Skip to main content

Setting Up WordPress With WWPass Multi-factor Authentication

Introduction

WordPress is the world's most popular content management system, which makes it an attractive target for hackers. Not only it is crucial to keep your WordPress installation up to date to mitigate known vulnerabilities, but it is also important to use a stronger authentication than the default username and password-based login offered by WordPress.

For a long time, WWPass had a native authentication plugin for WordPress, still available in the WordPress plugin directory. However, this plugin is no longer recommended for new installations. We recommend using WWPass OIDC/OAuth 2.0 connector and OAuth Single Sign On – SSO (OAuth Client) by miniOrange. This provides a much simpler installation experience and puts fewer requirements on your WordPress installation environment.

Prerequisites

Before you can use WWPass authentication with your WordPress website, you need to create a WWPass customer account and register your WordPress domain with WWPass. Log in to https://manage.wwpass.com/login with your WWPass Key, choose "Add new application", and follow the instructions.

Once you successfully registered your website, open it in the list of native integrations, select the IdP tab, and click "Enable IdP".

important

Please store the IdP Client Secret in a safe place. You will need the client secret to configure the WordPress plugin.

Setting Up Wordpress

Log in to your WordPress admin dashboard and install OAuth Single Sign On – SSO (OAuth Client). Once you install the plugin, follow the instructions below.

OAuth Single Sign On – SSO (OAuth Client)

  1. Select miniOrange OAuth in your WordPress admin panel
  2. Click Add New Application and choose Custom OAuth 2.0 App among OAuth / OpenID Connect Providers list
    1. Copy Callback URL/Redirect URL and insert it into your manage.wwpass.com IdP Redirect URI field, click Next
    2. Add App name for example WWPass
    3. Add https://oidc.wwpass.com/authorization as Authorization Endpoint at WordPress plugin configuration page
    4. Add https://oidc.wwpass.com/token as Token Endpoint at WordPress plugin configuration page
    5. Add https://oidc.wwpass.com/userinfo as Userinfo Endpoint at WordPress plugin configuration page, click Next
    6. Copy Client ID from manage.wwpass.com IdP page and insert into Client ID field at WordPress plugin configuration page
    7. Copy Client Secret from manage.wwpass.com IdP page and insert into Client Secret field at WordPress plugin configuration page
    8. Put openid email profile to Scope field at WordPress plugin configuration page, click Next
    9. Click Finish, you should see a new browser window with test authentication procedure
    10. Scan the WWPass QR code with your WWPass Key app to complete the test and click Finish to finalize plugin setup procedure.
important

Choose Attribute/Role Mapping tab at plugin setup page and choose nickname for Username field using select. Click Save settings

  1. Your setup is ready to run!

For OAuth Single Sign On – SSO (OAuth Client) By miniOrange

Go to your-wp-website.com/login page, click Login with WWPass button, and login to your WordPress website using WWPass Password-less Authentication.