This documentation is only valid for older versions of Wordfence. If you are using Wordfence 7 or later, please visit our new documentation.

Difference between revisions of "Cellphone sign-in"

From Wordfence Documentation
Jump to: navigation, search
Line 39: Line 39:
 
'''Note about both methods:'''  <br>
 
'''Note about both methods:'''  <br>
 
Regardless of which method you sign the user up for, they will be required to provide a code to you after signing up so you can activate the user.  If using GA you can use one of the backup codes provided to activate the user.  If using the cellphone method the user needs to provide that code back to you within 30 minutes to activate the user.  Add the code to the appropriate user in the “Cellphone Sign-in Users” section and click activate.
 
Regardless of which method you sign the user up for, they will be required to provide a code to you after signing up so you can activate the user.  If using GA you can use one of the backup codes provided to activate the user.  If using the cellphone method the user needs to provide that code back to you within 30 minutes to activate the user.  Add the code to the appropriate user in the “Cellphone Sign-in Users” section and click activate.
 +
 +
 +
==Using Cellphone Sign-In==
 +
• Google Authenticator - 
 +
<ol><li>Enter your username and password as per normal and hit the login button.</li>
 +
<li>You will be shown a message asking them to re-enter your username and password followed by a space and the code you were sent.</li>
 +
<li>Re-enter your username.</li>
 +
<li>Retrieve your current Google Authentication code from your phone</li>
 +
<li>Enter your password but this time add a space character to the end of your password followed by the code you were sent. For example, if your password was '''w0rdf3nce#!''' you would enter '''w0rdf3nce#! 123456''' (or whatever your code is)</li>
 +
<li>Hit the login the login button and it should sign you in.</li></ol>
 +
 +
• Traditional cellphone method  -
 +
<ol><li>Enter your username and password as per normal and hit the login button.</li>
 +
<li>A unique code is sent to your phone via SMS. For example wf5246</li>
 +
<li>You will be shown a message asking them to re-enter your username and password followed by a space and the code you were sent.</li>
 +
<li>Re-enter your username.</li>
 +
<li>Enter your password but this time add a space character to the end of your password followed by the code you were sent. For example, if your password was '''w0rdf3nce#!''' you would enter '''w0rdf3nce#! wf5246'''</li>
 +
<li>Hit the login the login button and it should sign you in</li></ol>
 +
 +
There is a new option to enable a separate prompt for the two factor or GA code.  This will give you a separate prompt after entering the username and password initially. <br>
 +
 +
[[File:Sepprompt.jpg]]<br>
 +
 +
'''''Note :''' If you theme customizes the login or login process this may not work.  In this case the standard method of entering the password, a space, and wfCode will.  For example, if your password was w0rdf3nce#! you would enter w0rdf3nce#! wf5246 or w0rdf3nce#! 123456 if using google authenticator.'' 
 +
 +
==Extra Security==
 +
 +
There is also a new option to force all admin users to use 2FA.  You must have one administrator user '''currently using 2FA''' to enable this option.  <br>
 +
 +
[[File:AdminALL.jpg]]
 +
 +
==Troubleshooting==
 +
 +
If you need to resend the authorization code for the cellphone method you can use this link:
 +
http://www.wordfence.com/re-send-two-factor-authentication-code/
 +
This ONLY works if done within the same hour you tried the normal method.

Revision as of 19:20, 25 July 2016

Wordfence's Cellphone Sign-in uses a technique called "Two Factor Authentication" which is used by banks, government agencies and military World-wide. It is one of the most secure forms of remote system authentication. It's now available from Wordfence for your WordPress website.

This method of signing into your website relies on something you know and something in your possession. That is why it is referred to as two factor - because two factors are involved in authenticating you.

In this case you know your password and you are in possession of your cellphone. If we can verify both of these, then we know that it's OK to allow you to access your website as an administrator.

Wordfence cellphone sign-in is designed to be used mainly by site administrators and those with high level access e.g. with publisher access. Please note that this is a premium feature which means you need to purchase a premium Wordfence key from our website at http://www.wordfence.com to activate cellphone sign-in.

Adding users

On the cellphone sign-in page add a user in the box indicated

Addusers1.jpg

Next choose a method of authentication to use. You can choose:

  • Google Authenticator - This uses the Google authenticator app found in the google play store or Apples App store for free. Choosing this method opens a new window with a QR code to scan using the google authenticator app that allows you to use it to get a code to login. GA-authcode.jpg
    It also includes back up codes that can be used in the event you have a problem with GA working correctly. These codes are one time use only!
    This option should work well for users in India whose cellphone carriers restrict their access during certain hours.
    Note : If you are an administrator and setting it up for someone else, you can either screenshot the QR code and email it to the user or provide them with the manual code that they can input into the GA app.
    GA-authcode-closeup.jpg

  • Send code to a phone number - This method uses the traditional method we have employed for 2FA, where a code is generated and sent to your cellphone.
    1. The first step is to enter the username of the user who you want to enable cellphone sign-in for.
    2. Then enter their phone number below the username starting with a plus (+) character to indicate the country code. Separate the country code, area code and number using dashes although this separation is not important, it's mainly to help you read the number correctly. Note that you may have to remove the 0 before the area code.
    3. Click the button to enable cellphone sign-in.
    4. A code will be sent to the user's phone. Ask the user what the code was and enter that code in the text field next to the label "Enter activation code".
    5. Click the 'Activate' button.
    6. Cellphone sign-in will now be activated for that user.

If you want to disable cellphone sign-in for a user, simply hit the 'delete' link next to their username on the cellphone sign-in page to disable cellphone sign-in for that user.
Important note for admins : If you are adding multiple users to cellphone sign in, you have to enter the activation codes in the order that you set the users up. If you add user A, user B, user C you need to enter the codes in that order when activating them (A,B,C).

Note about both methods:
Regardless of which method you sign the user up for, they will be required to provide a code to you after signing up so you can activate the user. If using GA you can use one of the backup codes provided to activate the user. If using the cellphone method the user needs to provide that code back to you within 30 minutes to activate the user. Add the code to the appropriate user in the “Cellphone Sign-in Users” section and click activate.


Using Cellphone Sign-In

• Google Authenticator -

  1. Enter your username and password as per normal and hit the login button.
  2. You will be shown a message asking them to re-enter your username and password followed by a space and the code you were sent.
  3. Re-enter your username.
  4. Retrieve your current Google Authentication code from your phone
  5. Enter your password but this time add a space character to the end of your password followed by the code you were sent. For example, if your password was w0rdf3nce#! you would enter w0rdf3nce#! 123456 (or whatever your code is)
  6. Hit the login the login button and it should sign you in.

• Traditional cellphone method -

  1. Enter your username and password as per normal and hit the login button.
  2. A unique code is sent to your phone via SMS. For example wf5246
  3. You will be shown a message asking them to re-enter your username and password followed by a space and the code you were sent.
  4. Re-enter your username.
  5. Enter your password but this time add a space character to the end of your password followed by the code you were sent. For example, if your password was w0rdf3nce#! you would enter w0rdf3nce#! wf5246
  6. Hit the login the login button and it should sign you in

There is a new option to enable a separate prompt for the two factor or GA code. This will give you a separate prompt after entering the username and password initially.

Sepprompt.jpg

Note : If you theme customizes the login or login process this may not work. In this case the standard method of entering the password, a space, and wfCode will. For example, if your password was w0rdf3nce#! you would enter w0rdf3nce#! wf5246 or w0rdf3nce#! 123456 if using google authenticator.

Extra Security

There is also a new option to force all admin users to use 2FA. You must have one administrator user currently using 2FA to enable this option.

AdminALL.jpg

Troubleshooting

If you need to resend the authorization code for the cellphone method you can use this link: http://www.wordfence.com/re-send-two-factor-authentication-code/ This ONLY works if done within the same hour you tried the normal method.