WordPress 2-Step Verification plugin

WordPress 2-Step Verification (WP2SV) is a fantastic new security plugin. (FYI: There’s another Google Authenticator plugin that allows app-specific passwords but doesn’t have email as a 2-factor authentication option, which I fancy.)

It uses Google’s 2-step authentication (video describing the concept is below) for your WordPress logins.

Featured Plugin - WordPress Google Maps Plugin

Simply insert google maps into posts, sidebars and pages - show directions, streetview, provide image overlays and do it all from a simple button and comprehensive widget.
Find out more

Initial Setup

Initial setup is easy. Go to Users -> 2-Step Verification and click the verification method you prefer (Android, iPhone, or BlackBerry and/or email).

After you’ve successfully added one, there will be a big button (you can’t miss it) to click to activate 2-factor authentication for this WordPress user.

Each user can only have a single mobile device but can have both a mobile device and an email address setup for 2-step authentication. The Google Authenticator Android app and iOS app are very easy to use and don’t even require a data connection.

Featured Plugin - WordPress Infinite SEO Plugin

Fully integrated with the SEOMoz API, complete with automatic links, sitemaps and SEO optimization of your WordPress setup - this is the only plugin you need to help you rank your site number 1 on Google - nothing else compares.
Find out more

Usage

If you enter the wrong authentication code (a typo), it won’t let you try to enter that same code again. You’ll need to generate a new code (or click to send a new email).

The 2-step verification setting is activated per user, not site-wide. So if one user turns it on, it doesn’t lock out everyone else who hasn’t setup 2-factor authentication yet.

It works for all user levels, from Subscriber to Administrator.

Watch Out

If you remove your active verification (mobile and/or email) but do not click to deactivate 2-step authentication, you’ll get locked out.

If this accident happens, you can go into PHPMyAdmin and find the ‘wp2sv_enabled’ meta_key in the wp_usermeta database table. Then just delete the row (not change the meta_value) and 2-step verification will be turned off for that user.

Featured Plugin - WordPress Q&A Site Plugin

It's now incredibly easy to start your own Q&A site using nothing more than WordPress - The Q&A plugin simply and brilliantly transforms any site, or page, into a perfect support or Q&A environment.
Find out more

Final Thoughts

The plugin is fully functioning, and I’m sure it will get some tweaks as more people download it.

Maybe it’ll even be enhanced in a way that forces the 2-step verification for all users, including setting it up as part of the new WordPress user registration process. How do you like that idea?

Overall, it’s a great tool to add an extra layer of security to one of the easiest WordPress security exploits — your username and password combination — especially for sites that don’t have HTTPS logins.

Credit: screenshots from the plugin’s WordPress.org page

Featured Plugin - WordPress Wiki Plugin

To get a wiki up and running you used to need to install Mediawiki and toil away for days configuring it... not any more! This plugin gives you *all* the functionality you want from a wiki, in WordPress!!!
Find out more
Tags

Comments (6)

Participate