miniOrange is a security-focused development company that has created a feature-rich two-factor authentication plugin for WordPress called the miniOrange Google Authenticator. Their plugin provides a solution that is quick and easy to implement while providing features that set it apart from its competition.
Two-factor authentication is used to secure logins to a website. It helps to protect user logins that may have weak or stolen passwords by requiring a generated code to be used after the initial login.
This article will demonstrate how to set up the miniOrange 2-Factor Authentication plugin and describe the features in its free version.
- miniOrange Google Authenticator Video
- Setting Up miniOrange 2-Factor Authentication
- Creating a 2FA Policy
- Custom Login Feature
miniOrange Google Authenticator Video
Setting Up miniOrange 2-Factor Authentication
The following instructions will require that you have installed the miniOrange 2-Factor Authentication plugin and are logged into the WordPress Administrator.
If you set up the miniOrange 2FA plugin for the first time, you will see a wizard screen like this:
The wizard will walk you through the installation, but this guide will skip the wizard and walk you through a manual installation. If you have just installed the plugin, click on Skip Setup Wizard.
If you skip the wizard setup, then you can either set up the policy that affects your user or immediately set up the authentication used by the administrator user. For this tutorial, we will start with the Setup Two Factor tab, which begins the authentication method used by the administrator.
NOTE: We are using Google Authenticator for this tutorial. It is not required for this plugin, as there are different options. If you wish to use a different authentication solution, simply replace the Google Authenticator with your preferred solution.
Authenticating the Administrator
- Click on miniOrange 2-Factor in the menu.
- This will open the options available for the plugin. Click on the Setup Two Factor tab.
- Here you can select the option that you wish to use for generating the authentication code when using 2FA. We are using Google Authenticator as an example. Click on Configure for the Google Authenticator.
- You will be required to either scan the QR code or type in the code to create an account for the website. Open your Google Authenticator app on your mobile device.
- Once the account has been created in your authentication solution. Go to Step 2 in the setup screen for your authenticator and type in the code from your authentication solution.
- Click on Verify and Save.
Once you have verified your authentication solution, you can log in with 2FA with your user. If you intend to create a policy for 2FA that affects the other users on your WordPress site, you will need to go into the Settings tab.
You will also be able to download backup codes on the SetupTwo Factor page. These codes allow you to log in if you don’t have your authentication device.
IMPORTANT NOTE: This plugin allows for up to 3 admin users for the free version. You will need to update to the premium version to use it for more users or roles.
Creating the 2FA Policy for your WordPress site
- Click on the Settings tab.
- Enable 2FA for users – the option to enable 2FA is selected by default. You can enable or disable 2FA with this slider.
- Enable plugin log – click on the slider to activate the log file to record errors.
- 2FA Prompt on WordPress Login Page – enables a field for 2FA that works only with the Google Authenticator and miniOrange Soft Token.
- On the Fly 2FA Configuration – forces users to configure 2FA when they log in.
- Should users be given a grace period…? Set a grace period in hours or days to allow users to set up 2FA.
- Enable the login with all configured methods – allows users to use any configured option for authenticating a login.
- Select User Roles to enable 2-Factor for – select WordPress user roles that can configure 2FA.
When these settings are configured and saved, they affect all WordPress user roles as a policy for two-factor authentication.
Custom Login Forms
The miniOrange 2-Factor Authentication also provides support for many custom login pages. For example, a commonly customized login page is the one provided by the Woocommerce plugin:
There are 12 different custom login forms that are supported by default with the free version of the plugin. Enabling this option will allow you to show a 2FA prompt for each custom login.
Use the checkbox to enable or disable the custom form you wish to use. miniOrange has also provided documentation in the column labeled “Documents,” as seen in the screenshot below.
The miniOrange Two Factor Authentication plugin also includes several features that can only be accessed after upgrading to a premium version. To see a more comprehensive list of the add-ons, please see the miniOrange plugin page.
- RBA and Trusted Devices Management
- White Labeling
- Short Codes
- Device Restriction
miniOrange Two Factor Authentication gives you a wide variety of authentication options while also providing a wizard for setup simplicity. Support for custom login pages is one of the features that help to make the free version of the 2FA plugin different from its competitors.
The main limiting factor of this plugin is that it only allows up to three administrator users in the free version. With the addition of premium features and plans, the plugin is a versatile solution for protecting WordPress logins.
Other 2FA Plugins: