Wordpress is a free and open-source content management system written in PHP. Wordpress is the largest CMS in use right now around the world, almost 40% of all websites are built on WordPress. As it is the most used CMS, it attracts a large number of attackers.As both, the credentials i.e. username and password are static and do not change on every login attempt so this can allow users to share their credentials with someone outside the organization. So in this way, one account can be used by multiple users and this is not feasible in some cases. For example, if you are handling an eLearning / online learning platform or a learning management system(LMS) you would not want your students to share their premium course credentials with their family and friends. The restriction of credentials is useful on many websites that include Employment websites for jobs where you want to restrict your employees to share the credentials. This can also increase the security threats to your website; if any user's password gets leaked then the attackers can make several critical changes to your website.
Sharing user credentials can sometimes lead to several types of losses including the loss of money, security issues to the website, content stealing, etc. These are some of the reasons why you should restrict users from sharing their credentials with anyone.
For example, if you have an e-Learning website then a paid user sharing premium content to his friends and family can result in a loss of profit.
For example, if an attacker gets access to an administrator account of your site then the attacker can delete the database, delete the users, and all other changes that an administrator can do.
For example, if you have some webpages which should not be accessible from outside the organization and if any account has been shared or hacked by the attacker, this can lead to the attacker stealing important data. The attacker can steal user's information too so protecting your site from such attacks is very important.
miniOrage provides a two-factor authentication plugin which adds an extra layer of security to your WordPress website. In the plugin, you will get several authentication methods that can restrict the user’s credentials from being shared with anyone, on purpose or by accident. When the user enters his/her correct username and password it is prompted with a second-factor authentication page, which needs to be validated to login. So our solution works here to restrict the credentials to only one user. We have 15+ authentication methods which include OTP over EMail, OTP over SMS, hardware token, QR code authentication, etc. These are some of the methods which can work in restricting credentials.
miniOrange provides QR code authentication method with the help of a miniOrange authenticator app. In this method, a QR code is generated each time when a user requests for configuration. The user needs to scan the QR code on his/her mobile phone. The generated QR code can be scanned only on one device for configuration. After the QR code is scanned and validated an account will be registered in the mobile app and users will be prompted with the second factor on every login attempt. On every login request, a new QR code will be prompted to verify the identity which is possible using the same device. As the configuration can be done only on one phone so nobody except the legitimate user can access your site.
You can test this method by following these steps:
Device fingerprinting is another method to restrict your users. In Device Fingerprinting or remember device users can use the credentials only on the first few devices. There will be a limit on the number of devices a user can log in and it is configurable. Users can log in to the website from any device. After every successful login, the device count will increase and once the device count has reached the limit then the user won’t be able to log in from the new devices. The user can log in from saving devices. applications device will be different if the browser, operating system, timezone, and several other settings. This is a configurable option you can choose how you want to differentiate two devices. For example, if you have configured the device limit to two then the users can use only the two unique devices which they have used for login. So this will restrict users to share the credential with any other person as he won’t be able to delete the devices or change the limit. Also, there is an option available to administrators for deleting the previous devices of users so that if any user does not have access to the previous device then the user can reconfigure it to the new device.
We have several biometrics methods. The most popular ones are human fingerprints, voice recognition, face recognition, etc. As these methods are not easy to hack and are unique to each user So this would allow your users to use their identity as the second factor and it is way more convenient than the usual 2-factor methods. In the case of biometric authentication, your users will be asked to configure the second factor with their voice, fingerprint, or image. Once the configuration is complete it will be asked on every time they log in. As hacking these methods is not an easy job so it will provide you the required security from credentials getting shared. Ex. In the voice authentication method, the user will be prompted with some random words. The user needs to pronounce those words for feeding his/her voice in the miniOrange voice detection model. Once the voice is configured in the voice detection model the user will be prompted with the voice-based authentication page after every login attempt. Then the user needs to pronounce the word written on the voice-based authentication page. As every human has a different voice so it becomes really hard for attackers to bypass.