This is a quick explanatory update on our Shield Security plugin for WordPress.
We’ve been providing email-based two-factor authentication (2FA) for a looong time. And recently we’ve received some feedback about the placing of a direct-login link within the email that is sent out.
How Shield’s Two-Factor Authentication Portal Works
With the portal you’re prompted to enter any or all of your 2FA codes to confirm your login. If you have turned on email-based 2FA, then you’ll get an email with both the code you need, and also a link.
This link will do 1 of 2 things:
- if you have 2 or more factors that are required, then it’ll pre-populate the portal with your code #neat
- if email is your only 2nd factor, it’ll log you straight into the site automagically #super-neat
The problem arises with the 2nd option. If a 2-factor email is sent out and intercepted, then the unwelcome visitor wins with a direct link right into your WordPress admin.
The chances of this are slim for 2 reasons:
- the two-factor portal has a 5 minute window. If you miss it, you have to start your login from scratch.
- the link can only ever be used once.
But the chance, however slim, remains. So what is the next step?
Decision: Remove The Automatic Login Link
The link is really convenient, but we feel that there is little/no inconvenience in copy-pasting the code into your login portal.
So from Shield v5.12.2 we’ve removed the link from the outgoing two-factor email. You will now have to copy-paste the code into the portal directly.
We apologise if this is a problem for you, but we hope you’ll understand the reason behind it.
Thanks!
ShieldPRO Testimonials
@heritagetiling
brilliant plugin
I used the Co to remove a hack and then set up the premium version . Great so far plenty of info and no more hacks.
@peteypete
Works Great
Awesome customer support with Paul. Any issues and it is answered quickly to get you up and running.
@franziep
Great Plugin
Simple effective security
@yurivelkin1972
Very good.
I have not seen better! Great support!
Hey there gorgeous! Do you like what you've read here? :)
If this cool feature is something you'd like, but you haven't gone PRO yet, click here to get started today. (no risk, with a 14-day satisfaction guarantee!)
You'll get all PRO features, including Malware Scanning, WP Config Protection, Plugin FileGuard, import/export, customer support, and so much more. Not only that, you'll get that warm, fuzzy feeling that comes from supporting our work and future development.
