Magic Login 2.7 is now available. This release focuses on improving spam protection, privacy, and overall resilience for passwordless authentication on WordPress sites.
The update introduces Friendly Captcha integration, improves privacy by loading fonts locally, and adds several hardening and abuse-prevention improvements to the login system.
If you run a membership site, WooCommerce store, or any site using passwordless login, Magic Login Pro 2.7 helps make login flows more reliable while maintaining the smooth user experience that magic links are known for.
What’s New in Magic Login Pro 2.7
Magic Login Pro 2.7 includes improvements in three main areas:
- Friendly Captcha support for modern spam protection
- Privacy improvements through local asset loading
- Security hardening and abuse prevention for login flows
These updates help keep your WordPress passwordless login plugin reliable in real-world environments where login forms often face automated abuse attempts.
Friendly Captcha Support for Spam Protection
Magic Login Pro 2.7 introduces support for Friendly Captcha, a privacy-focused CAPTCHA solution designed to block automated abuse without relying on invasive tracking.
This provides site owners with another modern option for protecting login and registration flows. It is now available as an additional spam protection option alongside the existing captcha integrations supported by Magic Login.
Improved Privacy with Local Font Loading
Magic Login Pro now loads its fonts locally instead of relying on remote font delivery.
Previously, fonts could be served via a CDN (admin settings only). With version 2.7, the plugin serves these assets directly from the site itself.
This change helps improve:
- Privacy and GDPR-conscious deployments
- Reliability when external resources are blocked
- Consistency in login page asset loading
For site owners who prioritize privacy-friendly WordPress setups, this update reduces external dependencies in the login experience.
Security Hardening and Abuse Prevention
In addition to the visible improvements, Magic Login Pro 2.7 also includes several security hardening updates to strengthen passwordless login flows.
These updates are designed to improve resilience against automated abuse while keeping login experiences smooth for legitimate users.
Improvements in this release
- Added nonce validation for AJAX-based login requests
- Added final redirect validation for both standard and AJAX login flows
- Improved randomness used for generated email login codes
- Added a per-user safeguard to limit repeated login emails
To help prevent automated abuse, a safe hourly limit of 60 login emails per user is now applied by default.
These measures help ensure secure magic login links remain reliable even on high-traffic sites where login systems may be targeted by bots or automated tools.
Why This Matters for WordPress Site Owners
Passwordless authentication continues to gain popularity because it simplifies login experiences and removes password friction for users.
However, real-world login systems must also address challenges such as:
- Automated login abuse
- CAPTCHA compatibility with dynamic forms
- Privacy and external asset dependencies
- Secure redirect handling
Magic Login Pro 2.7 helps address these concerns while keeping the user experience simple.
For WooCommerce stores, membership sites, communities, and SaaS-style WordPress applications, these improvements help ensure your login system stays:
- Easy for users
- Reliable across AJAX login flows
- Better protected against automated abuse
- More privacy-conscious
Update to Magic Login Pro 2.7
If you’re already using Magic Login Pro, we recommend updating to Magic Login Pro 2.7 to benefit from the latest improvements in spam protection, privacy, and login reliability.
You can update directly from your WordPress dashboard or download the latest version from your account.