Sep 302015
 

WordPress Two Factor Authentication Core Files post talks about security and two factor implementation for your website.

Last Updated: September 7, 2023

Latest News: I updated the information below.

wordpress-security-plugins-two-factor

WordPress are going in the right direction. They have decided to implement better security into the core file system. This will help fight brute force login attempts and stolen passwords. This new security feature might not be added to the core files. You can read more about it from the following URL the-two-factor-plugin-is-currently-on-a.

What does this means for many of you running WordPress? You won’t have to install a Two Factor plugin any more if you had one installed unless you prefer and like the plugin you are using. It also means that it will be extremely challenging for hackers to brute force attack into your website.

Note: You might also be interested in reading the following tutorial Google Authenticator Security WordPress.

Two Factor  version 0.8.2 changelog. Check the following changelog URL two-factor releases.

What You Need:

WordPress Two Factor Authentication Core Files

Step 1 ) The following image shows you the standard WordPress profile before you activate the plugin.

wordpress-two-factor-authentication-before

Step 2 ) Once you activate the plugin you will see the following settings in your profile.

Two-Factor Options Part 1

  • Email – Authentication codes will be sent to your email address.
  • Time Based One-Time Password (TOTP)
  • Authentication Code:

wordpress-two-factor-authentication-options-part1

Step 2-a ) The following image allows you to select from the following options.

Two-Factor Options Part 2

  • FIDO U2F Security Keys
  • Backup Verification Codes (Single Use) Click on Generate Verification Codes button 0 unused codes remaining.

wordpress-two-factor-authentication-options-part2

Step 3 ) The following image Security Keys allows you to generate security keys if you selected this option in Step 2-a ) above.

Note: U2F requires an HTTPS connection. You won’t be able to add new security keys over HTTP. 

wordpress-two-factor-authentication-security-keys-new

You can see how much security this new feature will add to WordPress once it is implemented. I know all of you will be very happy once it is out.

I will be updating this tutorial from time to time so keep coming back for the latest updates.

If you have a questions send me an e-mail or leave a comment.

Enjoy.

I have been working in IT since 1999 and I enjoy the challenges it brings me. I love developing websites with WordPress. I spend a lot of time helping out in wordpress.org forums. I have been writing tutorials since 2011. Now I am learning how to manage my own VPS "Virtual Private Server.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

6 + 20 =