Even though I personally use and recommend a great password manager which securely handles logins across my devices, I recognize that some people aren’t willing to use one. This is why we should offer passwordless logins to our websites, either with Magic Links or Passkeys, which have been a buzz in the news lately with announcements from Apple, Google, Yubikey and 1Password. In fact, Passkeys (with or without biometric verification methods like fingerprints, face recognition or retina) have been vetted by the world’s security experts and declared to be even more secure than strong, unique passwords with the type of 2FA (2-factor authentication) used by most people, while also being much more convenient. This article is a summary about how to implement either type of passwordless logins for your WordPress website: Magic Links or Passkeys. I’ll also cover how much that costs (to add either or both your website) and how I can get it for you for 40% less.
What’s a Magic Link?
A Magic Link is one that is sent to the user via email when initiating a login to a WordPress website equipped with that feature. The user will be instantly logged in after clicking on the Magic Link received via email. No more resetting forgotten passwords!
How to implement and offer Passkeys or Magic Links to your WordPress website
As of publication date of this article, the only way I know to offer Passkeys or Magic Logins on a WordPress website is via the paid version of a powerful plugin called Solid Security (previously called iThemes Security Pro). The paid version offers both Passkeys and Magic Links. You may decide to use one, the other or both. Both the free and paid version offer the following benefits (among many more):
- 2FA (two-factor authentication, to prevent an attacker who somehow already knows your password). This is optional
- Local & Network Brute Force Protection, which will automatically stop a human or a computer from continually trying to guess a password.
Some reviewers have unjustifiably objected to the lack of malware scanning within the above mentioned plugin. I respectfully disagree with those reviewers and actually consider that to be a benefit, as you’ll see here:
- Having malware scanning inside of WordPress can unnecessarily slow down your website, in addition to complicating it.
- It is much better to handle malware scanning on a server level (not on a WordPress level) to alleviate many heavy tasks within WordPress. My first choice for server-based scanning is called Imunify360.
Immunify’s slogan is:
Prevention is always better than cure… But just in case, we have both.
Imunify360 describes itself as:
Imunify360 is a comprehensive security platform for web-hosting servers. It utilizes highly tailored and integrated components for proactive real-time website protection and web server security. It’s not just antivirus or WAF. Imunify360 combines an Intrusion Prevention and Detection system, a Web Application Firewall, Real-time Antivirus protection, a Network Firewall, and Patch Management components. These elements are seamlessly integrated for flawless interoperability that instantly detects, fixes, and protects from any threats that a web-hosting service may encounter.
Fortunately, Imunify360 requires no intervention from you… and is included with all plans hosted at my TecnoTur.us at no extra cost. Having Imunify360 on the server alleviates the malware scanning tasks, allowing Solid Security do its specific other tasks.
How much does passwordless logins for my website cost?
Solid Security currently costs U$99 per year per website if you buy it from them. However, if you order it as an add-on to any hosting plan from TecnoTur, it will cost you only U$59 per year, per website. It can be added when purchasing a new hosting plan or added to an existing one at any time.
For those of us who already use a password manager and/or a Yubikey
Those of us who use a good password manager or Yukikey or similar device won’t want to get rid of it. We’ll want to use them together with Passkeys. Even those of us who currently use a Yubikey will also want to keep it, if only to access the good password manager.
My updated white paper/ebook
Back in 2017, I published the white paper WordPress security + multi-backups : My automated 4-destination strategy. Many things have changed since 2017 with WordPress and the strategies for security. That’s why I just released the second edition, shown below.
You can get it either directly from its own website or from a growing list of 12+ worldwide bookstores, distributors and library networks. Click for all of the options. If you purchased the first edition and would like to receive the second one at no additional cost, it depends where you bought it. If you bought it from Amazon, just request the update from Customer Service. If you purchased it anywhere else (or unable to get the update free from Amazon customer service), please write to me with proof of purchase.
Lee este artículo en castellano
Ingreso sin contraseña a tu sitio web: ¿Ya utilizas las passkeys o los enlaces mágicos?
(Re-)Subscribe for upcoming articles, reviews, radio shows, books and seminars/webinars
Stand by for upcoming articles, reviews, books and courses by subscribing to my bulletins.
In English:
- Email bulletins, bulletins.AllanTepper.com
- In Telegram, t.me/TecnoTurBulletins
- Twitter (bilingual), AllanLTepper
En castellano:
- Boletines por correo electrónico, boletines.AllanTepper.com
- En Telegram, t.me/boletinesdeAllan
- Twitter (bilingüe), AllanLTepper
Most of my current books are at books.AllanTepper.com, and also visit AllanTepper.com and radio.AllanTepper.com.
FTC disclosure
Automattic (WordPress) and iThemes (solid) are not paying for this article. Some of the manufacturers listed above have contracted Tépper and/or TecnoTur LLC to carry out consulting and/or translations/localizations/transcreations. So far, none of the manufacturers listed above is/are sponsors of the TecnoTur, BeyondPodcasting, CapicúaFM or TuSaludSecreta programs, although they are welcome to do so, and some are, may be (or may have been) sponsors of ProVideo Coalition magazine. Some links to third parties listed in this article and/or on this web page may indirectly benefit TecnoTur LLC via affiliate programs. Allan Tépper’s opinions are his own. Allan Tépper is not liable for misuse or misunderstanding of information he shares.