Magic links – iThemes Security

Magic links – iThemes Security
datum-geschreven 1 May 2023

iThemes Security’s magic links ensure that you can still log in when your user account is locked.

How does a block on your user account come about?

If someone – usually a script – tries to get into your website, making dozens of attempts with your username, your account will be blocked after x number of attempts.

This is an important security measure.
But suppose you try to log in with your username after that … then you can’t get into your website either.

Is there nothing you can do about a block at all?

Of course you can do something about it, for example:

  1. Having someone else log in (a website administrator), who then removes you from the block list
  2. By waiting for the block time (sometimes it is 15 minutes, but if there are a lot of attempts your account will be blocked for 24 hours)
  3. By renaming the iThemes Security plugin on the server (then you deactivate the plugin and you can log in, once in you rename the plugin so that it will work and get yourself off the block list immediately).

In your iThemes Security settings >Features > Lockouts turn on the magic link feature.

magische link functie

The next time your account is blocked you will see the notification that you are blocked, but you will also see a link that you can click on to get an email that allows you to log in anyway!

melding ithemes security

This works easily, quickly and avoids a lot of frustration when you want to log into your website!

Now you may be thinking, I’m not turning that feature on! Because then a hacker can also request such a link to be able to log in anyway.

Fortunately, this is not how it works. The link is sent to the e-mail account of the user who is blocked, so the hacker or hackbot will not get that link!

Also, you still have to provide your username and correct password to actually log in.


The magic link function is indispensable, it prevents you, your customer or even people in your shop from being unable to log in when brute force attempts have been made on their account.

Or when the password is entered incorrectly several times in a row… which happens to users more often than you might think 😉

De meeste artikelen worden geschreven door Mathieu Scholtes, de eigenaar van WPBeveiligen. Op de hoogte blijven van het laatste WordPress nieuws? WordPress tips? WordPress aanbiedingen?
Connect dan op Linked-in!

Heb je een vraag? Tip of gedachte? Deel die!

Breng me op de hoogte
0 Reacties
Inline Feedbacks
Bekijk alle reacties