Most financial institutions and large companies require you to add security questions on your account for identity verification. Recently one of our readers asked if it was possible to add security questions in WordPress to add an additional security layer. In this article, we will show you how to add security questions to WordPress login, registration, and reset password page.
Why Add Security Questions to Login & Registration Forms in WordPress?
There are many ways to protect WordPress admin area from unauthorized access. However, if you run a multi-user or WordPress membership site, then it becomes difficult to choose between security and user experience.
Adding a security question to your WordPress site’s login screen acts as an additional password. Your users can choose a question from a list of random questions and then add an answer to that question.
This makes it difficult for hackers to enter a website using a compromised password or email address.
Adding Security Questions to Improve WordPress Login Security
The first thing you need to do is install and activate the “WP Security Question” plugin.
Upon activation, you need to visit Settings » Security Questions page to configure the plugin settings.
You will see a list of security questions already setup. You can add your own security questions by clicking on the “Add more” button at the bottom. Alternatively, you can also edit or remove the existing questions.
At the bottom of the settings pages, you will find the options to enable security questions on login, registration, and lost password pages.
Don’t forget to click on the save settings button to store your changes.
That’s all. From now on all users on your site will be asked to select and answer their security question on the login page.
Your WordPress site’s registered users can visit their Profile page to select a security question and add their answer to it.
Users who do not set a security question will still be able to log in by just using their username/email and password.
If you enabled security questions on the registration page, then new users will be able to select a security question during registration.
Enabling security question on forgot password page will ask users to answer their security question to get the password reset email.
If a user’s email address is compromised, then this would stop someone from gaining access by “resetting password”.
At WPBeginner, we use “Sucuri” to protect our website from malicious attacks and login attempts. “Sucuri” is a web security company that offers website monitoring and firewall services.
We hope this article helped you learn how to add security questions to your WordPress login screen.