How to Set Up PasswordLess Authentication in WordPress

Do you want to set up Passwordless login in authentication in your WordPress site?

If yes then in this tutorial we have shared 2 ways in which you can do this easily.

As the name suggests, Passwordless login in WordPress is a contemporary authentication method that eliminates the need for traditional passwords.

Instead of relying on memorized credentials (username or email and passwords), users gain access through alternative means such as magic links, biometrics like Face ID, Touch ID, Windows Hello, WebAuthn or any passkey their device supports.

This approach enhances user convenience, mitigates the risks associated with password-based vulnerabilities, and aligns with evolving security practices.

Keeping this in mind, in this tutorial we will show you how to set up Passwordless Login in WordPress.

Requirements for Passwordless authentication in WordPress

As a WordPress user, you are already familiar with the fact that, you or registered users of your site can only login to your website using the traditional email or username and password combination.

Other than that, you exclusively have a second way to login and that is through the web hosting dashboard of your site.

Both these methods have issues associated with them such as

  • Weak passwords can lead to security compromises.
  • Too many passwords to remember and manage.
  • Not the recommended way to login (through hosting dashboard).

And more.

To help solve all these problems you can add Passwordless login to your WordPress site and this can be easily done by using Solid Security plugin.

Solid Security is an all-in-one WordPress security plugin and it comes with features such as

  • Brute Force Protection
  • 2FA
  • Firewall powered by Patchstack
  • Failed Login Attempts
  • File Change Detection
  • Force SSL
  • Password policies
  • Security Scanning
  • reCAPTCHA
  • Trusted Devices

And more.

This plugin has nearly a million active installations with 3300 + five star ratings.

Solid Security active installations
Solid Security active installations

We have been using Solid Security on our sites for a while now and it is on our must-have list.

To setup passwordless authentication in WordPress, you only need this plugin and other than that your WordPress blog or website has to be up to date.

Solid Security Plans

Now that you know the plugin that we will be using for WordPress passwordless login is Solid Security, the next topic that we will be discussing is its pricing.

Solid Security plugin offers multiple plans depending on the number of sites you want to use it on.

Along with this, SolidWP offers a Solid Suite which include all of its plugins such as

If you are looking a suite a foundational plugins to boost the security of your site then Solid Suite is for you.

Also, if you site is hosted on Nexcess then Solid Security Pro is included in the all plans and in this case you just have to install the plugin and validate its licensing.

Below we listed all the Solid Security plans followed by what’s included and using our SPECIAL LINK you will get a discount.

  • 1 site- $99
  • 5 sites- $199
  • 10 sites- $299
  • 25 sites- $399
  • 50 sites- $499
  • 50+ sites- Contact SolidWP
Solid Security pricing
Solid Security pricing

What’s included

  • Brute Force Protection
  • Security Scanning
  • Firewall
  • Enforce Strong Password
  • Ban Users
  • Two-Factor Authentication
  • Trusted Devices
  • Passkeys
  • Magic Link
  • Automatic Patching
  • Captcha Integration

And more

Steps to Set Up Passwordless login in WordPress

As discussed above, there are 2 ways using which you can add Passwordless Login authentication in WordPress and in this tutorial we have discussed both.

Out of the two which are

  • Magic Links
  • Passkeys

We prefer using Passkeys as it is a passwordless authentication method that requires credential(s) that is unique to you and it further eliminates the use of email hardening the login security of your WordPress site.

Keeping this in mind below are the steps

Install and Activate Solid Security Plugin

Assuming that you have an active Solid Security subscription, to set up Passwordless login in WordPress, you need to download and install the plugin and activate its license

For downloading Solid Security plugin you need to login to your SolidWP member panel. You can do this by visiting SolidWP and then clicking Sign In on the homepage.

SolidWP homepage
SolidWP homepage

Doing this will take you to the SolidWP login page and here you will have to enter your credentials to login.

SolidWP member panel login page
SolidWP member panel login page

Once inside, you have to head over to the Downloads page and then search for Solid Security. 

Downloads tab in SolidWP member panel
Downloads tab in SolidWP member panel

In the next step you need to click the Download button in front for Solid Security Pro and it will download the plugin.

Download Solid Security Pro plugin
Download Solid Security Pro plugin

Once you are done till here, the next step is to install Solid Security pro plugin in WordPress.

For this, you need to login to your WordPress dashboard and click Add New Plugin under Plugins in the sidebar.

Add New plugin in WordPress
Add New plugin in WordPress

Clicking Add New, will take you to the built in plugin repository where you will have to click the Upload Plugin button on top.

Upload Plugin option in WordPress
Upload Plugin option in WordPress

When you will click Upload plugin, it will show you an option to upload the Solid Security Pro zip file that you have just downloaded.

Install Solid Security Pro plugin
Install Solid Security Pro plugin

Please Note– Recently iThemes Security was re-branded to SolidWP and as of now the plugin folders still have the legacy name.

And once done, you need to click Install Now and then activate.

On successfully installing and activating Solid Security plugin, the next step is to validate its license.

For this you will have to navigate to Settings in your WordPress dashboard sidebar and click SolidWP licensing.

SolidWP licensing option in WordPress settings
SolidWP licensing option in WordPress settings

Here you are required to enter your SolidWP membership panel credentials for validation.

Use SolidWP credentials to validate license
Use SolidWP credentials to validate license

Visit Features in Solid Security

After you are done activating, the next step is to visit Features in Solid Security Settings.

For this you need to click Settings under Security in your WordPress dashboard sidebar.

Solid Security settings in WordPress dashboard
Solid Security settings in WordPress dashboard

Doing this will show you all the Solid Security plugin settings and here you will have to click Features.

Solid Security features tab in WordPress dashboard
Solid Security features tab in WordPress dashboard

Enable Passwordless Authentication feature

On clicking Features, it will show you all the Login Security features and here you will have to scroll down till you find the Passwordless login option.

Passwordless login option in Solid Security WordPress plugin
Passwordless login option in Solid Security WordPress plugin

In the next step, you need to click the toggle to enable Passwordless Login feature in WordPress.

Enable Passwordless login feature in Solid Security WordPress plugin
Enable Passwordless login feature in Solid Security WordPress plugin

And once done, it will show you all the related options and settings.

Passwordless login settings in Solid Security plugin
Passwordless login settings in Solid Security plugin

Passwordless login using Magic Link

To use Magic Link Login authentication in WordPress, all you have to do is check if Magic Link option is selected under available authentication methods

Enable Magic Link passwordless authentication feature in WordPress
Enable Magic Link passwordless authentication feature in WordPress

Please Note: Magic Link option is enabled by default when you activate Passwordless login feature in Solid Security plugin and is active for all users registered on your site.

This means after activating this feature, if anyone will login, they will see the Magic Link authentication option on the WordPress Login page.

Email Magic Link button on WordPress login page
Email Magic Link button on WordPress login page

And on clicking this button, you will receive an email from Magic Link like the one below for authentication purposes.

Magic Link email for Passwordless login in WordPress
Magic Link email for Passwordless login in WordPress

As you can see, there is a Log in Now button that you can click and it will take you to your WordPress dashboard.

Other than this, if you are not receiving Magic Link emails then you will have to fix WordPress not sending email issue.

And that’s it you now known how to add passwordless authentication using Magic Link in WordPress.

Passwordless login using Passkeys

To add Passkeys Login authentication in WordPress, the first step is to check if the Passkeys option is enabled in features.

You will find this option at the very end

Check if Passkeys feature is active in Solid Security WordPress plugin
Check if Passkeys feature is active in Solid Security WordPress plugin

In the next step you need to select Passkeys option in Passwordless login settings in Features.

Enable Passkeys passwordless authentication feature in WordPress
Enable Passkeys passwordless authentication feature in WordPress

Please Note– Passkeys option is enabled by default in Solid Security Pro plugin and in case the Passkeys option is missing then most likely it is disabled in features.

In case you want to make Passkey authentication a requirement then you can do that by selecting Required in the Passkey User verification option

Make Passkey Passwordless login authentication required in WordPress
Make Passkey Passwordless login authentication required in WordPress

On doing this, the user will have to go through a multi-factor authentication before logging in to the WordPress website. This will further boost the security.

Once you are done till here, the next step is to head over your Profile in WordPress admin where you will find the option to setup Passkey at the very bottom.

Setup passkeys for Passwordless login authentication in WordPress
Setup passkeys for Passwordless login authentication in WordPress

Here you are required to click Setup Passkeys button button and a popup will appear where you will have to select if you want to use a USB security key or a Passkey.

Setup Passkeys popup for Passwordless login authentication in WordPress
Setup Passkeys popup for Passwordless login authentication in WordPress

You need to select Add Passkey here and it will show you 2 options to create a Passkey

  • Windows Hello or external security key
  • Use Phone or Tablet
Create a Passkey for passwordless login authentication in WordPress
Create a Passkey for passwordless login authentication in WordPress

Here we will be selecting Windows Hello or external security key and a request will be generated by browser to authenticate using the Windows Hello Pin or Biometrics (only if your device supports it and you have it set up).

Add Windows Hello pin as a Passkey for Passwordless authentication in WordPress
Add Windows Hello pin as a Passkey for Passwordless authentication in WordPress

Once done, it will ask you add a name for the Passkey.

Select Passkey name for Passwordless authentication in WordPress
Select Passkey name for Passwordless authentication in WordPress

After selecting a name you need to click Done and it will show you a success message where you have to click Complete Registration.

Passkeys successfully setup for Passwordless login authentication in WordPress
Passkeys successfully setup for Passwordless login authentication in WordPress

It is important to know that you can view and manage registered passkeys under Passwordless Login when viewing your profile.

Registered Passkeys for Passwordless authentication in WordPress
Registered Passkeys for Passwordless authentication in WordPress

And this is how you add Passwordless authentication to your WordPress website using Passkeys.

Before we move forward, it is important to know that if you want users to opt-in to the Passwordless Login feature then you will have to select Disabled by default under Per-User availability.

Passwordless login featured disable for default for users in Solid Security WordPress plugin
Passwordless login featured disable for default for users in Solid Security WordPress plugin

And on doing so, users will see a new option to Enable Passwordless Login when viewing their Profile in WordPress dashboard

Option to opt-in to Passwordless login features for users in Solid Security WordPress plugin
Option to opt-in to Passwordless login features for users in Solid Security WordPress plugin

This option will be disabled and the user will have to activate it.

Personally speaking we recommend that you keep this feature enabled by default.

Another thing that you have to know here is that, if you want the Passwordless login feature for only a certain user group then you can do so by visiting User Groups in Solid Security settings and it will show you all the user groups.

User groups in Solid Security WordPress plugin
User groups in Solid Security WordPress plugin

Here you will have to select the user group and then activate or deactivate as per your requirements.

For example, if you want to disable Passwordless login for Subscribers user group then you will have to select Subscribers and deactivate the Passwordless feature.

And that’s it you now know how to add Passwordless login in WordPress

Check if Passwordless Login in WordPress is Working

To check if Passwordless Login is working, the first step is to log out of your WordPress dashboard and doing this will show you a new login page with the option to choose between Email Magic Link and your Passkey authentication options.

WordPress login page after activating Passwordless login
WordPress login page after activating Passwordless login

Please Note– This will only be the case if you have activated both the passwordless methods. In case you have enable only one of the ways then that is the only option you will see

Passwordless Login with Magic Link

To check if Passwordless authentication with Magic Link is working, you need to click Email Magic Link and it will ask you to enter your username or email address.

Add username for Passwordless login in WordPress using Magic Link
Add username for Passwordless login in WordPress using Magic Link

This email address or username is required to locate and authenticate your account. 

After adding the required credentials, you need to click Email Magic Link and it will show you a confirmation message that the email has been sent to your registered email address.

Confirmation for Magic Link email for Passwordless login in WordPress
Confirmation for Magic Link email for Passwordless login in WordPress

In the next step you need to open your email address and look for an email from Magic Link. See the below screenshot for reference.

Login Link email for Passwordless login in WordPress
Login Link email for Passwordless login in WordPress

You need to open this email and it will contain an authentication login link that you can click and enter your WordPress dashboard.

Magic Link email for Passwordless login in WordPress
Magic Link email for Passwordless login in WordPress

And that’s it passwordless login is working perfectly on your site using Magic Link.

Passwordless Login with Passkey

To check if Passwordless authentication with Passkeys is working, you need to click Use Your Passkey button and it will ask you enter your email address or username.

Add username for passowordless authentication in WordPress
Add username for passowordless authentication in WordPress

This credential is required to verify if you account or profile exists. In other words if you are a registered user on the website or not.

In the next step you need to click Use Your Passkey and it will ask you authenticate using the registered passkey.

Passkey authentication for Passwordless login in WordPress
Passkey authentication for Passwordless login in WordPress

We have registered our Windows Hello Pin as the Passkey and hence we are required to enter it for validation.

In case you have registered your Biometrics such as Face ID or Touch ID then it will show you the option for Biometric Authentication instead of Pin.

Here as soon as your will validate using your Passkey, it will authenticate and redirect you to your WordPress dashboard.

And that’s it, passwordless login is working perfectly on your WordPress website using Passkeys.

FAQ on WordPress Passwordless login

What is Passwordless Login

Passwordless login in WordPress eliminates traditional passwords, offering users alternative authentication methods.

Common approaches include magic links sent via email, allowing users to log in by clicking a unique link, or passkeys which is enabling authentication through biometrics like Face ID, Touch ID, Windows Hello, or any passkey that users device supports.

This enhances security and simplifies the user login experience.

Personally speaking we have activated both Magic Links and Passkeys for most of our sites.

Out of the two we prefer using Passkey as that is something that eliminates the use of email address all together and is personalize to us.

What are the benefits of Passwordless authentication in WordPress

There are quite a few benefits of Passwordless login in WordPress. Below we have listed a few

  • Enhanced Security: Passwordless login reduces the risk of password-related vulnerabilities, such as brute force attacks and password leaks.
  • User Convenience: Users can log in seamlessly without the need to remember and manage passwords, improving the overall user experience.
  • Reduced Password Fatigue: Eliminating the need for passwords reduces the cognitive load on users, alleviating the fatigue associated with remembering and updating passwords.
  • Protection Against Phishing: Passwordless methods, like magic links, are less susceptible to phishing attacks compared to traditional password-based logins.
  • Multi-Factor Authentication (MFA): Passwordless login often integrates well with multi-factor authentication, providing an additional layer of security.
  • Reduced Support Overhead: Fewer password-related issues can lead to a decrease in support requests, saving time and resources for website administrators.

How is Passwordless Login different from Two-Factor authentication

Login Credentials

When it comes to using Passwordless authentication, you only need email address for verifying your registration on a site and receiving magic link email. On the other hand in two-factor authentication you need both email and password on top a temporary code.

Dual Layer of Security

As the name suggests, Two factor authentication requires you validate your credentials twice. The first one is your email or username and password and the second one is the temporary code generated by the connected mobile application. This is not the case with Passwordless login as you have to authenticate once

Quick and Convenient

Passwordless authentication is quick as you just have to click the Magic Link that you will receive through email or have to use the registered passkey such as Face ID, Touch ID, Windows Hello Pin or any other Passkey that your device supports. On the other hand, with Two Factor authentication, you have to first validate using your WordPress login credentials and then use a temporary code to login. This makes the process complicated and lengthy.

These are some major difference between Two-Factor authentication and Passwordless Login. Out of the two we prefer using the Passwordless authentication as it is quick and removes the use password.

We recommend that you choose any of the 2 methods for further improving the security of your WordPress site and you can use Solid Security WordPress plugin for it.

Using Solid Security you can add both Passwordless login and two-factor authentication in WordPress.

Which is the best plugin to add Passwordless login in WordPress

There are quite a few WordPress plugins available that let you set up and use the Passwordless login feature.

And out if these our choice of Passwordless login plugin is Solid Security.

Solid Security is a a robust WordPress security plugin that protects your WordPress website from a wide variety of security threats.

This plugin is packed with features such as

  • Brute Force Protection
  • Security Scanning
  • Firewall
  • Enforce Strong Password
  • Ban Users
  • Two-Factor Authentication
  • Trusted Devices
  • Passkeys
  • Magic Link
  • Automatic Patching
  • Captcha Integration

And more

Solid Security is trusted by over 900,000 sites and is recommended by experts in industry including us.

If you are looking for an all-in-one security plugin for your site then solid security is for you.

Which passwordless authentication method is preferred by us

We prefer using Passkeys for Passwordless login authentication in WordPress as it eliminates the use of email address further boosting the security of your site.

On top of this, the Passkey that you have set is completely unique to you and is hard to replicate.

Having said that,

I hope you will find this tutorial helpful and are able to set up Passwordless authentication to your WordPress site.

In case you have any queries, feel free to get in touch.

To stay up to date with our content, we recommend you subscribe to our YouTube channel and email list.

Also, don’t forget to join our Facebook group.

Leave a Reply

Your email address will not be published. Required fields are marked *