New! Magic Links to Bypass Username Lockouts in iThemes Security Pro

The iThemes Security plugin includes a WordPress brute force protection feature to protect your site against attackers who try to randomly guess login credentials to your WordPress website. With this feature, however, legitimate usernames may be locked out during a brute force attack after a certain threshold of bad login attempts has been met.

Avatar photo
SolidWP Editorial Team
The iThemes Security plugin includes a WordPress brute force protection feature to protect your site against attackers who try to randomly guess login credentials to your WordPress website. With this feature, however, legitimate usernames may be locked out during a brute force attack after a certain threshold of bad login attempts has been met. To combat username lockouts for legitimate users, the latest version of iThemes Security Pro introduces a new Magic Links feature to provide an alternative login method for locked out users.

Introducing Magic Links to Bypass iThemes Security Username Lockouts pro

The new Magic Links feature allows you to log in to your WordPress site while your username is locked out by the iThemes Security Local Brute Force Protection feature. When your username is locked out, you can request an email with a special login link. Using the emailed link will bypass the username lockout for you while brute force attackers are still locked out.
To take advantage of this update, you’ll need iThemes Security Pro (v. 4.5). Current iThemes Security Pro, Plugin Suite and Toolkit customers will find the 4.5 update available for licensed sites or as a manual download from the iThemes Member Panel. Save time updating all your sites at once from the iThemes Sync dashboard.

Automatic Activation of Magic Links

Once you’ve updated to (or installed) iThemes Security Pro 4.5, Magic Links will be automatically enabled. You’ll find the new Magic Links Pro module on the iThemes Security > Settings page in your WordPress dashboard. magic links Click the “Configure Settings” button. The next screen provides an explanation of the feature.

Requesting Magic Link from the WordPress Login Screen

If your username has been locked out during a brute force attack detected by iThemes Security, you’ll see this message on the WordPress login screen. Simply click the “Send authorized login link” link to receive your Magic Links email. From your inbox, you’ll find an email sent by iThemes Security that contains your login link.
Note: You’ll still need to enter both your username and password to successfully login from the Magic Link in the email.
login link

Are Magic Links Secure?

Yes. iThemes Security delivers the Magic Link email to the email address associated with the username, so an attacker would also need access to the email account of the user. Once the Magic Link is clicked, a username and password must still be entered successfully to login to your WordPress website. Plus, if you have two-factor authentication enabled (which we highly recommend), Magic Links require this secondary code to successfully login.

Get iThemes Security Pro Now with 30+ Ways to Secure Your WordPress Website

iThemes Security, our WordPress security plugin, includes 30+ ways to protect your WordPress website, including WordPress two-factor authentication and much more.

Get iThemes Security Pro

Did you like this article? Spread the word: