Reference & Support
Troubleshooting and FAQ
User Did Not Receive the Email
- Ask the user to check spam/junk.
- Confirm the email address is correct.
- Verify your site can send emails reliably.
- Check the Health Check page to confirm
wp_mailis working.
Link Says Invalid or Expired
- The link may have expired.
- The link may already be used (based on token validity setting).
- Generate a new link and try again.
Users See a "Confirm It's You" Page First (Intended)
When a user clicks a magic link, they may first see a short Intent Confirmation page asking them to confirm it is really them. This is intentional. It is the free scanner protection feature: email and link scanners often open links automatically, and without this step they would silently consume a one-time magic link before the real user clicks it.
- This behaviour is normal and should be left on.
- The user simply clicks the confirmation button to complete sign-in.
Revoke a User's Magic Links
Admins can invalidate a user's active links at any time. On Users > All Users, use the per-user Revoke Magic Links row action (also available as a bulk action). This is useful if a link may have been exposed or a user reports suspicious activity.
User Is Redirected to Wrong Page
- Check the Login Redirect setting in
Magic Link > Settings > General. - If PRO role-based redirects are enabled, role-specific URLs override the single Login Redirect URL.
Domain Is Not Allowed (PRO)
- Review the Domain Restriction allow/block lists.
- Remove typos and enter one domain per line (for example
example.com).
Too Many Requests / User Blocked (PRO)
- This usually means Login Request Throttling or Brute Force Protection is active.
- Wait for the cooldown/block period, or adjust the settings if needed.
Best Practice Checklist
- Keep token lifespan short.
- Use single-use links for higher security.
- Test the login flow after changing settings.
- Keep at least one administrator account recovery path.
- Review the Audit Log and Health Check if something looks off.