Menu
iThemes
WordPress Backup, Security & Maintenance
  • Products
    • iThemes Security Pro
    • BackupBuddy
    • Kadence WP
    • Restrict Content Pro
    • iThemes Sync
    • Why buy from iThemes?
  • Bundles
    • Essentials Bundle
    • Plugin Suite
    • WordPress Web Designer’s Toolkit
    • Customer Spotlights
  • Resources
    • Blog
    • WordPress 101 Tutorials
    • WordPress Ebooks
    • Weekly WordPress Vulnerability Report
    • The Ultimate Guide to Starting a Web Design Business
  • Training
    • Upcoming Webinars
    • Free Webinar Library
    • Premium Courses
    • Become a Member
    • Member Login
  • Support
    • Documentation
    • Get Help
    • Product Updates
    • Upgrade Policy
    • Contact
    • Our Mission: Make People’s Lives Awesome
  • Log In
WordPress News and Updates from iThemes
Categories
  • Product Updates
  • WordPress Backup
  • WordPress Block Editor
  • WordPress Ecommerce
  • WordPress for Freelancers
  • WordPress Security
  • WordPress Tutorials
  • WPprosper

iThemes Security Pro Feature Spotlight: Magic Links

Written by Kristen Wright on February 21, 2022

Last Updated on February 21, 2022

In the Feature Spotlight posts, we are going to highlight a feature in iThemes Security Pro and share a bit about why we developed the feature, who the feature is for, and how to use the feature.

Today we are going to cover Magic Links, a useful website security feature in the iThemes Security Pro plugin that is designed to improve user experience with iThemes Security’s brute force protection.

In This Article
  • What are Magic Links?
  • 3 Reasons You Need Magic Links for Your WordPress Site
  • Are Magic Links Secure?
  • How to Use Magic Links in iThemes Security Pro
  • Wrapping Up: Get iThemes Security Pro Today!

What are Magic Links?

iThemes Security Pro is great at locking out bad guys. However, if a bad guy used the username “Bob” in a brute force attack, and Bob is an actual user on the site, Bob would, unfortunately, be locked out along with the attacker.

The next time Bob tries to log in, he is met with the iThemes Security lockout message. If Bob is the site administrator, he would either have to wait for the lockout to expire or manually disable iThemes Security Pro via FTP.

If Bob is your client, he is likely to overestimate the seriousness of the lockout, and frantically reaches out to you, wondering why you let his site get hacked. This would require you to explain that this is evidence of you protecting their site and then clearing the lockout using Sync Pro or logging into the site and clearing the lockout from the iThemes Security widget to allow him to log in again.

Even though it feels great to stop bad guys from breaking into a site, we don’t like it when security affects the experience of real users. So, we wanted to create a way to allow Bob to login even when his username has been used in a brute force attack. We never want a site manager to have to spend their valuable time clearing lockouts.

Magic Links Explained

Magic Links allow you to log in to your WordPress site while your username is locked out by the iThemes Security Local Brute Force Protection feature.

When your username is locked out, you can request an email with a unique login link. Using the emailed link will bypass the username lockout for you, while brute force attackers are still locked out.

3 Reasons You Need Magic Links for Your WordPress Site

Here are three great reasons you need magic links for your WordPress site:

  1. Real users can potentially get locked out of your website if a brute force attack occurs with their username. Because of the way that iThemes Security brute force protection works, real usernames can potentially get locked out. This means they’ll have to either wait for the lockout to expire or contact a website admin to manually release the lockout for them.
  2. Magic links allow users to bypass lockouts of their username by sending them an email with an authorized login link. This secure login link allows a user to log in successfully.
  3. Eliminates the need for a website admin to release a user’s lockout before they can login. Free your team from mundane tasks like removing the need to manually clear a lockout.

Are Magic Links Secure?

Yes. iThemes Security delivers the Magic Link email to the email address associated with the username, so an attacker would also need access to the email account of the user. Once the Magic Link is clicked, a username and password must still be entered successfully to login to your WordPress website. Plus, if you have Two-Factor Authentication enabled (which we highly recommend), Magic Links require this secondary code to successfully log in.

How to Use Magic Links in iThemes Security Pro

To get started with Magic Links, navigate to the security settings’ Features menu and enable Magic Links.

If you encounter a lockout after enabling Magic Links you will be presented with an option to send a Magic Link to your email address.

Simply click the “Send authorized login link” link to receive your Magic Links email.

Once you receive the email, use the link, enter your credentials and you will be back in your site!

Note: You’ll still need to enter both your username and password to successfully log in from the Magic Link in the email.

Wrapping Up: Get iThemes Security Pro Today!

As you can see, both Magic Links can add a strong layer of security to your site without any added inconvenience. Magic links helps make sure bad actors and bots are locked out, but real users can log in.

Get iThemes Security Now

Kristen Wright
Kristen Wright

Kristen has been writing tutorials to help WordPress users since 2011. As marketing director here at iThemes, she’s dedicated to helping you find the best ways to build, manage, and maintain effective WordPress websites. Kristen also enjoys journaling (check out her side project, The Transformation Year!), hiking and camping, step aerobics, cooking, and daily adventures with her family, hoping to live a more present life.

Share via:

  • Facebook
  • Twitter
  • LinkedIn
  • More
Other related posts
WordPress vulnerability report
WordPress Vulnerability Report – June 22, 2022
what-is-a-pharma-hack
What is a WordPress Pharma Hack?
wordpress vulnerability report
WordPress Vulnerability Report – June 15, 2022
clean-up-hacked-wordpress-site
How to Clean a Hacked WordPress Site

Get updates on new themes & plugins plus special discounts

About iThemes

  • The Team
  • Contact Us
  • Website Accessibility Statement
  • Sitemap

Resources

  • Blog
  • Documentation
  • WordPress Tutorials
  • Free WordPress Ebooks
  • Free Webinar Library
  • Free Upcoming Webinars
  • iThemes Training
  • Affiliates

Customers

  • Member Panel Login
  • Support
  • FAQs
  • Upgrade Policy
  • Licensing
  • Terms and Conditions
  • Refund Policy

Top Products

  • BackupBuddy
  • iThemes Security Pro
  • iThemes Sync
  • Restrict Content Pro
  • WPComplete
  • WordPress Hosting
  • WordPress Plugins
  • Content Upgrades
  • WordPress Landing Page Plugin
  • BackupBuddy Stash

iThemes Media LLC Copyright © 2022 All rights reserved | Privacy Policy

© 2022 All Rights Reserved.

Share via
Facebook
Twitter
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap