WordPress Plugin
WordPress Plugin
#Overview
Login by Magic is a WordPress Plugin that integrates your WordPress sites with your Magic account. This plugin replaces the standard WordPress login form with one that is powered by Magic. The Magic login form enables passwordless login with email magic link.
The Login by Magic plugin handles login and account creation flows automatically by creating or matching user accounts with the email provided. During the login process, an account will be created or matched based on the data in your WordPress database.
This plugin is for WordPress websites that have existing users and want to switch from a username and password login to Magic’s passwordless login. Existing users must have a valid email associated with their account. New users will be associated with the email that they use to log in.
#Installation
To install or customize plugins, you must use a self-hosted WordPress.org site. Using a WordPress.com site does not allow installing plugins, unless you're on Business or eCommerce plan. To learn more about the differences, click here.
This plugin can be added to your WordPress site using the Plugins screen in the wp-admin:
- Log in to an existing WordPress site as an administrator
- Go to Plugins > Add New in the admin menu on the left hand side
- Search for “Login by Magic” or “magiclabs”
- When you find the Login by Magic plugin, click Install Now and then Activate
Once the plugin is activated, it’s time to configure the plugin.
If you don't already have a Magic account, sign up for a free account before proceeding.
#Configuration
A user can configure Login by Magic manually by visiting the Settings > Login by Magic page.
#Magic
Your Magic account must have an application for your WordPress site. If you don’t have one yet, create one.
- Create or select an Application from the dashboard
- Select the Home view for the Application. You will see your
PUBLISHABLE API KEY
andSECRET KEY
, which are used in wp-admin > Settings > Login by Magic to connect your WordPress site with your Magic account.
#WordPress
- Go to the Magic Dashboard, select the Application you just created. Keep this tab open. We will use the keys from this page.
- In a new tab, log in to wp-admin for your WordPress site and go to wp-admin > Settings > Login by Magic
- Complete the WordPress settings using your Magic application’s
PUBLISHABLE API KEY
andSECRET KEY
- Redirect URI is an optional field. Putting the slug of a page, such as
/my-account
will redirect the user to this page after a successful authentication. Leaving it blank will redirect the user back to the root of your website. - Select User role from the dropdown menu
Role | Description |
Administrator | Has access to all the administration features within a single site. |
Editor | Can publish and manage posts including the posts of other users. |
Author | Can publish and manage their own posts. |
Contributor | Can write and manage their own posts but cannot publish them. |
Subscriber | Can only manage their profile. |
To read more about roles and capabilities, click here.
Next, select the Admin login check box to replace the admin login form powered by Magic and click on Save Changes to complete the configuration.
If you are using JWT Authentication for WP REST API, the application will through the "Error to validate token" error. Currently, our plugin doesn't work well with this plugin. Try disabling the JWT Authentication for WP REST API and if you want more help, please reach out via our support widget.
#WooCommerce
- Follow Step 1-3 from the WordPress Configuration
- Redirect URI is an optional field. By putting the slug of a page, such as
/my-account
will redirect the user to the /my-account page after successful authentication. Avoid leaving this field blank for WooCommerce websites to provide a better experience for your users. - Two additional roles will appear for WooCommerce sites: Customer and Shop Manager
- Select the Admin login check box to replace the admin login form with one that is powered by Magic
- Similarly, select the WooCommerce login check box to replace the WooCommerce login form with one that is powered by Magic
- Click on Save Changes to complete the configuration
#Usage
- The user accesses the WordPress site’s login page. It could be the main login page at
[SITE URL]/wp-login.php
or a page containing a widget or shortcode. - The user provides their email address, clicks on the Send button
- A pop-up modal with the following message appears: Check your email
- The user will check the email they received from Magic
- They click on the
Log in to {Application Name}
button - Once they’ve clicked on the magic link email, they’ll be successfully logged in and redirected either to the homepage or the Redirected URI
By this time the user is considered a logged in user in both the original and new tabs. They will also have the role you’ve selected at the WordPress configuration step.
#Troubleshoot
- Setting up the plugin for the first time? Or having problems with users logging in? Please read Configuration.
- Found a bug in the plugin code? Submit an issue or create a pull request in GitHub.
- Please do not report security vulnerabilities on the public GitHub issues. If you find any security vulnerability, please report it to
[email protected]
. If you’re interested in our bounty program, we’d love to have you at HackerOne! Bounty will be awarded to valid vulnerabilities. - If you have questions about using the plugin, please reach our via our support widget or create a request in the plugin’s WordPress support forum
#FAQs
My local WordPress installation is showing an error and I am unable to login.
To use this plugin, please use a live WordPress installation that has an SSL certificate installed on it. Using an HTTP version of your WordPress installation is not recommended and will show App error.
I’m seeing the error message “App error, Invalid scheme detected.”
Please make sure the input scheme is one of [https]
. Install SSL certificate to your server.