A number of years ago, hundreds of thousands of WordPress sites around the world were successfully attacked by hackers who used computerized bots to penetrate websites via brute force attacks. They were successful by taking advantage of a vulnerability in the WordPress login authentication process. To prevent further attacks, nearly every web host offering WordPress instituted a dual authentication protocol that requires users to complete an extra step to gain access to their sites.
As a WordPress user, you may be familiar with this dual authentication process already. The problem with the method is that it does not always work as intended in some web browsers, especially derivatives of Google’s Chrome browser. Fortunately, there are workarounds.
Disabling Dual Authentication
Although we strongly recommend against this first method, you can get around dual authentication simply by disabling it for your site. The process is quite simple and involves editing a file found in your root directory. That file is the .htaccess file used to determine who does, and does not, have access to a WordPress site.
To disable dual authentication using this method, log into the control panel provided by your web hosting company. For most of us, that would be cPanel. From there, load the file manager and navigate to the public_html directory where you will find the .htaccess file. You should be able to edit the file online; if not, download a copy, edit it, and upload the edited version. All you have to do is add the following code:
This simple three-line command essentially tells your server that authentication has already been satisfied, thereby forcing it to redirect your browser to your regular login page. From there you just enter your username and password as normal.
Using a Captcha Plugin
The second method for getting around the default dual authentication in WordPress is to implement the protocol in a different way. We can do this by using a captcha plugin.
Before selecting and installing your plugin, disable the default dual authentication using the process above. Then log into your site, navigate to the Dashboard, and finally to the Plugins page. Click the button to install new plugins and type ‘captcha’ into the search bar. You’ll see a bunch of excellent plugins that should do the job.
One of the best is Captcha by BestWebSoft. This excellent plugin deploys the dual authentication protocol via your regular login page by inserting an easy math equation below the space where you enter your username and password. The equation is represented by numbers and graphics to ensure that a bot can not complete it. You just type in the right answer, and you are all set.
Other choices include Captcha Bank, Tick Captcha, WM Simple Captcha, and Captcha Code. All of these plugins should do the trick as long as you first disable the default dual authentication as described at the start of this post. That’s all there is to it!