Menu
iThemes
WordPress Security, Backups & Maintenance
  • Products
    • iThemes Security Pro
    • BackupBuddy
    • iThemes Sync
    • Why buy from iThemes?
  • Bundles
    • Essentials Bundle
    • Plugin Suite
    • WordPress Web Designer’s Toolkit
    • Customer Spotlights
  • Resources
    • Blog
    • WordPress 101 Tutorials
    • WordPress Ebooks
    • Weekly WordPress Vulnerability Report
    • The Ultimate Guide to Starting a Web Design Business
  • Training
    • Upcoming Webinars
    • Free Webinar Library
    • Premium Courses
    • Become a Member
    • Member Login
  • Support
    • Documentation
    • Get Help
    • Product Updates
    • Upgrade Policy
    • Contact
    • Our Mission: Make People’s Lives Awesome
  • Log In
WordPress News and Updates from iThemes
Categories
  • Product Updates
  • WordPress Backup
  • WordPress Block Editor
  • WordPress Ecommerce
  • WordPress for Freelancers
  • WordPress Security
  • WordPress Tutorials
  • WPprosper

iThemes Security Pro Feature Spotlight: Magic Links

Written by iThemes Editorial Team on February 21, 2022

Last Updated on February 21, 2022

In the Feature Spotlight posts, we are going to highlight a feature in iThemes Security Pro and share a bit about why we developed the feature, who the feature is for, and how to use the feature.

Today we are going to cover Magic Links, a useful website security feature in the iThemes Security Pro plugin that is designed to improve user experience with iThemes Security’s brute force protection.

In This Article
  • What are Magic Links?
  • 3 Reasons You Need Magic Links for Your WordPress Site
  • Are Magic Links Secure?
  • How to Use Magic Links in iThemes Security Pro
  • Wrapping Up: Get iThemes Security Pro Today!

What are Magic Links?

iThemes Security Pro is great at locking out bad guys. However, if a bad guy used the username “Bob” in a brute force attack, and Bob is an actual user on the site, Bob would, unfortunately, be locked out along with the attacker.

The next time Bob tries to log in, he is met with the iThemes Security lockout message. If Bob is the site administrator, he would either have to wait for the lockout to expire or manually disable iThemes Security Pro via FTP.

If Bob is your client, he is likely to overestimate the seriousness of the lockout, and frantically reaches out to you, wondering why you let his site get hacked. This would require you to explain that this is evidence of you protecting their site and then clearing the lockout using Sync Pro or logging into the site and clearing the lockout from the iThemes Security widget to allow him to log in again.

Even though it feels great to stop bad guys from breaking into a site, we don’t like it when security affects the experience of real users. So, we wanted to create a way to allow Bob to login even when his username has been used in a brute force attack. We never want a site manager to have to spend their valuable time clearing lockouts.

Magic Links Explained

Magic Links allow you to log in to your WordPress site while your username is locked out by the iThemes Security Local Brute Force Protection feature.

When your username is locked out, you can request an email with a unique login link. Using the emailed link will bypass the username lockout for you, while brute force attackers are still locked out.

3 Reasons You Need Magic Links for Your WordPress Site

Here are three great reasons you need magic links for your WordPress site:

  1. Real users can potentially get locked out of your website if a brute force attack occurs with their username. Because of the way that iThemes Security brute force protection works, real usernames can potentially get locked out. This means they’ll have to either wait for the lockout to expire or contact a website admin to manually release the lockout for them.
  2. Magic links allow users to bypass lockouts of their username by sending them an email with an authorized login link. This secure login link allows a user to log in successfully.
  3. Eliminates the need for a website admin to release a user’s lockout before they can login. Free your team from mundane tasks like removing the need to manually clear a lockout.

Are Magic Links Secure?

Yes. iThemes Security delivers the Magic Link email to the email address associated with the username, so an attacker would also need access to the email account of the user. Once the Magic Link is clicked, a username and password must still be entered successfully to login to your WordPress website. Plus, if you have Two-Factor Authentication enabled (which we highly recommend), Magic Links require this secondary code to successfully log in.

How to Use Magic Links in iThemes Security Pro

To get started with Magic Links, navigate to the security settings’ Features menu and enable Magic Links.

If you encounter a lockout after enabling Magic Links you will be presented with an option to send a Magic Link to your email address.

Simply click the “Send authorized login link” link to receive your Magic Links email.

Once you receive the email, use the link, enter your credentials and you will be back in your site!

Note: You’ll still need to enter both your username and password to successfully log in from the Magic Link in the email.

Wrapping Up: Get iThemes Security Pro Today!

As you can see, both Magic Links can add a strong layer of security to your site without any added inconvenience. Magic links helps make sure bad actors and bots are locked out, but real users can log in.

Get iThemes Security Now

iThemes Team
iThemes Editorial Team

Each week, the team at iThemes team publishes new WordPress tutorials and resources, including the Weekly WordPress Vulnerability Report. Since 2008, iThemes has been dedicated to helping you build, maintain, and secure WordPress sites for yourself or for clients. Our mission? Make People’s Lives Awesome.

Share via:

  • Facebook
  • Twitter
  • LinkedIn
  • More
Other related posts
A security-riddled computer monitor. There is a large, orange shield with a slash in the middle of the screen. Surrounding it are a red target, a green skull and crossbones, an orange “bug”, a triangle with an explanation point in the middle and a gray gear.
WordPress Vulnerability Report – March 15, 2023
ip hack
What is an IP Hack?
Patchstack 2022 WordPress Security Review
The State of WordPress Security: Community and Collaboration Help Us All Win
wordpress-vulnerability-report
WordPress Vulnerability Report – March 8, 2023

Get updates on new themes & plugins plus special discounts

About iThemes

  • Contact Us
  • Website Accessibility Statement
  • Sitemap

Resources

  • Blog
  • Documentation
  • WordPress Tutorials
  • Free WordPress Ebooks
  • Free Webinar Library
  • Free Upcoming Webinars
  • iThemes Training
  • Affiliates

Customers

  • Member Panel Login
  • Support
  • FAQs
  • Upgrade Policy
  • Licensing
  • Terms and Conditions
  • Refund Policy

Top Products

  • BackupBuddy
  • iThemes Security Pro
  • iThemes Sync
  • Restrict Content Pro
  • WPComplete
  • WordPress Plugins
  • Content Upgrades
  • WordPress Landing Page Plugin
  • BackupBuddy Stash

iThemes Media LLC Copyright © 2023 All rights reserved | Privacy Policy

A Liquid Web Brand © 2022 All Rights Reserved.

Get the Weekly WordPress Vulnerability Report

Vulnerable WordPress plugins and themes are the #1 reason WordPress sites get hacked, but keeping track of every new plugin and theme vulnerability is hard work. Get the weekly WordPress Vulnerability Report delivered right to your inbox to help keep your website secure.

Get the Report
Share via
Facebook
Twitter
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap