Ettic Docs
MagicAuth

Overview

Passwordless WordPress sign-in via email magic link or 6-character code.

MagicAuth lets your users sign in without a password. Each sign-in email contains both a clickable magic link and a typeable 6-character code (XXX-XXX), so cross-device flows work: request from desktop, type the code from your phone, or click the link wherever.

What it does

  • One email with a magic link and a Crockford-base32 6-character code.
  • Optional Gravatar-style branded replacement of wp-login.php.
  • Drop-in [magicauth_login] shortcode for any page.
  • Per-IP, per-email, and per-row throttling, on by default.
  • WP privacy exporter and eraser registered automatically.
  • Admins can issue, send, and reset magic links from the user-edit screen.
  • Three-layer recovery so no admin gets locked out.

What it does NOT do

  • No SMS, phone OTP, QR codes, or third-party SSO.
  • No user registration.
  • No reCAPTCHA / Turnstile / hCaptcha.
  • No REST API, WP-CLI, or multisite-network mode in v1.x.

Requirements

  • WordPress 6.4 or newer
  • PHP 8.0 or newer
  • Single-site WordPress (multisite is not supported in v1.x)

At a glance

Latest version1.4.0
LicenseGPL-2.0-or-later
Sourcegithub.com/nolderoos/magicauth
AuthorEttic

Where to next

Installation

Install, activate, and the first-run salt-strength check.

Configuration

Every settings field with recommended values.

Usage

Sign-in flow, password fallback, per-user admin actions.

Developers

Hooks, templates, programmatic API, and constants.

Welcome

Documentation for Ettic WordPress plugins.

Installation

Install MagicAuth, activate it, and pass the first-run safety checks.

On this page

What it doesWhat it does NOT doRequirementsAt a glanceWhere to next