As we know that WordPress.com has a good Two factor Authentication security feature for every free personal blog & paid Website. Now this two step verification security available for self hosted wordpress website. You can get wordpress.com Two Factor authentication with Jetpack Single Sign On (SSO) module. Jetpack SSO enables 2-factor authentication on your Self hosted WordPress site. This is a powerful security feature & protect your website from hackers. Because whenever someone tries to logging in to your WordPress site requires to enter a unique pass-code, which is sent via text message on your registered mobile number, It is an addition verification after using your username and password.
So how you can enable wordpress.com Two factor verification on self hosted wordpress site. To use this feature, You first need to create an account on the WordPress.com- Click here to go on WordPress.com. After creating free blog, login to WordPress.com account & enable Two-step Authentication feature.
How to Enable Dual Step Authentication on WordPress.com account
- After login click on profile icon from the top right.
- Now click on Security option from the Left.
- Click on Two-Step Authentication from the top tab.
- Click on Get started button.
On next page choose your country code from the Country code drop down list. Enter your Mobile number in the Phone number box. Click on Verify via SMS button.
Now you’ll receive a confirmation code on your mobile number.
Note: Also make sure that you have not activated DND (Do Not Disturb) service on your mobile. If Yes, then first deactivate because If DND is enabled on your mobile then your operator block the message & because it is a third party SMS so you’ll not receive the confirmation code.
After getting confirmation code then enter the code in the box & click on Enable Button.
Now next page WordPress generate 10 backup Codes. Copy & save the code in the text/document file such as MS word on your computer. These code useful when you don’t have your Mobile phone or lost then you can login your wordpress account with these code. You can use a backup code only one time. After this tick the check box. I have printed or saved these codes checkbox & click on All Finished button.
Now you have successfully activated dual step authentication for your WordPress.com blog. But the task is not complete yet. You’ll need to verify your backup code once. And after you must connect to jetpack with WordPress.com.
How to connect Jetpack Single Sign On to WordPress.com account-
For connecting Jetpack with WordPress.com account you’ll need to install Jetpack plugin on your self hosted site & after installing connect Jetpack to your wordpress.com account on which you have enabled dual step authentication.
Or if you already have installed or activated Jetpack pluing then activate Single Sign On module. Go to jetpack Setting & click on Single Sign On Activate link.
Now you’ll need to edit functions.php file. The functions.php file can be edited by two ways:
1. Via FTP or File Manager:- Login to your CPanel account>> Click on File Manager option >>File Manager Directory Selection box appear. Now Choose Document Root for option radio button & tick the Show Hidden Files (dotfiles) check box. After this click on Go Button.>>Go to the current theme folder (wp-content/themes/theme-name) and edit the funtions.php file and add this code after the first code:
add_filter( 'jetpack_sso_bypass_login_forward_wpcom', '__return_true' );
2. Via WordPress:- Login to your wordpress admin dashboard. Go to Appearance & click on Editor>> Choose your theme from the dropdown & click Select button or if you have already activated theme then click on Theme Functions.php option & paste the above code after the first code. After pasting code click on Update file button from the bottom.
Now When you will login to your yoursite.com/admin/ login form then Jetpack SSO redirect you to WordPress.com site & when you successfully authenticate your account with dual factor then it redirect & login to your Admin dashboard.
You can check your profile Single Sign On connection with wordpress.com account:-
Now you have successfully activated Jetpack Single Sign On (dual step authentication feature) on your self hosted site.
But still, Jet Pack Single sign-on feature has not been fully activated. Because, whenever someone will try to login to your site from using another account WordPress.com account, then your site admin login form appears.
This makes your site Dual Factor Authentication useless. For solving this problem you will need to install an additional Jetpack addon-
Just upload this plugin, go to Plugins>>click on Installed Plugins>>click on Add New button from the top>>click on Upload plugin from the top>>now choose file from your computer & click on Install Now button after upload Activate the plugin & you will not need to do anything. The plugin doesn’t hide your admin login form but it disables your admin user name. So if anyone try to login to your wordpress self hosted site then he/she will get invalid user name notification. but you can easily login with Jetpack SSO via WordPress.com account easily.
That’s It, now you have been fully activated WordPress Dual Factor Authentication on your Self hosted wordpress site.
Also See: Activation process CloudFlare via CPanel account.