений
1.2.2
Improved UI: The «Send Magic Link» button now toggles the form view, hiding the password field and showing a specific email submission button.
Added «Back to Password Login» link for better usability.
1.2.1
Security Update: Implemented Stateless HMAC Signature verification. This validates the link origin while allowing users to request on one device and login on another.
Fix: Replaced raw script tags with wp_add_inline_script for better WordPress standard compliance.
1.2
Added emll_login_redirect filter for custom redirect URLs.
Documentation updates.
1.1
Added hashed token storage.
Improved security checks for user identification.
Added CSRF protection via nonces.
1.0
Initial release.