Two-factor authentication scan

The scan

This scan checks you access your site's administration using a two-factor authentication or similar.

The fix

SecuPress will activate the « Use a Two-factor authentication » module in the « Users & login » section. This will enforce a two-factor authentication called « Passwordless ». This makes the password field of the login form unavailable. Instead, the user who wants to log in will get an email notification with a temporary link to access the admin of the site. 

You can choose the roles that will be affected by this module in order not to apply it to your members for example.

What if the fix doesn't work ?

If that happens, that means the Passwordless module is conflicting with another plugin. Try looking for plugins who may affect the user authentication process.

To be noted

The 2FA only applies to the native WordPress login form. If you use a plugin to manage a member space with its own login form, the 2FA will not apply to that one.

Good to know

SecuPress (since 1.4) recognize 15 2FA plugins, if one of them is installed and activated, the scan will return "true":

  • Miniorange 2 Factor Authentication
  • Two Factor Authentication
  • Two Factor
  • 2fas
  • Rublon
  • Cerber
  • Loginizer
  • Unloq
  • Duo WordPress
  • SnapID Two Factor Authentication
  • Google Authenticator Per User Prompt
  • Google Authenticator
  • WP Google Authenticator
  • Keyy
  • WordPress 2 Step Verification

These plugins came from the official repository.