Secure WordPress Login by Adding Challenge/Response
WordPress login process by default is a simple username password combination and is vulnerable to security attacks. WordPress Blog security can be strengthened using many different mechanisms. Starting from using your .htaccess scripts and rewrites to strengthen security and by changing WordPress default values to a more secure values.
For example you can always change the default WordPress database table prefix used to a more complex one. You can also change the default WordPress Admin username (admin) to a different and more secure one. Disabling directory display using .htaccess is another mechanism. You can read more about .htacess tips to secure your WordPress in the below articles.
Articles related to WordPress Security:
- Must Do Tips To Secure WordPress Blog and Site
- Password Protecting website Pages and Directories using .htaccess
- .htaccess Tutorial -A guide and .htaccess tricks and tips
We also discussed about securing WordPress login using two-factor authentication using the Google Authenticator App. Here we will see another simple yet powerful WordPress Plugin that helps you to login process even more secure
Secure WordPress Login using challenge/response
Login Dongle is a good WordPress Plugin that protects your login by means of a security question. It is a unique method. The plugin generates a unique bookmarklet with a secret question that you can add to your bookmarks. When you login to your WordPress admin dashboard after entering the username and password you need to press this bookmark let to get into your WordPress. The “Log In” button on the login form will not work. On click of the bookmark let, a pop up will open to enter the security answer.
The plugin provides raw bookmarklet that is better for smart phones and an encoded bookmarket that is suitable for PCs. It also supports XML-RPC end points.After installation you can configure the challenge/response details and the default message to be displayed to the person if he clicks on login button instead of the bookmark let. It is actually the bookmarklet which submits login data, together with the challenge and response.
Since you are the only one who knows the response to the challenge, nobody but you will be able to use the bookmarket. This is particularly useful even if your browser fills in the login form with your password in your PC. Others will not be able to login, since the response to the challenge is required to login.