WordPress 2-Step Verification plugin

WordPress 2-Step Verification (WP2SV) is a fantastic new security plugin. (FYI: There’s another Google Authenticator plugin that allows app-specific passwords but doesn’t have email as a 2-factor authentication option, which I fancy.)

It uses Google’s 2-step authentication (video describing the concept is below) for your WordPress logins.

Featured Plugin - WordPress Membership Site Plugin

If you're thinking about starting a paid, or just private, membership site then this is truly the plugin you've been looking for. Easy to use, massively configurable and ready to go out of the box!
Find out more

Initial Setup

Initial setup is easy. Go to Users -> 2-Step Verification and click the verification method you prefer (Android, iPhone, or BlackBerry and/or email).

After you’ve successfully added one, there will be a big button (you can’t miss it) to click to activate 2-factor authentication for this WordPress user.

Each user can only have a single mobile device but can have both a mobile device and an email address setup for 2-step authentication. The Google Authenticator Android app and iOS app are very easy to use and don’t even require a data connection.

Featured Plugin - WordPress Facebook Plugin

Would you like to add Facebook comments, registration, 'Like' buttons and autoposting to your WP site? Well, The Ultimate Facebook plugin has got that all covered!
Find out more

Usage

If you enter the wrong authentication code (a typo), it won’t let you try to enter that same code again. You’ll need to generate a new code (or click to send a new email).

The 2-step verification setting is activated per user, not site-wide. So if one user turns it on, it doesn’t lock out everyone else who hasn’t setup 2-factor authentication yet.

It works for all user levels, from Subscriber to Administrator.

Watch Out

If you remove your active verification (mobile and/or email) but do not click to deactivate 2-step authentication, you’ll get locked out.

If this accident happens, you can go into PHPMyAdmin and find the ‘wp2sv_enabled’ meta_key in the wp_usermeta database table. Then just delete the row (not change the meta_value) and 2-step verification will be turned off for that user.

Featured Plugin - WordPress Pop-Up Chat Plugin

No javascript required, no third part chat engine, just fully featured chat right in your own database on your own WP sites - couldn't be easier.
Find out more

Final Thoughts

The plugin is fully functioning, and I’m sure it will get some tweaks as more people download it.

Maybe it’ll even be enhanced in a way that forces the 2-step verification for all users, including setting it up as part of the new WordPress user registration process. How do you like that idea?

Overall, it’s a great tool to add an extra layer of security to one of the easiest WordPress security exploits — your username and password combination — especially for sites that don’t have HTTPS logins.

Credit: screenshots from the plugin’s WordPress.org page

Featured Plugin - WordPress Newsletter Plugin

Now there's no need to pay for a third party service to sign up, manage and send beautiful email newsletters to your subscriber base - this plugin has got the lot.
Find out more
Tags

Comments (5)

Participate