Feature Requests

Got an idea for a new feature or integration? We’d love to hear it! You can find our roadmap here.

1 vote

Secure login link pass-wordless

A link that can be sent to the user that logs them in as if they had added their password. So fully logged in. To make it secure it recognised the user id and email but also only allows the login to happen from the user emails IP address. This would make it super easy to login but at the same time make it very secure because of the IP address. it would also be a fantastic solution to stopping account sharing. A short code could also be used on the login page requesting the link as magic links do with some plugins. The difference here would also be that you can send the link directly to the user in a welcome email

Under Review Category: Logins Addon james French shared this idea Updated: August 28, 2023

2 thoughts on “Secure login link pass-wordless”

  1. Thanks for the idea James!

    It might be hard to validate against IP address since users could be logging in from different places (home, work, mobile).

    But we do support verifying their contact ID against their email address to make the login more secure.

    Because of the potential security vulnerabilities, we can’t include this as a WP Fusion feature, but we do have an example code snippet at https://wpfusion.com/documentation/tutorials/auto-login-links/#true-auto-login

    1. Hi Jack
      Thanks for the reply and yes understand that the user may login from different places. At that point it would redirect to login page to request to update the link. If the link replaced a custom value in the crm then all previous links in emails would now be updated. Completely understand if you still think it would be a security risk. Thanks again

Leave a Comment

Your email address will not be published. Required fields are marked *

Powered by Simple feature Requests