Banking websites often ask for the answer to one or more security questions in addition to the password while doing online transactions. We would have set these questions and answers at the time of online banking registration. These questions are a way of providing additional security to our transaction. As we have discussed before in other blogs, WordPress sites are a common target for hackers because of its popularity. Hence it would be always wise to make our WordPress sites less vulnerable to attacks.
We have already explained how to secure WordPress sites by implementing two-factor authentication using Google Authenticator and Google reCaptcha. We can also add security questions to the login screen to improve our WordPress site’s security. All these methods can be either used independently or together to create a secure WordPress site. In this blog, I will go through the 7 simple steps to add security questions to the WordPress login page. The entire process takes less than 5 minutes.
Step1: Install miniOrange 2-factor authentication plugin.
Step2: Go to the settings page of this plugin from dashboard. Here we have to provide our email address, company name, and a password. Now click the Create Account button.
Step3: We will receive a one-time passcode to the registered mail address for verification. We have to enter this passcode and validate it by clicking the Validate OTP button.
Step4: Once the passcode is validated a pop-up screen will appear which will guide us through the installation process. Click Next and select security questions as the two-factor authentication method.
Step5: Now select two security questions from the available choices and create a custom question. Provide answers for all the three. It is very important to note down these questions and answers somewhere safe (perhaps in your Google Drive). If we forget these answers, we will be locked out of our website. Now click the Save button.
Note: My suggestion is to add some personal question as the custom one to ensure better security.
Step6: Now a confirmation screen will appear as shown below.
We have an option to test the security question by clicking the Next button. I recommend doing this test to ensure that everything is working fine. Provide answers to the questions and click Validate Answers button.
Once the answers are validated we have successfully configured security question authentication to our website.
Step7: Now let us go to our login page as usual and enter the correct username and password and try to log in. After log in, a new page with security questions will appear as shown below.
Now for testing, let us enter incorrect answers for the questions and click the Validate button. We will get an error message as shown below.
If we enter the correct answer to the security questions we will be able to log in successfully.
So finally in seven simple steps and less than 5 minutes we have added additional security to our WordPress website.
Note: In the worst case scenario, if we do not remember the answer to the security questions then we are locked out of our website. As we do not have access to the admin dashboard it is also not possible to deactivate the plugin.
In this case, the available option to regain access to our site is by deleting the plugin directly from our hosting server using FTP. We can do this manually, but it requires some knowledge about WordPress folder structure and tools such as FileZilla. If we are uncomfortable with this then we can always contact our hosting provider and ask for assistance.