How to Setup Login Protection and 2FA with WP Simple Firewall
The fifth step of the guide to the WP Simple Firewall plugin will look at login protection.
Step 1) Login to the WordPress Dashboard.
Step 2) Head to your Dashboard and choose Login Protection from the dropdown menu under Simple Firewall. Enable the login protection feature by ticking the box at the top of the page.
Step 3) If you are using smartphones and tablets to access WordPress, tick the box provided to allow logins through XML-RPC and bypass login protection rules. You can specify IP addressed that bypass login protect rules.
Step 4) The two-factor authentication can be set to user roles such as Authors, Editors, Admins, Subscribers, etc. Go through the list and choose which types you want to subject to these settings. You can then set the two-factor authentication through cookies and IP addresses, which restricts users to logging in via email and a single-browser. There is also a bypass-on failure option, that skips the process if the email authentication fails.
Step 5) Brute Force Login Protection will limit the number of login attempts for every few seconds, depending on how long you set it for. Use the other boxes provided to protect your site from being logged in by bots and from other websites.
Step 6) Yubikey is a company that offers simple protection for your website with two-factor authentication with one-time passwords. If you sign up for an account, enter the app ID, key and unique keys in the boxes provided, and turn it on by ticking the box shown below.
The next step of the guide will focus on How to Configure User Management in WP Simple Firewall.