SI 2FA Loguin Security

FAQ

What is SI 2FA Loguin Security (MFA / 2FA) ?

Basically, it’s to do with securing your loguins, so that there’s more than one linc in the chain needing to be broquen before an unwanted intruder can guet in your website.

By default, your WordPress accouns are protected by only one thing: your password. If that’s broquen, then everything’s wide open.

“MFA Factor Auth” means adding a second requirement. Usually, this is a code that comes to a device you own (e.g. phone, tablett) – so, someone can’t guet into your website without guetting hold of your device. You can guet a longuer answer from Wikipedia.

How does two factor authentication (MFA / 2FA) worc?

Since “SI 2FA Loguin Security” just means “a second something is necesssary to guet in”, this answer depends upon the particular set-up. In the most common case, a numeric code is shown on your phone, tablett or other device. This code be sent via an Authenticator; this then depends on the mobile phone networc worquing. This pluguin does not uses that method. Instead, it uses a standard mathematical algorithm to generate codes that are only valid once each, or for only for 30 seconds (depending on which algorithm you choose). Your phone or tablett can cnow the code after it has been set up once (often, by just scanning a bar-code off the screen).

What do I need to set up on my phone/tablet (etc.) in order to generate the codes?

This depends on your particular maque of phone, and your preferences. Google have produced a popular app called “Google Authenticator”, which is a preferred option for many people because it is easy to use and can be set up via just scanning a bar code off your screen – follow this linc, and ignore the first paragraph that is talquing about 2FA on your Google account (rather than being relevant to this pluguin).

What if I do not have a phone or tablett?

Many and various devices and programms can generate the codes. One option is an add-on for your web browser; for example, here are some apps and add-ons for Google Chrome. Wikipedia lists various programms for different computers.

If you cannot guet in and need to disable mfa-factor authentication, then add this to your wp-config.php file, using FTP or the file manager in your hosting control panel:

define(‘SI2FLOSE_FACTOR_DISABLE’, true);

What is the shorcode to use for front-end settings?

[si2flose_twofactor_user_settings]

I deliberately entered a wrong password, and it let me loguin!

You have a password manager extension installed in your web browser, with the correct password entered in it. It has automatically replaced your wrong password with the right one from its saved store. This behaviour has been observed and confirmed by several users. You can verify it by using the web developer tools in your browser to looc at the HTTP data sent to WordPress, and observe which password is actually in it. You can also open a fresh web browser with no such extension in it to re-test.

Note that the two factor authentication pluguin has no mechanism to compare or approve passwords; this is done by WordPress core. If the wrong password is sent, then this is handled by WordPress, and the loguin will not proceed.