February 28, 2018


Properly protecting the security of your website has to be number 1 on everybody’s digital checklist. Unfortunately, security is only as strong as the weakest link in the chain, and that weakest link is usually your password.

It’s a fact of digital life, that thanks to the vast number of logins we have to recall, mostpeople use a variation on their “master” password: using “passwordLI” for LinkedIn, “passwordE” for email, “passwordFB” for Facebook. It doesn’t take an AI with advanced machine learning to work out that your WordPress password is “passwordWP”—although worryingly, that AI does exist.

Cue Magic Password…

Magic Password is a revolutionary WordPress plugin that takes a radically different approach to site security by ditching the password altogether!

Password-less authentication has already been pioneered by SaaS like Slack, and Magic Password takes the concept to new heights with its implementation for WordPress. All you need is the smartphone app—which is available for both Android and iOS—and the Magic Password plugin. Both the app, and the plugin are completely free.

Once the plugin is installed in your WordPress site, and the app is synced, all you need to do to log into your site is take out your smartphone and scan the Magic code displayed on your login screen. It’s as simple and secure as that; the only person who can access your account is you.

Using Magic Password to login is really easy. Not as easy as typing a password, but easier than trying to remember a different, secure password each week, and certainly easier than two-factor authentication.

If you’re someone who prefers to access WordPress on a mobile device, then Magic Password is even simpler: simply tap the screen and you’re logged in. Super-easy to do and extra secure when you combine it with your phone’s built-in security features like Face ID or fingerprint scanning.


It’s an incredibly convenient process, but Magic Password’s real benefits come from its contribution to your site’s security measures.

The sad reality is that passwords can, and do get hacked. And we make things easier for hackers because human beings are predictable. Hackers know your password is probably 8 characters plus or minus 2, and that it probably ends in a number.

Magic Password completely rewrites the rules by changing the whole login process: The latest end-to-end encryption means login credentials are all but impossible to hack; With no password to type you aren’t vulnerable to a keylogger attack; Brute-force attacks are blocked thanks to limited login attempts; Magic Password doesn’t rely on database or local file storage, your login credentials aren’t stored anywhere, which means there’s simply nothing to steal.

One of the most common points of failure in any security plan is a particular user’s lack of caution. It doesn’t matter how diligent you are, if Darren in marketing insists on using “FutureMrBeyonce” as his password on every single site, sooner or later your details will be compromised. Magic Password can be used by anyone on your team, in fact one of the latest features is the ability to require all subusers to login with Magic Password; so you can be confident that Darren’s optimistic password policy won’t wreck your security.

What’s more, the Magic code generated by the plugin and scanned by the phone app is constantly updated on the backend by the app. If hackers were taking aim at your site login, they’ll now find themselves looking at a moving target. As an added bonus, you won’t have to update your login every week “just in case”.

Magic Password is one of those rare plugins that’s so useful, you expect WordPress to buy it and build it into the core code.

February 28, 2018