Website security is one of the biggest concerns a website developer can face in today’s world, but it is imperative that your website is guarded against incoming threats. Normally most security plugins will guard against hackers and keep spam bots off your website, but today we will look at strengthening login security. One of the most classic login security features is a security question.
The security question is simply a question selected when you make an account. Once you select the question, you can then put in an answer that only you would know. This question is used in circumstances such as when you forget your password, login on a new device, or change your password. Today I will demonstrate how to add security questions on registration pages.
Why Use Security Questions on WordPress Login Pages
Unfortunately, the security of your own website may not be the only problem during a hacking attack. Many users use the same password and email for every account they make if that is possible. Once one website has been compromised and users email and password information are in the hands of hackers, their account information is compromised on all platforms that use that information.
The security question acts as a second password that a hacker will have trouble guessing depending on what the question is. This makes it difficult for hackers to enter every website the compromised user has entered. Of course, many other security methods have been created on various platforms. A very popular one is mobile alerts that send a text message to your mobile phone to ask if you have tried logging in on a new device.
How to Add Security Questions on WordPress Login Page
Today I will demonstrate how to add security questions on registration pages using the WP Security Question plugin. It is a very good plugin for setting up security questions. Simply choose where you want the security questions asked and you are done. There is a pro version that allows you to ensure users input an answer that has the same security level as passwords and allows you to choose multiple security questions. It’s quite nice if you want to upgrade.
Let’s begin by clicking on Plugins and selecting the Add New option on the left-hand admin panel.
Search for WP Security Question in the available search box. This will pull up additional plugins that you may find helpful.
Scroll down until you find the WP Security Question plugin and click the «Install Now» button and activate the plugin for use.
On the left-hand admin panel click on WP Security Questions and select the Settings option. This will pull up the main settings page.
You will see a list of security questions. You may choose to remove any of them or add your own at the bottom. To add your own security question simply fill out the question fields and click on the «Add More» button.
You will see 3 different checkboxes at the bottom. Each of these is asking if you want to display the questions at a specific location. You can choose to display it when users forget their password, when they are registering, or during login. Check the boxes that you feel best benefit your website.
Once you have checked the appropriate boxes and decided if you want to add any additional security questions or to remove some of the existing ones, click on the «Save Settings» button.
Congratulations, you have successfully set up security questions on your website. Depending on your choices you will see the security question while logging in, when you forget your password, or when you are registering. Existing users will have to go to their user profile to set up their security questions, so make sure you inform them.
Security is one of the major concerns that every web developer faces and many WordPress security questions plugins have been created for this specific topic. Many of these security plugins have built-in login security features like security questions. Here are some plugins I can recommend trying out.
Loginizer is a popular security plugin that focuses on making your visitors logins as secure as possible with a plethora of features at its disposal. It is a very popular plugin with over 500,000 active installs. Some of its key features includes a security question, email notification when a login is made on their account, Google’s reCAPTCHA services, and many other great features to keep your log in area safe. It’s a great plugin that has all the features needed to have a secure login.
Google Authenticator – Two Factor Authentication (2FA)
Google Authenticator – Two Factor Authentication (2FA) is a very neat plugin that offers mobile alerts when you are logging in. This means if you want to log in you will need to have your mobile device to login. Of course, if you do not have it or the phone has been lost you can set up security questions to log in. Without a doubt needing to use your phone is very safe since it is unlikely that account information and cell phone can both fall into a hacker’s hands. Definitely, give this plugin a try if you think your visitors will like it.
Keep Your Website Secured
A security question will help keep potentially compromised accounts safe. It’s important to take these measures and use a popular and well-respected security plugin to guard your website. You may also want to consider setting up CAPTCHA on your website for some added protection.
Remember protection is very important, but your visitors are even more important. Additional security features are generally seen as a real annoyance to website visitors much like ads. You do not want to be too intrusive when setting up extra security measures, so make sure that only necessary measures are put in place.
Have you removed or created any additional security questions for your website? Have you tested your website to make sure the security questions felt like they belonged where you place them?