The easiest and most secure way to log in to your WordPress site is here! iThemes Security Pro just added biometric logins (like Face ID, Touch ID, and Windows Hello) and passkey technology supported by all major browsers, including Chrome, Firefox, and Safari, to use with your WordPress login. Now website admins and end users can have secure logins without the inconvenience of additional two-factor apps, password managers, or complex password requirements.
Powered by the WebAuthn protocol, these login methods provide an innovative passwordless login experience that is the future for securing sensitive information online, including logging in to any WordPress site. As the future of logins for all sites and apps, iThemes Security is the first to bring it to WordPress as the primary login method.
So let’s take a closer look at how passkeys work in iThemes Security Pro.
To take advantage of this update, you’ll need to be running PHP version 7.3+ and iThemes Security Pro (v 7.2). Current iThemes Security Pro, Essentials Bundle, Plugin Suite, and Toolkit customers will find the 7.2 version update available now as an automatic update from the WordPress dashboard (for licensed sites) or as a manual download from the iThemes Member Panel. Save time updating all your sites at once from the iThemes Sync dashboard.
What are Passkeys?
Introducing passkeys, the easiest and most secure way to log in to your WordPress site. With Passkeys, you get the most secure login technology available today without the inconvenience of two-factor apps, password managers, or complex password requirements.
Passkeys provide an innovative passwordless login experience that is the future of logins for all sites and apps. And iThemes Security Pro is the first WordPress security plugin to bring it to WordPress as the primary login method.
Powered by the WebAuthn standard, passkeys include biometric login methods (like Apple’s Face ID, Touch ID or Windows Hello), and are supported by all major browsers, including Chrome, Firefox, and Safari. Major tech companies like Google, Apple, and Microsoft all back the WebAuthn standard to make passkeys the future of secure logins across the web.
Why Use Passkeys? 5 Reasons
You may be wondering why you should consider using passkeys instead of strong passwords or even two-factor authentication. Let’s dive into why passkeys are a superior user security method.
1. Passkeys Solve the Problem of Stolen or Leaked Passwords
For starters, passkeys solve the problem of stolen or leaked passwords. The reality is that 81% of all hacking-related breaches leverage passwords that have been compromised. Passkeys make it virtually impossible to have your password leaked or stolen because your passwords aren’t stored on a server that can be compromised.
In addition, your personal data doesn’t leave your device. The site you’re logging into doesn’t get a copy of your fingerprint or face. Instead, a secure credential called a private-public keypair is created to form a strong authentication method that’s virtually impossible to hack.
2. Passkeys Protect You (And Your Site’s Users) From Phishing Attempts
Second, passkeys protect you from phishing. Hackers often use very sophisticated techniques to to try to trick you into giving away your password, like building convincing emails and websites to impersonate real services you use. Passkeys are phishing-resistant, since built-in authentication methods won’t let you be tricked into giving away your password.
3. Passkeys are Simply Easy to Use
Third, passkeys are simply easy to use. We all know how extra security measures usually mean inconvenience. Using strong passwords, or two-factor apps, or verification emails cause friction when logging in. Passkeys allow you to quickly log in with one click using your face or your fingerprint, instead of having to deal with long passwords, extra emails, or two-factor codes.
4. Passkeys Make Mobile Logins Easy
Use your passkey to login with Face ID, Touch ID, or Windows Hello from your mobile device. You’re likely already using this technology for many other apps and sites. With iThemes Security Pro, now you can use these to login to WordPress!
You’ll also be able to offer this login method to your users, removing friction and improving their security experience. With your mobile device, you can use:
- Face ID
- Touch ID
- Windows Hello
5. Passkeys Provide the Most Secure Login Method Available for WordPress
Finally, passkeys are the best way to provide the most secure login method available for your WordPress site. Both website admins and end users, like customers, can start using passkeys to login to any WordPress site running iThemes Security Pro.
How Do Passkeys Work with WordPress Logins?
With no passwords, no two-factor codes, and no emails, now you can log in to your WordPress site with one click.
Here are a few quick demo videos of how passkeys look when logging in:
From Your Desktop
Here’s a look at how easy it is to log in with passkeys from your desktop.
From Your iPhone
Passkeys make mobile logins a breeze by using your device’s built-in authentication technology, including Face ID and Touch ID.
Simply login using your passkey to activate your mobile device’s Face ID or Touch ID, and iThemes Security Pro will log you into WordPress in a matter of seconds.
No more using a password, pulling open a separate email for a confirmation code, or opening a separate two-factor app.
From Your Yubikey or Android Device
Finally, you can even use passkeys to securely register your mobile device or even your Yubikey to login to WordPress from your desktop. It’s that easy.
Getting Started with Passkeys in iThemes Security Pro
To get started with passkeys in iThemes Security Pro, you’ll need the following:
- iThemes Security Pro (v 7.2)
- PHP 7.3+
- If you are on a Mac, please ensure your computer has either Apple Silicon or the T1/T2 chip. For more information on Mac devices, please click here.
To set up Passkeys on your site, you will want to enable the feature by going to Security > Settings > Features > Login Security.

Next, you will navigate to the Security > Settings > Configure > Login Security > Passwordless Login, ensure the Passkey checkbox is enabled and save the changes.

Once you have enabled Passkeys, you can go to your WordPress Admin Menu > Users > Profile and scroll down to Passwordless Login, enable the feature for the user, and click on “Setup Passkeys.”

Using Multi-Platform / Browser / QR Code
What if you want to login to your WordPress site using a passkey but you are using a computer you don’t own or that you aren’t logged into iCloud with? You can log into the site using the QR code method and the mobile device that is registered. This feature uses the passkey saved to your device / iCloud to allow you to gain access on .
On the device you want to log into, look for the iPhone / Android device option.

Then, point your camera at the QR code being displayed and click the option on screen to use your passkey.

This will set up a mechanism for the computer and your mobile device to securely communicate with each other. After approving the login on your phone, you’ll be signed in automatically on your desktop. The desktop computer does not get its own passkey. Your passkey stays on the device that you used to authenticate. If you are using a new windows computer that you purchased, you would probably want to register a new passkey for that device after signing in for the first time via your iPhone.
More Instructions for Setting Up Passkeys
We have comprehensive documentation available over in the iThemes Help Desk for:
Get iThemes Security Pro Today with Passkeys!
iThemes Security Pro, our WordPress security plugin, offers 50+ ways to secure and protect your website from common WordPress security vulnerabilities. As the first WordPress security plugin to bring passkeys to WordPress as the primary login method, you’ll also get these extra layers of security for your website.
To take advantage of this update, you’ll need to be running PHP version 7.3+ and iThemes Security Pro (v 7.2). Current iThemes Security Pro, Essentials Bundle, Plugin Suite, and Toolkit customers will find the 7.2 version update available now as an automatic update from the WordPress dashboard (for licensed sites) or as a manual download from the iThemes Member Panel. Save time updating all your sites at once from the iThemes Sync dashboard.
