How to setup Security Questions for 2-Factor Authentication plugin in WordPress?
Security questions are one of the very effective methods of Two two-factor authentication (2FA). This 2FA method requires users to answer a pre-set security question in addition to entering their username and password. By combining something which only the user knows (the answer to the security questions) with something they have (their password), this method makes it much harder for unauthorized users to gain access.
Why should you choose the Security Questions method for your WordPress site?
Security questions can be particularly useful for users:-
- Who may not have access to a mobile device for app-based 2FA. (Its non-dependency on phone, email, etc. makes it useful in cases where users don’t have access to these.)
You can download miniOrange 2-Factor Authentication(2FA) plugin using the following link:
This plugin can be configured for any TOTP-based/OTP Login 2fa methods like Duo/Microsoft/Google Authenticator. It supports OTP login based 2fa methods [24/7 SUPPORT]
Pre-requisites For Setting Up Security Questions as 2FA method.
To set up security questions for your WordPress site, you start by installing the WordPress 2FA plugin and that’s all as security questions as the 2FA method is not dependent upon any device, app, or email.
Getting started with the Security Questions setup
There are following two simple ways by which an administrator can setup security questions as two-factor authentication methods for the users.
- Setup Wizard
- From the plugin Dashboard
1. Security Questions setup through Setup Wizard
Let’s follow the steps below to set up the Security Questions method as 2FA for your users with the help of the setup wizard.
- Click on the Let’s get started! button.
- Choose the first option “User should setup 2FA during first login.”
Choosing this option as name suggests will make user’s compulsorily configure 2FA methods (in this case we will be configuring Security Questions). - Click on the Continue Setup button.
- Choose the ”All users” option to set 2FA for all and click on the Continue Setup button.
- Choose only for a specific roles option.
- Select the particular role for which you want to set 2FA. (As administrator has been chosen here. This will set the Security Questions method as 2FA only for the administrator's role.)
- Then, click on the Continue Setup button.
- Choose the “Users should be directly enforced for 2FA Setup” option and click on the All Done button.
- You have successfully configured the two-factor authentication.
Step 1: After activating the plugin, you are presented with the following setup wizard screen.
Step 2: The wizard guides you to choose any one options for inline registration.
There are two option under inline registration:-
Step 3: Next you are guided to choose the user’s role for which you want to set Security Questions as 2FA method.
OR
Step 4: Now, it guides you to set the Grace period for your users. There are again two options:-
1. Users should be directly enforced for 2FA Setup:- If you don’t want to give your users any period to set 2FA you can go with the first option.
Users will have to set 2FA during their first login to gain access to the account.
2. Give users a grace period to configure 2FA:- choosing this option will allow you to give your users a certain grace period within which users will be required to set their 2FA. Users will have to set 2FA after expiration of the grace period.
Steps for users to configure Security Questions
After the above setting of 2FA with a few easy steps, users are prompted to configure a list of two-factor authentication methods including Security Questions.
- Go to the WordPress Login page and enter the user’s login credentials.
- Choose the “Security Questions” radio button. You are prompted to configure a two-factor method while logging in for the very first time.
- Set all the three questions and their answers. (There are three security questions. The first two can be selected from multiple options available in the dropdown menus below. The third question is fully customizable and can be created by the user.)
- Click on the Save button.
- Click on the Finish button to finish it.
- The user has successfully logged into the account.
- Go to the WordPress Login page and enter the user’s(in this case admin) credentials to login.
- Now, please answer the questions and click on the Validate button.
- The user has successfully logged into the account.
Now you must carefully store the backup codes provided to you. These codes will help you login when you become locked out of your account for any reason.
Subsequent Login for user’s account through Security Questions
Let’s see how user's subsequently login to their account after configuration of Security Questions during first login.
2. Security Questions setup from plugin dashboard
- Enable 2FA for the all the roles for which you need to set 2FA.
- Then, click on the Save Settings button.
If you choose to Skip Setup Wizard, here's an alternate way to setup Security Questions through the plugin dashboard.
After clicking on the Skip Setup Wizard option, you will be redirected to the plugin dashbord i.e, Login Settings tab of two-factor authentication menu where you can enable 2FA for all the desired roles.
Steps for users to configure Security Questions
- Go to the WordPress login page and enter the user’s login credentials.
- Choose the “Security Questions” radio button. You are prompted to configure a two-factor method while logging in for the very first time.
- Set all the three questions and their answers. (There are three security questions. The first two can be selected from multiple options available in the dropdown menus below. The third question is fully customizable and can be created by the user.)
- Click on the Save button.
- Click on the Finish button to finish it.
- The user has successfully logged into the account.
- Enter your login credentials and click on the Login button.
- Now, please answer the questions and click on the Validate button.
- The user has successfully logged into the account.
Now you must carefully store the backup codes provided to you. These codes will help you login when you become locked out of your account for any reason.
Subsequent Login for user’s account through Security Questions
Let’s see how user's subsequently login to their account after configuration of Security Questions during first login.
Need Help? We are right here!
