Sunday, January 23rd, 2022

WordPress 2 Factor Authentication (plugin + how to set up)

Security is important when you have a website with user registration and login functionality.

This is why providing your site users with the option to enable 2 factor authentication in WordPress when logging into their accounts may be necessary in some cases. When users have access to sensitive information, systems, or data, you really don’t want hackers to steal their credentials. When using 2FA, password database theft or phishing campaigns will not affect the integrity of protected accounts.

With the WordPress Two-Factor Authentication option activated from Profile Builder Pro, your visitors can log in securely using third-party mobile authentication apps (such as Google Authenticator), not just their username and password .

That’s exactly what we will talk about in this post. So let me show you how to set it up for your website and secure your visitors’ accounts. Let’s get into it straight away!

What do you need to enable 2 Factor Authentication on your WordPress site?

To enable this function on your website you can use the Profile Builder WordPress plugin, which is a complete customization system for WordPress registration, login, and editing-profile behavior.

In addition to letting you create beautiful and fully personalized registration, login and edit-profile forms, Profile Builder comes with many additional functionalities, such as email confirmation for new users, user approval, content restrictions, custom and conditional form fields , and many many more.

There is a free version of Profile Builder on, but you need one of the paid versions to use 2 factor authentication.

After your purchase, you will need to install and activate Profile Builder (hobbyist or pro) just like any other WordPress plugin. Simply go to your WordPress Dashboard and navigate to plug-in. press add new button at the top and upload your purchased version.

Once you have your plugin up and running, it is time to set up two-factor authentication.

Enabling Two-Factor Authentication for WordPress

To start it, first go here Profile Builder → Settings From your WordPress Dashboard and then navigate to two-factor authentication tab. Next, just “Set” to activate the featureEnable two-factor authentication“the option” Yes from dropdown.

You can then choose which user roles will have access to this functionality. Once the changes are saved, users with valid roles will now have the option to enable two-factor authentication from the Edit Profile form.

By default, Profile Builder will only show a new ‘Authentication Code’ field on the login form for users who have activated the functionality themselves. but IIn addition, the plugin also supports this shortcode logic [wppb-login show_2fa_field=yes] This will force the authentication field to always be displayed on the Profile Builder login form, regardless of whether users activate this functionality or not. However, in this case, users who have not yet activated two-factor authentication on their account will be able to log in leaving the authentication field blank.

How WordPress Two-Factor Authentication Works

Two-factor authentication functionality lets users of your website authenticate themselves upon login using third-party authentication apps such as Google Authenticator, Microsoft Authenticator, LastPass Authenticator, and others for better security.

When the functionality is enabled, an ‘Authenticator Code’ field will appear on the login form. This is where the user has to input his valid TOTP (Time-Based One-Time Password) provided by the mobile app of his choosing. Don’t worry, we’ll learn about it in the next section.

Authenticator code field on login form

But all this is possible only if the users themselves activate and set up two-factor authentication for their accounts. You cannot force users to activate this functionality, only strongly suggest that they do so.

So, how do users enable 2 factor authentication for their account? Luckily the next part is about that.

Activating Two-Factor Authentication for WordPress as a User

When this functionality is enabled on your site, a”two-factor authenticationThe “Edit-Profile for each user” section will appear in the front-end, at the end of the form. Checks if a user Active In the checkbox, the rest of the two-factor authentication settings will be revealed.

Activating 2 factor authentication as a user

From here the user will be able to set the following fields:

  • Active – This checkbox defines whether the user will be required to use two-factor authentication upon login.
  • comfort mode – Checking this checkbox allows more time drifting and adds a few more minutes for the user to check their mobile app and come back with TOTP.
  • description – What the user inputs here the authenticator app will display as the account name. By default, this will be set to the name of the website, but this can be customized at any time.
  • Secret – This field contains a randomly generated secret key that the user needs to input in order to set up a new entry in their selected authenticator app. to click new mystery If necessary the button below generates a new secret code and QR code The button will show the scannable code. * A new secret code should be generated every time the user makes a change in the details field.
  • Verify TOTP – This is where users will input time-based one-time password Generated by their chosen authentication app after adding new entry. They have to check the validity of the password (by clicking) Check button) before two-factor authentication was actually enabled. This is one way to ensure that your users won’t accidentally get locked out of their accounts if two-factor authentication isn’t set up properly.

Using Google Authenticator With WordPress (Or Other Third Party Apps)

In order for the user to activate 2 factor authentication for their account, they have to either scan the generated QR code with the app of their choice or manually enter the details and secret key.

For example, when using Google Authenticator, this is where the user will manually input the details and key:

Google Authenticator Manual Entry

Once the user has added a new entry, the app will generate a TOTP for them To authenticate securely on the specified website. The code will only be available for a certain amount of time before it is refreshed and a new code is generated. It should look something like this:

TOTP generated by Google Authenticator

The user will then be able to input this one-time generated code into the ‘Authenticator Code’ field on the login form and securely log in to their account.

Enable WordPress 2 Factor Authentication for your website today

By using Profile Builder Pro and its two-factor authentication functionality, you can give your website users the peace of mind knowing that their accounts are secure and strong.

In this post, we’ve shown you how you can allow your site visitors to secure their accounts using a mobile authentication app:

  • Google Authenticator;
  • Microsoft Authenticator;
  • LastPass Authenticator;
  • and any other.

We’ve shown you how to enable the functionality globally on your site, but also how users can enable it on their own particular accounts.

Profile Builder lets you create a completely customized and cohesive experience for your website users both upon registration and login, giving them the option to edit what is shared on their profile at any time. And now they can do it even more safely.

Buy Profile Maker and start offering your site users more secure accounts today:

Do you still have questions about activating 2 Factor Authentication on your website? Tell us in the comments and we’ll try to help!

Subscribe to get early access

For new plugins, discounts and brief updates about what’s new with Cozmoslabs!

Source link