How To Enable WordPress Biometric Login Using iThemes Security Pro

WordPress is very easy to use and easy to hack too. Every year, millions of websites get hacked even after incorporating the safest security protocols.

Can’t blame WordPress for that as the software has its own limitation. Traditional security methods like strong password, and two-factor authentication is outdated now.

So, what is the solution? Leave our websites for getting hacked?

This may not be the ideal approach as you spend your time and money building a website. A hack can completely spoil the effort.

How about WordPress Passwordless Login or more specifically the WordPress Biometric Login?

WordPress Biometric Login

I believe you are hearing about WordPress Biometric login for the first time. But it sounds interesting. Is not it? Let’s dig into it in this article.

WordPress Passwordless login is the feature. Why?

To understand that, we need to understand how hackers break traditional security measures like strong passwords, two-factor authentication, etc.

Hackers can use phishing to steal your password, can hack your browser to steal the password, and even they can steal the password if it is stored by your server. There are thousands of ways hackers can hack your website.

However, WordPress Passwordless Login uses biometric security which is practically impossible to hack as it is very difficult to steal your biometric information. That is why most banks use biometric authentication nowadays.

iThemes Security Pro is one of the very few WordPress security plugins that offer WordPress Biometric Login. We will learn more about this technology in this article.

What Is WordPress Passwordless Login?

Passwordless login means you don’t need a password to log in to your WordPress dashboard. Traditional security methods ask you to enter your password every time you log in to WordPress.

The issue with traditional security methods is that passwords are saved in your database which is easy to hack. That is why WordPress Passwordless Login comes to the rescue.

There are two different methods of WordPress Passwordless Login.

  • Using Magic Links
  • Using Passkeys

Magic Link basically sends an email with a link as soon as you enter the user name. You don’t need to enter the password to get the magic link.

When you click on the magic link, you can log in automatically.

iThemes Security Magic Link
Magic Link

However, with the magic link, the problem is that you need to check your emails to click on the link. That is time-consuming and anyone can hack your emails to break this security system.


In the case of passkeys, every time you log in, WordPress will ask for it rather than sending an email. Passkeys are device specific and not stored on the server. So less chance of getting tempered.

iThemes Security Pro Passkey
Image Credit: iThemes Security

The passkey can be numeric codes ( As in the case of a Windows Computer without Windows Hello) or it can be your face ID / Touch ID ( In the case of an iPhone, Android Phone, or Mac).

ithemes security passkey

Passkeys make the login process easier on mobiles as you need to use phone authentication methods to log in to WordPress. You need to protect your phone’s biometric information rather than protecting passwords, emails, or two-factor authentication apps.

Passkeys are supported by WebAuthn, a cryptographic authentication that uses a public and private key pair. The development of WebAuthn has representatives from tech giants like Google, Microsoft, Mozilla, etc. That shows the kind of security protocol WebAuthn uses.

What Is WordPress Biometric Login

WordPress Biometric Login is a type of WordPress Passwordless Login where you will be using your biometric information to log in to the WordPress dashboard.

Biometric information like FaceID, and TouchID is more secure than passkeys as it is very difficult to steal biometric information.

How To Configure Passkeys Or WordPress Biometric Login?

iThemes Security is the best plugin to enable Biometric Login for your WordPress website. However, you need the pro version to enable this feature.

Once you installed the Pro version, you need to enable passkey and passwordless login under Security-> Setting-> Login Security

You may choose to select only the “passwordless login” option, in case you want a magic link to be sent to your email ID every time you try to log in.

wordpress biometric login
Image Credit: iThemes Security

Next, please go to the ” Passwordless Login” setting page and ensure that the “Passkey” option is checked.

Security > Settings > Configure > Login Security > Passwordless Login

WordPress biometric login
Image Credit: iThemes Security

Once done, click on the “Save” button. That will enable the “PasswordLess Login” for all users.

Next, when you try to log in with your user ID and password, you will be asked to set up the passkey as shown below.

To set up the passkeys now, click on ” Use Your Passkeys

wordpress biometric login

Click on “Add A Passkey” to register your device. A popup will appear and you need to follow the onscreen instruction. The instruction will vary based on the device you use.

WordPress biometric login

For example, if you try to set passkeys on an Apple product with TouchID, the following pop-up will show up.

WordPress biometric login
Image Credit: iThemes Security

For Android or iPhone, similar instructions will show up based on the authentication feature you have on your phone.

You may choose to skip the setup and use the password as long as you want. If you want to set up a passkey, later on, you can go to the user profile page and click on ” Setup Passkeys

WordPress biometric login
Image Credit: iThemes Security

How To Login From Devices That Are Not Configured?

As you have already understood that the Passkeys are device specific and not stored on the server. You are basically your device authentication to log in to WordPress.

But how about login into WordPress from a different device that is not configured?

In that case, you can use QR Code based sign-in.

When you try to log in using your user ID and Password, the system will show a prompt with the various options to sign in.

WordPress biometric login
Image Credit: iThemes Security

You can select the desired option and scan the QR code to sign in to the WordPress admin area. Later on, if you try to log in again from the same device, you can use the same authentication method that is already configured.

Conclusion: WordPress Biometric Login

Biometric login is the future. Because it is one of the most secure authentication methods. Passwords are easy to hack and steal, but it is next to impossible to steal your biometrics.

Passkeys are not stored on the server and are device-specific. That makes the hacker’s job much harder to hack.

iTheme Security Pro is one of the best plugins that offer this WordPress Biometric Login using passkeys. So I would highly recommend you upgrade to the pro version so that you don’t miss this important security feature.

FAQ | WordPress Biometric Login

What Is WordPress Biometric Login?

WordPress Biometric Login is the most secure method of login into your WordPress dashboard without using any password.

You can use your device-specific authentication method to log in. It can be your Face ID, Touch ID, PIN, or anything that your device supports.

What Is The Difference Between WordPress Biometric Login And WordPress Passwordless Login?

WordPress Passwordless login consists of two different methods. One is Magic Link and the other is Biometric Login.

So basically, WordPress Biometric login is a subset of Passwordless login.

Is WordPress Biometric Login Safe?

Yes. In fact, it is the safest authentication method to log in to WordPress. That is why even banks use Biometric authentication.


Rajib Is The Founder Of RiansTech. A Seasonal Blogger And A Full-Time Product Designer For Over Two Decades. A Technology Freak And Loves To Write About It. RiansTech Is A Online Home For Him Where He Documents His Experiences And Learnings So That Others Can Get Benefited From It.