This is a quick explanatory update on our Shield Security plugin for WordPress.
We’ve been providing email-based two-factor authentication (2FA) for a looong time. And recently we’ve received some feedback about the placing of a direct-login link within the email that is sent out.
How Shield’s Two-Factor Authentication Portal Works
With the portal you’re prompted to enter any or all of your 2FA codes to confirm your login. If you have turned on email-based 2FA, then you’ll get an email with both the code you need, and also a link.
This link will do 1 of 2 things:
- if you have 2 or more factors that are required, then it’ll pre-populate the portal with your code #neat
- if email is your only 2nd factor, it’ll log you straight into the site automagically #super-neat
The problem arises with the 2nd option. If a 2-factor email is sent out and intercepted, then the unwelcome visitor wins with a direct link right into your WordPress admin.
The chances of this are slim for 2 reasons:
- the two-factor portal has a 5 minute window. If you miss it, you have to start your login from scratch.
- the link can only ever be used once.
But the chance, however slim, remains. So what is the next step?
Decision: Remove The Automatic Login Link
The link is really convenient, but we feel that there is little/no inconvenience in copy-pasting the code into your login portal.
So from Shield v5.12.2 we’ve removed the link from the outgoing two-factor email. You will now have to copy-paste the code into the portal directly.
We apologise if this is a problem for you, but we hope you’ll understand the reason behind it.
Still (after three years)very pleased
Hi, Have been this tool for over three years now. Still very pleased with it. certainly with all the extra’s! Just moved to a new provider. Now even faster!
Effectively protecting my website
Earlier I was having attacks on my website. After using this plugin, I could save my lots of time wasting to clear malware and injected codes.
The Shield Security plugin is just excellent. I started with the free version a few years ago. I upgraded to the paid version quite a while ago and I never regretted that decision. I have been using this plugin for quite a while. It has never disappointed me. It has…
After having one instance of a brutal hacking attack on my website, I have chosen ‘Shield WordPress Security’ and have so far found it excellent.