Looking for an easy way to set up WordPress passwordless login?
A world without passwords. Would it be chaos? Or would it actually be more secure? Considering many people create weak passwords and end up forgetting them anyway, passwordless authentication and login processes are becoming more common.
In this post, we’ll discuss passwordless authentication in a little more detail.
Then, we’ll show you step-by-step how to set up passwordless login on WordPress using a free plugin.
What is passwordless authentication? Is it right for you?
Passwordless authentication is a method of security authentication that typically offers a faster login process than standard authentication options.
Two-factor authentication sends an app message, email, or SMS notification to verify that the person logging into your WordPress site is a legitimate user.
It’s not perfect, but a hacker would have to steal your phone or get into your email account to brute force attack your WordPress login form. Essentially, this is much harder for them to do than simply trying to guess passwords.
What’s with the passwordless login though?
Many two-factor authentication methods still require you to type in your password, a randomly generated code, or both.
This lengthens the process of logging into your own website, and it could lock out users who can’t remember passwords or who deleted the two-factor authentication app.
A passwordless authentication sends a link to a phone number or email address that’s previously verified. The user clicks on the link for an automatic login to the WordPress site.
There’s no need to remember their password, but your site still gets the security benefit of two-factor authentication.
How to add passwordless authentication to your WordPress site
You can find several plugins to help you set up WordPress passwordless login.
For this tutorial, we’ll use the Passwordless Login plugin, since it has quality reviews and receives consistent updates. Not to mention, the plugin is free–compared to most similar plugins requiring payment.
1. Install the Passwordless Login plugin
To get started, install and activate the Passwordless Login plugin from WordPress.org.
2. Copy passwordless login shortcode
Next, go to Users > Passwordless Login. This brings you to the only configuration page in the plugin.
The page includes a shortcode to generate your passwordless login form. That’s it.
Not only is this incredibly easy to understand, but you’re not required to generate the shortcodes yourself.
To move forward, copy the shortcode to your clipboard.
3. Create a dedicated login page
The Passwordless Login plugin doesn’t replace your existing
wp-login.php page. Instead, you’ll need to create a completely new page for your passwordless login.
If you want, you can change the URL for your existing login page so that people can’t easily access it.
So, create a new WordPress page to proceed.
Then, go through the blocks search tool to find the Shortcode block. You can do this by typing in the search bar or scrolling through the many blocks.
Select the Shortcode block to insert it into your page:
Paste the shortcode from the plugin’s settings into the block’s field.
Feel free to add any other instructional text above or below the login form. After that, click the Publish button.
4. Test your new login page
Now, it’s important to copy/remember that new login page URL.
Click on the View Page button to see how the passwordless authentication works.
All the user has to know is their username or email address associated with the account.
They would type in that information, then click on the Log In button.
The plugin displays the following message as an alternative to forcing users to enter their passwords.
It asks you to check your email, where you’ll find a link.
Go to your email inbox to locate that message. Click the link to automatically get logged into the website!
Some people may love this type of login, but it does add that extra step of looking at your email. However, you no longer have to remember the password!
Adding a passwordless login form to other parts of your website
An advantage of using a plugin like Passwordless Login is that you receive a shortcode to implement the passwordless login form. Therefore, you’re not limited to only placing the form on a page.
You can use shortcodes elsewhere on your website. For instance, you may want to insert the form in a widget.
Widgets are more flexible as to where they show up, and you can put them in sidebars, headers, or footers that appear on every single page of your website.
To add the shortcode in a widget, copy that shortcode from the previous method. If you don’t remember, you can access the shortcode by going to Users > Passwordless Login.
Click on Appearance > Widgets in your WordPress dashboard.
Under Available Widgets, drag a Text widget under the footer or sidebar area of your choice. Add a Title, switch to the Text editor, paste in the shortcode, then click Save.
That passwordless login form should now appear in your footer or sidebar, or wherever you put the widget. Just make sure to log out of your account to see the form.
Other passwordless authentication plugins
We like the passwordless authentication plugin in the tutorial above because it’s free, has quality reviews, and most importantly, it works really well. During our tests, the Passwordless Login plugin takes one step to install, and even a beginner could figure out how to configure the few settings. There weren’t nearly as many questions about setup as there were with some of the other plugins tested.
Regardless, other plugins provide passwordless authentication and login forms. Most of them are premium solutions. The good thing about that is you receive premium support and there are often many other features included as well.
Here are other passwordless login plugins to consider:
- iThemes Security Pro – This plugin is a full security suite, eliminating the need for multiple security plugins. It includes a powerful passwordless authentication feature and many other tools for brute force detection, database backups, and blacklisting.
- Loginizer – Passwordless authentication is a premium feature in the Loginizer plugin. It sends a temporary link to your email address for logging in. Some other features include login challenge questions, reCAPTCHA, auto-blacklisting, and more.
- Digits – WordPress Signup and Login – Here’s an affordable premium plugin that has a mobile number signup form for a secure and less tedious login process. It’s super simple and works with many plugins and most themes.
- Google Authenticator by MiniOrange – This plugin offers that standard Google Authenticator feature for two-factor authentication. It includes the passwordless login option for free, and you get a myriad of other security tools like brute force blocking and user monitoring.
- Trusona for WordPress – Here’s another free plugin with passwordless authentication. It’s a basic plugin like the one we used in our tutorial. The main difference is that you have the option to include QR code scanning for logins.
Start using WordPress passwordless login today
Adding a passwordless authentication module in a post, page, or widget is an excellent way to secure your site and cut out tedious and unsafe passwords.
With the free Passwordless Login plugin, you can easily add this type of login anywhere on your WordPress site.
For some other ways to secure your WordPress login process, check out our tutorials on:
Still have any questions about WordPress passwordless login or if it’s right for your website? Ask us in the comments!