How to Secure Your WordPress Site with Secure Sign On

Securing your WordPress should be the first thing you focus on after the installation. Since WordPress is so popular, it’s also a very rewarding target for all kinds of attacks.

Important: If you’re just starting and don’t have your blog yet, stop right here and read How to Build a WordPress Blog with SSL & 2FA where I explain exactly what to do to get you up and running. Don’t worry, this article will wait here for you 🙂

The last thing you want is to lose your hard work because somebody will manage to log in to your Dashboard, steal or delete your content and gain access to your credentials for whatever reason.

That’s why you should start by forcing admin access only via WordPress.com with 2FA turned on. This way, you will effectively forbid access to your account via regular username and password stored in the database of your WordPress installation.

To set this up, you will need three things:

  1. WordPress.com account
  2. Jetpack plugin
  3. Code Snippets plugin

1. WordPress.com account

WordPress.com account is free of charge, so just go ahead and sign up with a free plan:

Once you have your account, you’ll be presented with a similar page:

As you can see, you’ll end up with your own WordPress site hosted on yourname.wordpress.com, but that’s not why we’re here.

Now you need to go back to your dashboard and install the Jetpack plugin.

2. Jetpack plugin

Installing Jetpack is quite a straightforward process. From your dashboard, move your mouse over Plugins link in the menu and click the Add New link:

Jetpack by WordPress.com is usually among the most popular plugins. Hit the Install button.

Once it’s installed, you need to activate it by clicking the Activate button.

You’ll see this welcome screen. Just scroll down…

…and click the Set up Jetpack button.

Once installed and activated, Jetpack will ask you to sign in with your WordPress.com account.

You can skip those questions about your website, it’s not important.

Make sure to scroll down on the page with plans offer and Start with free account.

Great, you have your Jetpack plugin installed so your WordPress installation is now connected with your WordPress.com account.

Let’s turn on the 2FA:

  1. Click on your profile avatar
  2. Click on Security
  3. Choose Two-Step Authentication tab
  4. Enable 2FA

Once you have 2FA turned on, you need to limit the access to your WordPress installation only via WordPress.com account.

Click My Sites and then Manage -> Settings.

Click the Security tab.

While you’re here, turn on the Downtime Monitoring to get notified when your site goes offline. Nice feature.

Scroll all the way down and allow users to log in to your site with WordPress.com account. Good idea, but we will push it even further. Not only that users can log in with WordPress.com, but they must.

Turn on those two options below and most importantly, click the info icon and then Learn more link.

This will show you what the Secure Sign On is about.

Scroll down to see the code for:

  1. disabling default login form
  2. requiring 2FA

We will use these to make sure that in order to log in to your site, you need to use 2FA and you need to use WordPress.com account.

Now, there are few ways to get these codes to your WordPress installation, but the easiest is by using the Code Snippets plugin.

3. Code Snippets plugin

Ok, let’s install a new plugin. You should know the drill by now.

Once installed and activated, go to the list of plugins and click the Snippets link to see all snippets available and add a new one.

Click the Add New button and make sure to copy and paste both lines of code from the Secure Sign On page.

If should look like this:

Save the changes and activate the snippet.

Now log out to test this new feature.

As you can see, you need to use your WordPress.com account to log in to your site.

Cool! You made it.

Liked This Article?

Smart Profit School offers a lot more! Join more than 40,000 students and get ahead of the class!

Didn't Like It?

Please, let me know in the comments below how to make it better. I’d appreciate your honest feedback!
me-squared-600x600

Jan Zavrel

Jan is Biohacker, iOS & Web Developer, Author, Teacher, Lifelong Learner, Evernote Certified Consultant. He’s an author of THE SYSTEM2, a unique methodology for Evernote power users, and THE NEW FITNESS: Forty Years Old Dad in Twenty Years Old Body where he explains how to hack your life to live forever. Learn more about his work at jan.zavrel.net.

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Leave a Comment

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated and your email address will not be published. Please, do not use keywords in the name field. Let’s have a personal and meaningful conversation.

avatar

This website uses cookies to personalise content and ads, to provide social media features and to analyse traffic. We might also share information about your use of this website with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies, Terms of Service and Privacy Policy if you continue to use our website.