Website security is one of the biggest concerns a website developer can face in today’s world, thus it is imperative that your website is guarded against incoming threats.
Normally most security plugins will guard against hackers and keep spam bots off your website, but today we will look at strengthening login security. One of the most classic login security features has to be security questions.
The security question is simply a question selected when you make an account. Once you select the question, you can then put in an answer that only you would know.
This question is used in circumstances such as when you forget your password, log in on a new device, or change your password. Today I will demonstrate how to add security questions on registration pages.
Why Use Security Questions on WordPress Login Pages
Unfortunately, the security of your own website may not be the only problem during a hacking attack. Many users use the same password and email for every account they make if that is possible.
Once one website has been compromised and the user’s email and password information are in the hands of hackers, their account information is compromised on all platforms that use that information.
Now imagine that happening to an admin account for a website. It’s not a pretty image.
The security question acts as a second password that a hacker will have trouble guessing depending on what the question is. This makes it difficult for hackers to enter every website the compromised user has entered.
Of course, many other security methods have been created on various platforms. A very popular one is mobile alerts that send a text message to your mobile phone to ask if you have tried logging in on a new device.
Another would be authenticator apps for your smartphone. In any event, there are numerous ways you can improve your website’s security where logins are concerned.
Adding Security Questions to the Login Page
There are plenty of plugins that allow you to add a security question to your site’s login area, but perhaps the best one is the Two Factor Authentication plugin. It’s a multipurpose plugin that adds a variety of defensive features to the login area.
This includes two-factor authentication, Google Authentication support, and what we are after, creating security questions for your accounts. Overall, the plugin is powerful and easy to use, which is why I will demonstrate it.
Note: This plugin will only allow you to create security questions for three admin accounts. It is not for regular users.
Step 1: Install Two Factor Authentication
Let’s start by clicking on Plugins and selecting the Add New option on the left-hand admin panel.
Search for Two Factor Authentication in the available search box. This will pull up additional plugins that you may find helpful.
Scroll down until you find the Two Factor Authentication plugin. Due to how generic the name is, you may have to scroll down a bit to find it. Just make sure you’re looking for the one created by miniOrange.
Once you do, click on the “Install Now” button and activate the plugin for use.
Step 2: Choose to Configure Security Questions
When it comes to the free version of this plugin you have two things you can do. You can either require users to enable the Google Authenticator (one-time password) or enable security questions.
For this tutorial, we are focusing on security questions. As a reminder, it can only be used for three admin accounts. For more options, you will need to purchase a premium plan.
On the left-hand admin panel, click on Multi-Factor Authentication and select the Two-Factor option.
Click on the Configure option under the Security Questions section.
Step 3: Choose Your Security Questions
The questions you used will be activated on the admin account you are currently logged into. You can add three security questions to the account. You can choose from a list of pre-defined questions and create your own.
Use the drop-down list to select the question you want to pick. You cannot use the same question twice.
Next to the question you selected, fill in the answer. Be sure to write this down or take a picture of the screen with your phone.
The third option allows you to enter your own question. Try to make this something only you would know and not something another person could guess or figure out.
After you have selected your security questions, click on the “Save” button.
Once it is set up, you can test it. To avoid getting locked out, it is recommended to use an incognito window to log into your account. When you try to log in, you will be asked a security question like so:
If you are locked out, you will have to follow the plugin documentation for additional steps you can take.
And with that, you are done. Congratulations on adding security questions to your admin accounts. It is a great way to protect it from hackers. For the best results, it is also recommended to install a security plugin.
Additional Plugins
Security is one of the major concerns that every web developer faces and many WordPress security questions plugins have been created for this specific topic.
Many of these security plugins have built-in login security features like security questions. There is also a slew of security plugins that improve other aspects of your website.
Here are some plugins I can recommend trying out.
Loginizer
Loginizer is a popular security plugin that focuses on making your visitor’s logins as secure as possible with a plethora of features at its disposal. It is a very popular plugin with over 1,000,000 active installs.
Some of its key features include a security question, email notification when a login is made on their account, Google’s reCAPTCHA services, and many other great features to keep your login area safe.
You may need a premium account to access some of these features.
Google Authenticator – Two Factor Authentication (2FA)
No, your eyes are not deceiving you. Google Authenticator – Two Factor Authentication (2FA) is a similarly named plugin to what we just covered by the same creators, miniOrange, but is a more robust version.
The main difference is that this one focuses more on 2FA, which means that when you log in, you will receive an SMS message with a code on your mobile device.
It also includes everything we covered above, thus if you want even more choices, this is a great option to consider.
Keep Your Website Secured
A security question will help keep potentially compromised accounts safe. It’s important to take these measures and use a popular and well-respected security plugin to guard your website.
You may also want to consider setting up CAPTCHA on your website for some added protection.
Remember protection is very important, but your visitors are even more important. Additional security features are generally seen as a real annoyance to website visitors much like ads.
You do not want to be too intrusive when setting up extra security measures, so make sure that only necessary measures are put in place.
That said, failing to put in security measures at all is a serious blunder that can ruin your website.
Have you removed or created any additional security questions for your website? Have you tested your website to make sure the security questions felt like they belonged where you place them?