Magic login links are one-click login URLs embedded in portal notification emails. Instead of asking clients to remember their password and log in manually, they can click a single button in the email and land directly in their portal — already authenticated.
How Magic Login Works #
- An event occurs in the portal (a new message, file upload, task assignment, etc.)
- ClientPress sends a notification email to the relevant user
- The email contains a Visit Portal button with a magic login link
- The client clicks the button
- They are automatically logged in and taken directly to the relevant area of the portal
- The magic link is immediately invalidated — it cannot be used a second time
Enabling Magic Login Links #
- Go to Settings → ClientPress → Access & Login.
- Enable Magic Login Links.
- Save.
Once enabled, all portal notification emails will include magic login links for users who are not currently logged in.
Security #
Magic login links are designed to be secure:
- Each link is single-use — once clicked, it expires immediately
- Links expire automatically after 48 hours even if unused
- Each link is tied to a specific user — it cannot be used to log in as anyone else
- If a link is forwarded or shared, the first person to click it consumes it
Because of these properties, magic login links are safe to include in email — they do not pose a long-lived security risk.
What Happens if the Link Expires #
If a client clicks a magic login link after it has expired (or after it has already been used), they are redirected to the standard WordPress login page. They can log in with their username and password as normal.
Magic Login and Logged-In Users #
If the client is already logged in when they click a magic login link, the link is bypassed and they are taken directly to the destination in the portal. The link is still consumed.
Disabling Magic Login Links #
If you prefer clients to log in with their password each time, leave the Magic Login Links setting disabled. Notification emails will still be sent, but the portal link in the email will go to the standard portal URL, prompting a login if the client is not already authenticated.
