How to Set Up Passwordless Login Authentication in WordPress

Do you want to set up Passwordless login in authentication in your WordPress site?

If yes then in this tutorial we have shared 2 ways in which you can do this easily.

As the name suggests, Passwordless login in WordPress is a contemporary authentication method that eliminates the need for traditional passwords.

Instead of relying on memorized credentials (username or email and passwords), users gain access through alternative means such as magic links, biometrics like Face ID, Touch ID, Windows Hello, WebAuthn or any passkey their device supports.

This approach enhances user convenience, mitigates the risks associated with password-based vulnerabilities, and aligns with evolving security practices.

Keeping this in mind, in this tutorial we will show you how to set up Passwordless Login in WordPress.

Requirements for Passwordless authentication in WordPress

As a WordPress user, you are already familiar with the fact that, you or registered users of your site can only login to your website using the traditional email or username and password combination.

Other than that, you exclusively have a second way to login and that is through the web hosting dashboard of your site.

Both these methods have issues associated with them such as

• Weak passwords can lead to security compromises.
• Too many passwords to remember and manage.
• Not the recommended way to login (through hosting dashboard).

And more.

To help solve all these problems you can add Passwordless login to your WordPress site and this can be easily done by using Solid Security plugin.

Solid Security is an all-in-one WordPress security plugin and it comes with features such as

• Brute Force Protection
• 2FA
• Firewall powered by Patchstack
• Failed Login Attempts
• File Change Detection
• Force SSL
• Password policies
• Security Scanning
• reCAPTCHA
• Trusted Devices

And more.

This plugin has nearly a million active installations with 3300 + five star ratings.

We have been using Solid Security on our sites for a while now and it is on our must-have list.

To setup passwordless authentication in WordPress, you only need this plugin and other than that your WordPress blog or website has to be up to date.

Solid Security Plans

Now that you know the plugin that we will be using for WordPress passwordless login is Solid Security, the next topic that we will be discussing is its pricing.

Solid Security plugin offers multiple plans depending on the number of sites you want to use it on.

Along with this, SolidWP offers a Solid Suite which include all of its plugins such as

• Solid Security
• Solid Backups
• Solid Central

If you are looking a suite a foundational plugins to boost the security of your site then Solid Suite is for you.

Also, if you site is hosted on Nexcess then Solid Security Pro is included in the all plans and in this case you just have to install the plugin and validate its licensing.

Below we listed all the Solid Security plans followed by what’s included and using our SPECIAL LINK you will get a discount.

• 1 site- $99
• 5 sites- $199
• 10 sites- $299
• 25 sites- $399
• 50 sites- $499
• 50+ sites- Contact SolidWP

What’s included

• Brute Force Protection
• Security Scanning
• Firewall
• Enforce Strong Password
• Ban Users
• Two-Factor Authentication
• Trusted Devices
• Passkeys
• Magic Link
• Automatic Patching
• Captcha Integration

And more

Steps to Set Up Passwordless login in WordPress

As discussed above, there are 2 ways using which you can add Passwordless Login authentication in WordPress and in this tutorial we have discussed both.

Out of the two which are

• Magic Links
• Passkeys

We prefer using Passkeys as it is a passwordless authentication method that requires credential(s) that is unique to you and it further eliminates the use of email hardening the login security of your WordPress site.

Keeping this in mind below are the steps

Install and Activate Solid Security Plugin

Assuming that you have an active Solid Security subscription, to set up Passwordless login in WordPress, you need to download and install the plugin and activate its license

For downloading Solid Security plugin you need to login to your SolidWP member panel. You can do this by visiting SolidWP and then clicking Sign In on the homepage.

Doing this will take you to the SolidWP login page and here you will have to enter your credentials to login.

Once inside, you have to head over to the Downloads page and then search for Solid Security. 

In the next step you need to click the Download button in front for Solid Security Pro and it will download the plugin.

Once you are done till here, the next step is to install Solid Security pro plugin in WordPress.

For this, you need to login to your WordPress dashboard and click Add New Plugin under Plugins in the sidebar.

Clicking Add New, will take you to the built in plugin repository where you will have to click the Upload Plugin button on top.

When you will click Upload plugin, it will show you an option to upload the Solid Security Pro zip file that you have just downloaded.

Please Note– Recently iThemes Security was re-branded to SolidWP and as of now the plugin folders still have the legacy name.

And once done, you need to click Install Now and then activate.

On successfully installing and activating Solid Security plugin, the next step is to validate its license.

For this you will have to navigate to Settings in your WordPress dashboard sidebar and click SolidWP licensing.

Here you are required to enter your SolidWP membership panel credentials for validation.

Visit Features in Solid Security

After you are done activating, the next step is to visit Features in Solid Security Settings.

For this you need to click Settings under Security in your WordPress dashboard sidebar.

Doing this will show you all the Solid Security plugin settings and here you will have to click Features.

Enable Passwordless Authentication feature

On clicking Features, it will show you all the Login Security features and here you will have to scroll down till you find the Passwordless login option.

In the next step, you need to click the toggle to enable Passwordless Login feature in WordPress.

And once done, it will show you all the related options and settings.

Passwordless login using Magic Link

To use Magic Link Login authentication in WordPress, all you have to do is check if Magic Link option is selected under available authentication methods

Please Note: Magic Link option is enabled by default when you activate Passwordless login feature in Solid Security plugin and is active for all users registered on your site.

This means after activating this feature, if anyone will login, they will see the Magic Link authentication option on the WordPress Login page.

And on clicking this button, you will receive an email from Magic Link like the one below for authentication purposes.

As you can see, there is a Log in Now button that you can click and it will take you to your WordPress dashboard.

Other than this, if you are not receiving Magic Link emails then you will have to fix WordPress not sending email issue.

And that’s it you now known how to add passwordless authentication using Magic Link in WordPress.

Passwordless login using Passkeys

To add Passkeys Login authentication in WordPress, the first step is to check if the Passkeys option is enabled in features.

You will find this option at the very end

In the next step you need to select Passkeys option in Passwordless login settings in Features.

Please Note– Passkeys option is enabled by default in Solid Security Pro plugin and in case the Passkeys option is missing then most likely it is disabled in features.

In case you want to make Passkey authentication a requirement then you can do that by selecting Required in the Passkey User verification option

On doing this, the user will have to go through a multi-factor authentication before logging in to the WordPress website. This will further boost the security.

Once you are done till here, the next step is to head over your Profile in WordPress admin where you will find the option to setup Passkey at the very bottom.

Here you are required to click Setup Passkeys button button and a popup will appear where you will have to select if you want to use a USB security key or a Passkey.

You need to select Add Passkey here and it will show you 2 options to create a Passkey

• Windows Hello or external security key
• Use Phone or Tablet

Here we will be selecting Windows Hello or external security key and a request will be generated by browser to authenticate using the Windows Hello Pin or Biometrics (only if your device supports it and you have it set up).

Once done, it will ask you add a name for the Passkey.

After selecting a name you need to click Done and it will show you a success message where you have to click Complete Registration.

It is important to know that you can view and manage registered passkeys under Passwordless Login when viewing your profile.

And this is how you add Passwordless authentication to your WordPress website using Passkeys.

Before we move forward, it is important to know that if you want users to opt-in to the Passwordless Login feature then you will have to select Disabled by default under Per-User availability.

And on doing so, users will see a new option to Enable Passwordless Login when viewing their Profile in WordPress dashboard

This option will be disabled and the user will have to activate it.

Personally speaking we recommend that you keep this feature enabled by default.

Another thing that you have to know here is that, if you want the Passwordless login feature for only a certain user group then you can do so by visiting User Groups in Solid Security settings and it will show you all the user groups.

Here you will have to select the user group and then activate or deactivate as per your requirements.

For example, if you want to disable Passwordless login for Subscribers user group then you will have to select Subscribers and deactivate the Passwordless feature.

And that’s it you now know how to add Passwordless login in WordPress

Check if Passwordless Login in WordPress is Working

To check if Passwordless Login is working, the first step is to log out of your WordPress dashboard and doing this will show you a new login page with the option to choose between Email Magic Link and your Passkey authentication options.

Please Note– This will only be the case if you have activated both the passwordless methods. In case you have enable only one of the ways then that is the only option you will see

Passwordless Login with Magic Link

To check if Passwordless authentication with Magic Link is working, you need to click Email Magic Link and it will ask you to enter your username or email address.

This email address or username is required to locate and authenticate your account. 

After adding the required credentials, you need to click Email Magic Link and it will show you a confirmation message that the email has been sent to your registered email address.

In the next step you need to open your email address and look for an email from Magic Link. See the below screenshot for reference.

You need to open this email and it will contain an authentication login link that you can click and enter your WordPress dashboard.

And that’s it passwordless login is working perfectly on your site using Magic Link.

Passwordless Login with Passkey

To check if Passwordless authentication with Passkeys is working, you need to click Use Your Passkey button and it will ask you enter your email address or username.

This credential is required to verify if you account or profile exists. In other words if you are a registered user on the website or not.

In the next step you need to click Use Your Passkey and it will ask you authenticate using the registered passkey.

We have registered our Windows Hello Pin as the Passkey and hence we are required to enter it for validation.

In case you have registered your Biometrics such as Face ID or Touch ID then it will show you the option for Biometric Authentication instead of Pin.

Here as soon as your will validate using your Passkey, it will authenticate and redirect you to your WordPress dashboard.

And that’s it, passwordless login is working perfectly on your WordPress website using Passkeys.

FAQ on WordPress Passwordless login

What is Passwordless Login

Passwordless login in WordPress eliminates traditional passwords, offering users alternative authentication methods.

Common approaches include magic links sent via email, allowing users to log in by clicking a unique link, or passkeys which is enabling authentication through biometrics like Face ID, Touch ID, Windows Hello, or any passkey that users device supports.

This enhances security and simplifies the user login experience.

Personally speaking we have activated both Magic Links and Passkeys for most of our sites.

Out of the two we prefer using Passkey as that is something that eliminates the use of email address all together and is personalize to us.

What are the benefits of Passwordless authentication in WordPress

There are quite a few benefits of Passwordless login in WordPress. Below we have listed a few

• Enhanced Security: Passwordless login reduces the risk of password-related vulnerabilities, such as brute force attacks and password leaks.
• User Convenience: Users can log in seamlessly without the need to remember and manage passwords, improving the overall user experience.
• Reduced Password Fatigue: Eliminating the need for passwords reduces the cognitive load on users, alleviating the fatigue associated with remembering and updating passwords.
• Protection Against Phishing: Passwordless methods, like magic links, are less susceptible to phishing attacks compared to traditional password-based logins.
• Multi-Factor Authentication (MFA): Passwordless login often integrates well with multi-factor authentication, providing an additional layer of security.
• Reduced Support Overhead: Fewer password-related issues can lead to a decrease in support requests, saving time and resources for website administrators.

How is Passwordless Login different from Two-Factor authentication

Login Credentials

When it comes to using Passwordless authentication, you only need email address for verifying your registration on a site and receiving magic link email. On the other hand in two-factor authentication you need both email and password on top a temporary code.

Dual Layer of Security

As the name suggests, Two factor authentication requires you validate your credentials twice. The first one is your email or username and password and the second one is the temporary code generated by the connected mobile application. This is not the case with Passwordless login as you have to authenticate once

Quick and Convenient

Passwordless authentication is quick as you just have to click the Magic Link that you will receive through email or have to use the registered passkey such as Face ID, Touch ID, Windows Hello Pin or any other Passkey that your device supports. On the other hand, with Two Factor authentication, you have to first validate using your WordPress login credentials and then use a temporary code to login. This makes the process complicated and lengthy.

These are some major difference between Two-Factor authentication and Passwordless Login. Out of the two we prefer using the Passwordless authentication as it is quick and removes the use password.

We recommend that you choose any of the 2 methods for further improving the security of your WordPress site and you can use Solid Security WordPress plugin for it.

Using Solid Security you can add both Passwordless login and two-factor authentication in WordPress.

Which is the best plugin to add Passwordless login in WordPress

There are quite a few WordPress plugins available that let you set up and use the Passwordless login feature.

And out if these our choice of Passwordless login plugin is Solid Security.

Solid Security is a a robust WordPress security plugin that protects your WordPress website from a wide variety of security threats.

This plugin is packed with features such as

• Brute Force Protection
• Security Scanning
• Firewall
• Enforce Strong Password
• Ban Users
• Two-Factor Authentication
• Trusted Devices
• Passkeys
• Magic Link
• Automatic Patching
• Captcha Integration

And more

Solid Security is trusted by over 900,000 sites and is recommended by experts in industry including us.

If you are looking for an all-in-one security plugin for your site then solid security is for you.

Which passwordless authentication method is preferred by us

We prefer using Passkeys for Passwordless login authentication in WordPress as it eliminates the use of email address further boosting the security of your site.

On top of this, the Passkey that you have set is completely unique to you and is hard to replicate.

Having said that,

I hope you will find this tutorial helpful and are able to set up Passwordless authentication to your WordPress site.

In case you have any queries, feel free to get in touch.

To stay up to date with our content, we recommend you subscribe to our YouTube channel and email list.

Also, don’t forget to join our Facebook group.