As over 35% of hacked websites involve WordPress, properly locking down your login page is more vital than ever. In this comprehensive guide, we‘ll explore how to add an extra layer of login security using security questions.
Why Additional Identity Verification Matters
Standard WordPress login systems requiring just a username and password are vulnerable to automated hacking attempts. Tools like credential stuffing can guess passwords or brute force their way into accounts.
To improve security, many companies now also verify identities using:
- Security Questions – Answer personal questions that only user knows
- Two-Factor Authentication (2FA) – Requires access to email or mobile device
The chart below compares some pros and cons:
| Method | Pros | Cons |
|---|---|---|
| Security Questions | Easier setup, no extra devices needed | Potentially guessable answers |
| 2FA | Very secure, trusted by banks and government organizations | Adds extra steps, requires access to additional email or cell phone |
For balance of usability and security, security questions are a straightforward option to bolster WordPress login protections.
Step 1: Installing a Security Questions Plugin
We recommend the free Two Factor Authentication plugin.
Alternatives like WP 2FA also work if you want added features like using Google Authenticator.
Here is example code for installing it with WordPress:
wp plugin install two-factor-authentication --activateAfter activating Two Factor Authentication plugin:
Step 2: Configuring Your Security Questions
Navigate to Multi-factor Auth > Two Factor and click Configure under Security Questions section.
Next, choose 2 default questions from the dropdowns and create your custom third question.
Some examples that make secure security questions:
- What city were you born in?
- What is your youngest sibling‘s middle name?
- What was the make of your first car?
Set answers that would be hard to guess or find public information on.
Step 3: Answering Questions Upon Login
After inputting your WordPress username and password as normal, you will be prompted to answer 2 random security questions:
Retrieve your answers from a password manager or personal documentation. Avoid saving them where they may be easily accessible.
If you fail answering the questions, you will be notified the answers were incorrect. Typically, you are given 5 attempts before your account is temporarily locked out.
For other layers like limiting login attempts, captcha codes, or integrating Google Authenticator, check our Advanced WordPress Security Guide.
In Summary: Don‘t Forget Security Questions
Hopefully this gives you a good starting point for enhancing WordPress login security with security questions.
As web attacks proliferate year after year, taking measures to lock down admin access is essential. We invite you to check our site for additional WordPress tutorials.
