Topics

wordpress 2fa and captcha

 

Hi all.

While this is probably on topic for access it is a semi complex question so you may want to email me off list if its going to get a bit that way.

I assist with adminning a wordpress site and want to secure it.

I have used 2 factor authentication via text message (sms) and email for a while.

And thought that it may be an alternitive to captcha.

Currently though just about everything I found needs to be setup per user and not inforced by admins or anything.

Most plugins will allow 1 user up to 10 users for free but eventually you need to pay.

I don't think its fair for the users to pay to access a site just for the security to login, and that's my issue.

I have solved this with wordpress verification via jetpack which will protect everyone if they have their accounts in wordpress set for 2fa use and that in itself is fine.

There are ways to doodle with the php code to make it work but I don't have that access and it seems like you need to doodle with every theme on the site you use which is not ideal.

Unless there is a plugin that will by default get people to login with wordpress but at the same time I'd like a way that admins like the owner and myself can enter our passwords as backups would be good.

Sadly the only real solution I have is captcha and encouraging people to use 2fa on wordpress.

Of course it would be nice to just clear all the users and make everyone register and login with wordpress only.

We don't need many users here bare the admin users to be honest.

I use my username for backup and when I don't want to doodle with 2step such as doing admin things rather than posting things but I could use either.

I was thinking about captcha again.

Recaptcha has gotten a lot more stable but I know some have still issues with the audio.

My other idea was logic word or math captcha but are those that secure or should I just drop it.

I know there are google authenticators and the like but what I want is the ability for people to just login and either handle a text message or email and probably backup codes if they need.

I don't need anything totally advanced,  Its easier to put in captcha to be honest but still thats me for the day.

Rayn Darren
 

HI Shaun,

I use logic (math) on all my clients' sites quite effectively. If you're looking for a re-captcha option though we can chat.... I'd be happy to add your site to my list and factor it in when purchasing, if necessary, plugins.

Feel free to contact me off list if you'd like.

Thanks and HTH,

Sarah

On 2/2/2020 5:02 PM, Shaun Everiss wrote:
Hi all.

While this is probably on topic for access it is a semi complex question so you may want to email me off list if its going to get a bit that way.

I assist with adminning a wordpress site and want to secure it.

I have used 2 factor authentication via text message (sms) and email for a while.

And thought that it may be an alternitive to captcha.

Currently though just about everything I found needs to be setup per user and not inforced by admins or anything.

Most plugins will allow 1 user up to 10 users for free but eventually you need to pay.

I don't think its fair for the users to pay to access a site just for the security to login, and that's my issue.

I have solved this with wordpress verification via jetpack which will protect everyone if they have their accounts in wordpress set for 2fa use and that in itself is fine.

There are ways to doodle with the php code to make it work but I don't have that access and it seems like you need to doodle with every theme on the site you use which is not ideal.

Unless there is a plugin that will by default get people to login with wordpress but at the same time I'd like a way that admins like the owner and myself can enter our passwords as backups would be good.

Sadly the only real solution I have is captcha and encouraging people to use 2fa on wordpress.

Of course it would be nice to just clear all the users and make everyone register and login with wordpress only.

We don't need many users here bare the admin users to be honest.

I use my username for backup and when I don't want to doodle with 2step such as doing admin things rather than posting things but I could use either.

I was thinking about captcha again.

Recaptcha has gotten a lot more stable but I know some have still issues with the audio.

My other idea was logic word or math captcha but are those that secure or should I just drop it.

I know there are google authenticators and the like but what I want is the ability for people to just login and either handle a text message or email and probably backup codes if they need.

I don't need anything totally advanced,  Its easier to put in captcha to be honest but still thats me for the day.