By default, username and password are enough for logging into a WordPress site. There are some plugins which activates captcha, security question, pin etc but in this lesson you will learn something new, interesting and more secure. Something that can stop both brute force attacks and people attempting to login to your website.
In this lesson you will see how to make login possible through a special bookmark followed by a security question.
Login Dongle is a WordPress plugin which not only acts as an extra security layer but makes login possible thru a special bookmark. Hence, users having this specific bookmark can only login to your WordPress site. Whereas people trying to login from /wp-admin page or wp-login.php will be seeing an error message like ‘Cheating? Huh..’ or
Start by installing ‘Login Dongle’ plugin in WordPress
Upon activation, customize the warning message by visiting your admin area dashboard Settings -> Login Dongle page.
For activating your security question and bookmark
Visit your admin area dashboard Users -> Your Profile page and type in your security question, answer, save changes and then drag the bookmark to your bookmark bar as shown in the given video tutorial.
Other users may also do the same.
As soon the security question is set, you can only login by clicking the bookmark and not from default login page URL, even if one knows the correct username and password.
Why it works
- Under the hood, bookmark submits login data, together with the challenge and response.
- When both challenge and response are validated on server, the login becomes succesful, otherwise it dies.
- The login page looks exactly the same as default, so attackers and spam bots won’t know how to guess this challenge and how to response.
- Only you know the response to the challenge, so nobody but you will be able to use the bookmarlet.
Another good thing is even if someone uses your computer with saved username and password won’t be able to login due to security question popup.