Linux 软件免费装
Banner图

Elevation Magic Link Login

开发者 elevation1support
msuarez25
更新时间 2026年1月24日 04:36
PHP版本: 5.0 及以上
WordPress版本: 6.9
版权: GPLv2 or later
版权网址: 版权信息

标签

security login authentication passwordless magic link

下载

1.2.2

详情介绍:

Elevation Magic Link Login allows your users to sign in without remembering a password. By simply entering their username or email address, they receive a secure, time-sensitive link via email that logs them in instantly. This plugin is built with security as a priority, utilizing WordPress best practices such as nonces, input sanitization, output escaping, hashed tokens, and HMAC signatures to ensure your site and users remain protected. Features Adds a "Send Me a Magic Link" button to the default WP login form. New: Toggle-based UI that hides the password field when requesting a link for a cleaner experience. Secure, high-entropy token generation. Tokens are hashed before storage for maximum security. Cross-device support: Uses stateless HMAC signatures to validate links even if opened on a different device than requested. One-time use links that expire after 15 minutes (filterable). No-password fallback for users who forget their credentials. Lightweight and developer-friendly. Filterable redirect URL after successful login.

安装:

Upload the elevation-magic-link-login folder to the /wp-content/plugins/ directory. Activate the plugin through the 'Plugins' menu in WordPress. Your login page will now display the Magic Link button.

常见问题:

How long do links stay valid?

By default, links expire after 15 minutes. Developers can change this using the emll_token_expiration filter.

Does this replace the standard password login?

No, it adds a secondary option. Users can still log in using their standard username and password.

How can I change the redirect URL?

You can use the emll_login_redirect filter in your theme's functions.php. Example: add_filter('emll_login_redirect', function($url, $user) { return home_url('/welcome'); }, 10, 2);

更新日志:

1.2.2 Improved UI: The "Send Magic Link" button now toggles the form view, hiding the password field and showing a specific email submission button. Added "Back to Password Login" link for better usability. 1.2.1 Security Update: Implemented Stateless HMAC Signature verification. This validates the link origin while allowing users to request on one device and login on another. Fix: Replaced raw script tags with wp_add_inline_script for better WordPress standard compliance. 1.2 Added emll_login_redirect filter for custom redirect URLs. Documentation updates. 1.1 Added hashed token storage. Improved security checks for user identification. Added CSRF protection via nonces. 1.0 Initial release.