Hit enter to search or ESC to close
Security is important when you have a website with user registration and login functionality.
This is why providing your site users with the option to enable 2 factor authentication in WordPress when logging into their accounts may be necessary in some cases. When users have access to sensitive information, systems, or data, you really don’t want hackers to steal their credentials. When using 2FA, password database theft or phishing campaigns will not affect the integrity of protected accounts.
With the WordPress Two-Factor Authentication option activated from Profile Builder Pro, your visitors can log in securely using third-party mobile authentication apps (such as Google Authenticator), not just their username and password .
That’s exactly what we will talk about in this post. So let me show you how to set it up for your website and secure your visitors’ accounts. Let’s get into it straight away!
To enable this function on your website you can use the Profile Builder WordPress plugin, which is a complete customization system for WordPress registration, login, and editing-profile behavior.
In addition to letting you create beautiful and fully personalized registration, login and edit-profile forms, Profile Builder comes with many additional functionalities, such as email confirmation for new users, user approval, content restrictions, custom and conditional form fields , and many many more.
There is a free version of Profile Builder on WordPress.org, but you need one of the paid versions to use 2 factor authentication.
After your purchase, you will need to install and activate Profile Builder (hobbyist or pro) just like any other WordPress plugin. Simply go to your WordPress Dashboard and navigate to plug-in. press add new button at the top and upload your purchased version.
Once you have your plugin up and running, it is time to set up two-factor authentication.
To start it, first go here Profile Builder → Settings From your WordPress Dashboard and then navigate to two-factor authentication tab. Next, just “Set” to activate the featureEnable two-factor authentication“the option” Yes from dropdown.
You can then choose which user roles will have access to this functionality. Once the changes are saved, users with valid roles will now have the option to enable two-factor authentication from the Edit Profile form.
By default, Profile Builder will only show a new ‘Authentication Code’ field on the login form for users who have activated the functionality themselves. but IIn addition, the plugin also supports this shortcode logic [wppb-login show_2fa_field=yes] This will force the authentication field to always be displayed on the Profile Builder login form, regardless of whether users activate this functionality or not. However, in this case, users who have not yet activated two-factor authentication on their account will be able to log in leaving the authentication field blank.
Two-factor authentication functionality lets users of your website authenticate themselves upon login using third-party authentication apps such as Google Authenticator, Microsoft Authenticator, LastPass Authenticator, and others for better security.
When the functionality is enabled, an ‘Authenticator Code’ field will appear on the login form. This is where the user has to input his valid TOTP (Time-Based One-Time Password) provided by the mobile app of his choosing. Don’t worry, we’ll learn about it in the next section.
But all this is possible only if the users themselves activate and set up two-factor authentication for their accounts. You cannot force users to activate this functionality, only strongly suggest that they do so.
So, how do users enable 2 factor authentication for their account? Luckily the next part is about that.
When this functionality is enabled on your site, a”two-factor authenticationThe “Edit-Profile for each user” section will appear in the front-end, at the end of the form. Checks if a user Active In the checkbox, the rest of the two-factor authentication settings will be revealed.
From here the user will be able to set the following fields:
In order for the user to activate 2 factor authentication for their account, they have to either scan the generated QR code with the app of their choice or manually enter the details and secret key.
For example, when using Google Authenticator, this is where the user will manually input the details and key:
Once the user has added a new entry, the app will generate a TOTP for them To authenticate securely on the specified website. The code will only be available for a certain amount of time before it is refreshed and a new code is generated. It should look something like this:
The user will then be able to input this one-time generated code into the ‘Authenticator Code’ field on the login form and securely log in to their account.
By using Profile Builder Pro and its two-factor authentication functionality, you can give your website users the peace of mind knowing that their accounts are secure and strong.
In this post, we’ve shown you how you can allow your site visitors to secure their accounts using a mobile authentication app:
We’ve shown you how to enable the functionality globally on your site, but also how users can enable it on their own particular accounts.
Profile Builder lets you create a completely customized and cohesive experience for your website users both upon registration and login, giving them the option to edit what is shared on their profile at any time. And now they can do it even more safely.
Buy Profile Maker and start offering your site users more secure accounts today:
Do you still have questions about activating 2 Factor Authentication on your website? Tell us in the comments and we’ll try to help!
For new plugins, discounts and brief updates about what’s new with Cozmoslabs!
About the author