Here’s one way to hardened your WordPress security – enable 2-factor authentication and single-sign-on for WordPress. 2-factor authentication identifies users by means of passwords as well as something the user has that’s unique.
By default, WordPress allows anyone to access its admin page. Anyone can browse to www.example.com/wp-admin.php or www.example.com/wp-login.php.
Anyone with the correct username and password is allowed to login. And if the user is signed in with the administrator account, he/she can take over the entire site and content.
This brief tutorial is going to show you how to enable 2-factor authentication for WordPress using Jetpack Single Sign On module.
Using Jetpack Single-Sign-On module disables the traditional WordPress login for your site and redirects all authentication and validated to WordPress.com.
This a great way to combat brute force attacks and dictionary or password guessing malware and reduce unnecessary traffic load on your server.
The steps to enable single-sign-on or 2-factor authentication for WordPress are below:
Step 1: Go and register for a free WordPress.com account using this link. This will allow you to create a personal blog on wordpress.com.
Step 2: After creating your free account, go and enable two factor authentication from your account dashboard –> Security –> 2-factor authentication. Or click this link to access that page.
After enabling two factor login to WordPress, you’ll be required to sign on with password and a security code sent to your mobile phone.
Step 3: Once you’ve configured 2-factor authentication, go to your custom WordPress site and install and activate Jetpack plugin.
After installing and activating Jetpack, you’ll be prompted to connect to WordPress.com… Click the button that reads ‘Connect to WordPress.com‘
You’ll authenticate and your site should now be connected and linked to WordPress.com
Step 4: After linking your site to WordPress.com, go to Jetpack settings and enable Single Sign On module. After Jetpack’s Single Sign On module is activated.. go to your Dashboard –> Users –> Your Profile...
There at the bottom, click to click the button that reads ‘Login with WordPress.com‘
Step 5: Finally, login to your server files and go to your theme folder.. at ~/wp-content/themes/your_theme.
Then edit the function.php file and add this line in the file and save it.
add_filter( 'jetpack_sso_bypass_login_forward_wpcom', '__return_true' );
After that, Single Sign On will be enabled for your WordPress site.
There are other providers that allows WordPress owners to enable 2-factor and Single Sign On by installing simple plugins, but I prefer Jetpack, because it’s created and maintained by WordPress.com, the parent company behind WordPress CMS.