This brief tutorial shows students and new users how to enable 2-factor authentication and Single Sign On for WordPress blogs.
One great way to protect your WordPress blogs from brute force attacks and other unauthorized access is to enable 2-factor authentication.
Two-factor authentication is a security measure that identifies a user by means of passwords as well as something unique to that user, like a phone number.
When a user enable 2-factor authentication and single sign on, the user must type his/her password and well as the authentication code sent to the users mobile device.
If an attacker gain access to your password, he/she will also need you mobile device in order to access WordPress as you. He/she will not able to gain access to your WordPress CMS with just only a password.
This brief tutorial is going to show you how to enable this additional security measure to hardened WordPress security.
Step 1: Sign up for WordPress.com account
For this tutorial, we’re going to be using Jetpack plugin. This plugin was created by Automattic, the parent company of WordPress CMS.
In order to install and use Jetpack, you’ll have to sign up for a free account at WordPress.com.
Use this link to sign up for WordPress.com
After registering at WordPress.com, login to your account and go to the Dashboard –> Security –> 2-factor authentication page.
Or click this link to go directly there. After enabling 2-factor authentication, you’ll be required to sign on to WordPress.com with your password and the code sent to your mobile device.
Step 2: Install and Activate Jetpack
Go to your custom WordPress blog and install Jetpack plugin. To install WordPress plugin, select Plugins –> Add. Then search for Jetpack and install/activate
After activating the plugin, you’ll be prompted to Connect to WordPress.com blog. Do it.
Step 3: Enable 2-factor and Single On with Jetpack
After connecting your custom WordPress site to WordPress.com, select Jetpack on the left menu and navigate Settings –> Single Sign On.
With Single Sign On, your users will be able to log in to or register for your WordPress site with the same credentials they use on WordPress.com. It’s safe and secure.
Once enabled, a “Log in with WordPress.com” option will be added to your existing log in form.
Next, click Configure and enable the feature as shown below. Save changes.
Finally, go to your WordPress theme file and open function.php. Add this line to the file and save,
add_filter( 'jetpack_sso_bypass_login_forward_wpcom', '__return_true' );
That’s it! After you apply this to your site, your blog will be enabled for 2-factor and single sign on.