The SWPM Two-Factor Authentication Addon can be used with the Simple Membership Plugin to add an additional security measure for member login.
While all members are required to provide their correct username and password when logging in, if this addon is enabled, members will also need to supply the unique code sent to their email at the time of login in.
This greatly enhances the member login security and reduces account sharing.
What is a Two-Factor Authentication and How Does it Work?
Two-Factor Authentication often referred to as Two-Step Authentication is a security feature. When the Two-Factor Authentication Addon for Simple Membership is enabled, members will need to enter their password as well as the randomly generated code sent to their email. This ensures that the person logging in is the ‘real’ member.
Also referred to as 2FA, multiple factor authentications are crucial in staying safe online in today’s society. When we expose so many personal details on the internet it is important that those details remain confidential.
The SWPM Two-Factor Authentication Addon makes it easy to add an additional security layer to the member login. This not only deters hackers from trialing combinations to access a members account but also means if they do work out the password they still cannot log in.
While implementing this addon on your site does mean it may take members extra few seconds to login (since they have to retrieve the special code from their email), it protects any unauthorized access to their account. Also, this process makes the sharing of member account difficult since the member is required to get the special code from the email. So it is not feasible to share the username and password that easily.
Installing the Simple Membership 2FA Addon
- Click on the Add New menu under the plugins interface.
- Go to the Uploader tab and upload the swpm-2fa.zip file
- Hit the Install Now button and then activate the addon
Configuring the SWPM Two-Factor Authentication Addon
- Ensure that you have Installed and Activated the addon.
- Once the addon is activated on your WordPress site, you will see a new menu under WP Membership. This menu is titled Two-Factor Authentication.
- Within this menu you will need to mark the checkbox to enable 2FA on your website.
- Ensure the From Email Address is correct and includes your domain name for example: ‘firstname.lastname@example.org‘.
- Customize the Email Subject if needed.
- Customize The Email Body if you wish. Do not edit the information within the brackets/braces. This contains information to generate the unique code your member will need to login.
- Click on the Update button.
- This feature is now enabled on your site. Create a ‘test’ member to ensure the email is sent correctly and the login flow works as required.
How Do Members Log in With Two-Step Authentication?
The login process is similar to the ‘normal’ member login in the fact that a username and password is required. Once the member enters their correct username and password they will then be prompted to enter the second step authentication. This is in the form of a unique code sent to the member’s email. Once they copy and paste the correct code into the required field they will be logged into the site.
Step 1) The member registers for the site and then logs in using their correct username and password. After hitting the Login button, an email is automatically sent to the members email address. This is where the importance of a correct and valid email address occurs. This email contains their unique login code.
Step 2) The member is prompted to enter the code sent to their email in the required field.
Step 3) The member copies and pastes the code from their email into the confirmation code field and clicks Continue.
Step 4) The member is successfully logged into the site.
Excluding Certain Members from the Two-Factor Authentication Process
If for any reason you would like for some of your members to bypass the two-factor authentication process you can do so by disabling this feature in each of their profiles. By default, all your members will need to complete the 2FA process. See the steps below to disable 2FA for any given member.
Disabling 2FA for a Member
- Click on WP Membership and then on the Members menu.
- Click the Edit button for the member that you would like to disable 2FA for.
- Scroll to the bottom of the page. You will see a checkbox titled Disable Two-Factor Authentication.
- Mark the Checkbox to disable this feature for that particular member.
- Click the Save Data button.
- Complete steps 2 to 5 for any member that you wish to disable 2FA for.