You may have noticed that many financial institutions and large companies use security questions to protect user accounts. Some of our users have asked whether they can do the same thing to improve the security of their WordPress site.
Adding security questions to your WordPress login screen provides a crucial extra layer of defense, making it even tougher for unauthorized users to access your site. It is a simple yet effective way to protect your valuable content.
This article provides a step-by-step guide to adding security questions to your WordPress login form, giving you peace of mind and making it harder for potential intruders.
Why Add Security Questions in WordPress?
There are many ways to protect the WordPress admin area from unauthorized access. However, if you run a multi-user or WordPress membership site, then it is harder to balance website security with user experience.
Adding security questions to your login screen can help. Before your users can log in to your WordPress website, they will be required to answer one or more questions that other users shouldn’t know the answer to.
This security measure can help protect your website from brute-force attacks by hackers.
An alternative is two-factor authentication or 2FA. This option is more secure but requires a little more effort to set up. You can learn more by reading our guide on how to add two-factor authentication in WordPress.
Having said that, let’s see how you can easily add security questions to your WordPress login screen.
Adding Security Questions to Your Login Screen
First, you need to install and activate the Two Factor Authentication plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.
In this tutorial, we will use the free version of the plugin. With the free version, you can set up security questions for up to three users, and they must have the administrator role.
If you want to use the plugin with more users or users who are not administrators, then you will need to purchase a premium license.
Upon activation, you need to visit the Multi-factor Authentication » Two Factor page to adjust the plugin settings. Once there, simply click the ‘Configure’ button that you will find at the bottom of the Security Questions section.
On the next page, you can select two questions from the dropdown menus. You will have to type the third question yourself.
Once you have chosen the questions, you will need to type in your answers.
Make sure you click the ‘Save’ button to store your settings.
The plugin will display a success message that confirms your security questions have been configured. You can dismiss the message by clicking the ‘Got it!’ button.
Note that these questions and answers are for you alone. Other users on your WordPress website will need to visit this page and set up their own questions.
When you log in to your website, you will still see the standard WordPress login page. You will need to enter your username and password as usual.
After clicking the ‘Log In’ button, you will be asked to validate your login by answering two questions. You will need to correctly type the answers to those questions and then click the ‘Validate’ button.
Our Best Guides for Login Screen Security
We hope this tutorial helped you learn how to add security questions to your WordPress login screen. You may also want to see some guides on other ways you can protect your login screen:
- How and Why You Should Limit Login Attempts in WordPress
- How to Add CAPTCHA in WordPress Login and Registration Form
- How to Add Passwordless Login in WordPress with Magic Links
- How to Disable Login Hints in WordPress Login Error Messages
- How To Add Social Login To WordPress (The Easy Way)
- How to Add a Custom Login URL in WordPress (Step by Step)
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Jiří Vaněk
As a second layer of protection for WordPress, where two-factor authentication can’t be used for some reason, such as with Google Authenticator, it’s definitely an interesting alternative. Every layer of security makes sense, and even though questions and answers aren’t as secure as 2FA via a mobile device and app, it’s certainly better than using nothing at all. So, as an alternative, it’s definitely an interesting solution to the app.
Dayo Olobayo
An interesting angle to consider is whether security questions become less effective over time. As social media profiles become more commonplace and people share more personal information online, I believe the answers to security questions can be easier to guess. Isn’t it possible for the security questions to auto update periodically?
WPBeginner Support
Not at the moment but possibly in the future
Admin
Mrteesurez
This is another way to protect a WordPress site by using Security questions especially for a membership site.
My question is, is this only applicable or works for a default WordPress login page ??
What of I want to use it in a custom reg and login page ??
WPBeginner Support
You can use it for a custom login page or the default login page.
Admin
Izzy
Is there a way to do this without a plugin?
WPBeginner Support
It would require some coding but we do not have a beginner-friendly method to set this up without a plugin at the moment.
Admin
Bette Greenfield
Is the information in this article up to date. Last updated on September 26th, 2016 by Editorial Staff
WPBeginner Support
The plugin should still be working but the plugin may have updated their interface since this article was last updated
Admin
chris
I just tried this plugin its totally crap
there no answer box just the question boxes. ???
WPBeginner Support
You can add your own questions and answers in plugins settings page.
Admin
chris
yes i know this, however the plugin only gave me the questions with no answer box
that is very strange with a glitch like that.
chris
I did all that and still even with putting an answer in or not it still doesn’t work it’s a crappy plugin no good to anyone.
I would not recommend this to my friends.
How embarrassing for this developer to put this out and for you to recommend.
bad bad bad
Dean Bartley
I tried it and it works just fine. Your plugins or theme must be conflicting with the plugin. And I really don’t see why your behaving the way you are. They are just trying to help. Chill with the negative comment and be thankful they are recommending stuff. If you don’t agree that is your opinion. Thanks for the recommendation wpbeginner. Keep up the good work.