WordPress Two Factor Authentication Plugin Description
The password is the standard security implementation in the computer world. However, passwords can be guessed, hacked, or intercepted.
To combat these weaknesses you should install two factor authentication login verification, which provide a secret login key with one time passwords (OTP) that are not vulnerable to brute-force attacks.
Securing Users Accounts
|
Unlike passwords, two factor authentication (2FA) is a two-step process that asks for an additional unique identification. Examples are: sending OTP to your mobile phone, sending OTP to your email account, or by using an external service such as Google Authenticator The WordPress Secure 2FA Login plugin offers a robust solution with multiple two factor authentication methods. It lets the WordPress administrator choose from four different options to secure their WordPress site login. |
The WordPress login screen which includes an additional step for email verification |
Two-Factor Authentication Methods
The WordPress two step authentication plugin can employ the following authentication methods:
- Google Authenticator – Require secret from Google’s secure app
- Mobile Phone SMS – Send a text message with a one-time key
- Email Code – Send a message with a one-time use code
- Email Link – Send a message with a one-time use link
- Email Code or SMS Code – Let the user a choice between sending a message with a one-time use code via email or SMS
WordPress 2FA Admin Dashboard
Setting the Protection Method | The WordPress 2FA plugin also lets the WordPress administrator define which user roles require two-factor login credentials. The admin can of course apply our enhanced security check for all users. |
Google Authenticator
|
The Google Authenticator is a free application which can be used on iPhones or an Android-based smartphones. It provides an extra security level for the login process. The GA application constantly generates a one-time code which is valid for a short period of time. The users has to enter that code in addition to his login and password in order to access his account. |
Example of OTP Codes in Google Authenticator App |
Limit Logins by Number of IPs and Devices
Login blocked from a new IP address |
Restrict how many IPs and/or devices can log in to each account and apply yet another security layer! For example, only allow the admin to log in from a specific computer. If someone tries using another device or IP, the login won't work. |
Collecting Login Statistics
|
The WordPress 2FA Plugin allows to collect statistics about all logins that were made using 2FA protection on your site. The statistics dashboard shows the detailed information about the user, login method, device and browser info, user's IP address, status of the login and login attempt time. |
Login Statistics Dashboard |
User and Admin Notifications
Notifying Users About New Security Feature |
Each 2FA protection method has it's own email template for notifying users, either it's a message about creating a GA secret for the user, or SMS & email verifications. Optionally, you can set additional email addresses which will receive a notification with login info (code or verification link) every time somebody tries to login. And one more notification allows you to inform your users that you enabled new login security feature on your site. |
Using WordPress 2FA Plugin
- Improve WordPress site security – Add an additional unique level of security to each user account with a secret key, helping to block hackers, bots, malicious users and other unwanted intruders
- Define which accounts need enhanced password security – Admin can define which account type needs OTP security access
- Define 2FA Expiration time – Admin can define how long each verification option is valid until the user needs to generate a new one
- Define time to logout – Admin can define how long each user can use their recent OTP login, in case they are not active for a defined amount of time
WordPress Two-Factor Authentication Plugin Additional Resources
2FA-Related Blog Resources
WordPress Two Factor Authentication Features
Please check the user guide to learn more about this plugin.
2FA Methods
Google Authenticator
Require users to enter a unique code generated by their Google Authenticator app. Google uses Time-based One Time Passwords (TOTP) and HMAC-based One Time Passwords (HOTP) to protect your website.
Email Verification
Send a unique link to the users’ email each time they try to log in.
Mobile Phone SMS
Send a SMS to users with the one-time password when they try to log in. The plugin uses the reliable Amazon SMS service (AWS SNS).
Email Code
Send a unique code to the users’ email each time try to log in.
Control Access
Access by User
Enable two-factor authentication method for chosen users.
IP Limit
Define how many IP address each user role can use to log in.
Override Password
Choose users who will only need the secondary authentication method. They won’t require a password.
Auto Logout
Define the time for automatic logout after some period of inactivity or activity.
Limit Login from Specific IPs
The WordPress Two Factor Authentication Plugin can let you limit logins from a defined set of IP addresses.
Limit Login Attempts From the Same IP
Limit the number of failed login attempts from the same IP address. Define the number of attempts and set a time limit for each specific login page.
Admin Notifications
Admin can define a list of email addresses to which each user 2FA notification is sent. In such case when a user login, the notification is sent to the user and also to the list of email addresses set by admin.
Access by Role
Define which user roles need enhanced 2FA. Require an extra layer of security for users who are prone to using a weak or common password.
Device Limit
Choose how many devices each user can use to log in.
Define Expiration
Define the duration of each code sent to the user once expired, the user will need to generate a new code.
Define Code Characters and Length
Define the length of the randomly generated verification code and what characters it may consist of.
Trusted Device
Users can choose trusted devices for specific number of days. This way they don’t need to login everytime when they visit site.
Specific User Settings
Admin can turn off or reset 2FA setting per each user while editing the user profile from the admin dashboard. Admin can also view and send the user a QR code so the user can scan it with Google Authenticator app.
Utilities
Customize Notifications
All notifications, including SMS and email templates, can be easily customized. You can also provide users info about their login attempts: login time, IP and used browser.
Statistics
Collect statistics about all login attempts which were made with the enabled protection method and track the login success rate.
Code Expiration Countdown
Display the countdown in the login form to inform users about when the code expires.
Separated Fields
Show separated fields for Google Authenticator protection method to make the interface more user-friendly.
User Roles Manager
Easily create, duplicate and delete user roles. Edit basic user capabilities with a simple and user-friendly interface.
Notify Users About Enabling 2FA
Notify your site users about enabling 2FA protection on your site. You can either notify all users or only those ones that are required to use 2FA. Optionally, you can skip users which are already notified. The notification message is customizable.
Statistics Dashboard
Monitor the details about 2FA logins using the statistics dashboard. It shows the info about the user, login method, device and browser info, IP address, status of the login and login attempt time.
Customizable Login Instructions
Add instructions to the login form. You can customize this message by using HTML and media content.
Labels
All frontend labels can easily be changed to any language so the user interface will speak your language.
WordPress Secure Login Plugin Plans and Pricing
| PLANS | Essential | Advanced | Ultimate |
| Price includes 1 year support/updates. Manual renewal with 40% discount, not a subscription | $39 | $79 | $119 |
| Number of Websites / License Activations | 1 | 3 | 5 |
| BASIC FEATURES | |||
| Google Authenticator Support |  | | |
| SMS Verification | | | |
| Email Link Verification | | | |
| Email Code Verification | | | |
| ADDITIONAL RESTRICTIONS | |||
| Access by User | | | |
| Access by Role | | | |
| IP Limit | | | |
| Device Number Limit | | | |
| Override Password | | | |
| Define Expiration | | | |
| Auto Logout | | | |
| Define Code Characters and Length | | | |
| Limit Login from Specific IPs | | | |
| Limit Login Attempts From the Same IP | | | |
| Trusted Device | | | |
| TOOLS | |||
| User Roles Manager | | | |
| Customize Notifications | | | |
| Notify Users About Enabling 2FA | | | |
| Statistics | | | |
| Separated Fields | | | |
| Customizable Login Instructions | | | |
| Labels | | | |
| ADD-ONS | |||
| CM HTTPS SSL Plugin |  |  | |
| CM Email Blacklist Registration Plugin | | | |
| CM Admin Tools Plugin | | | |
| CM Site Access Restriction Plugin | | | |
| SUPPORT | |||
| Product Knowledge Base |
|
|
|
| Priority email support |
|
|
|
| Product updates |
|
|
|
| PLANS | Essential | Advanced | Ultimate |
| Number of Websites / License Activations | 1 | 3 | 5 |
| Price includes 1 year support/updates. Manual renewal with 40% discount, not a subscription | $39 | $79 | $119 |
WordPress Two Step Authentication Related Plugins
Secure Login and Two-Factor Authentication Image Gallery
-
- Secure Login general settings
-
- Secure Login general settings
-
- Secure login Google Authenticator settings
-
- Secure Login SMS settings
-
- Secure Login Email code settings
-
- Secure Login Email link settings
-
- Secure Login labels settings
-
- Secure Login – example when using email link
-
- Secure Login – example when using GA authentication
-
- Secure Login – example when using SMS verification
Back-end Gallery
-
- General
-
- General-Common
-
- Google Authenticator
-
- SMS
-
- SMS-Email Template
-
- Email Code
-
- Email Link
-
- Appearance
-
- Notifications
-
- Labels
-
- Labels-Email Link
-
- Labels-SMS Code
-
- Notify Users-Visual
-
- Notify Users-Text
