Two factor authentication for WordPress

Introduction

The LoginTC WordPress plugin adds an additional step to user authentication using LoginTC two-factor authentication. After successfully entering a username and password, the user’s mobile device receives a LoginTC request (via push notifications) to approve/deny the authentication request. The request also includes useful information (e.g. IP address of the browser) to determine if it’s a legitimate login request.

Prerequisites

Before proceeding, please ensure you have the following:

WordPress Domain Creation

If you have already created a LoginTC domain for your WordPress site, then you may skip this section and proceed to Installation.

  1. Log in to LoginTC Admin
  2. Click Domains:
  3. Click Add Domain: Create Domain
  4. Enter domain information: Create WordPress Domain

Installation

  1. Download the LoginTC WordPress plugin to the server that hosts your WordPress installation: https://www.logintc.com/downloads/logintc-authentication-wordpress.zip (SHA-1: 809a5b334e9c11d6e92054d0bf67101b25291977)
  2. Place the file in the plugins directory (e.g. /var/www/html/wp-content/plugins)
  3. Decompress the file using unzip logintc-authentication-wordpress.zip

Configuration

Now configure the plugin to connect with the LoginTC manager:

  1. Log in as an administrator
  2. Open the Plugins page and click Activate next to LoginTC plugin LoginTC Authentication Step
  3. Click Settings LoginTC Authentication Step
  4. Copy and paste the API Key and Domain ID from the LoginTC Admin settings and domain settings pages. LoginTC Authentication Step

    Configuration values:

    Property Explanation
    API key API key (64-chars)
    Domain ID Domain ID (40-chars)
    Admin Host cloud.logintc.com
    Timeout Time in seconds for authentication to take
    Roles Which roles to enable / disable LoginTC authentication
    Enable IP address domain attribute Whether to include to IP Address of the WordPress in the authentication request

    The API key is found on the LoginTC Admin Settings page. The Domain ID is found on your domain settings page.

Usage

Your users enter their first factor (username & password) normally as they always did.

  1. Log out and go to the login form
  2. Enter a username and password First-Factor Authentication Step
  3. You are now presented with a screen LoginTC Authentication Step
  4. Approve the request on your smart device LoginTC Authentication Step

User Management

There are several options for managing your users within LoginTC: