WordPress logins are among the most brute-forced on the internet. Notakey provides a dedicated plugin that adds a phone-tap second factor in six steps.
Six steps to a protected login
1. Prepare a Notakey authentication server, on-premises or cloud-hosted; the free tier is enough for a small team.
2. Install two plugins in WordPress: the Two-Factor plugin and the Notakey Provider for Two-Factor extension.
3. Activate both plugins.
4. Create an application and API credentials in the Notakey appliance dashboard, with scopes for authentication, user management and device management. Configure onboarding requirements; phone-number-based SMS verification is one ready-made option.
5. Configure the Notakey extension under WordPress Settings: enter the authentication server’s service URL, client ID and secret, service ID, and service domain.
6. Onboard users. Each user installs Notakey Authenticator, opens their WordPress Two-Factor Options, starts onboarding, and scans the QR code to finish setup on their phone.
From the next login, WordPress asks the phone — and password phishing against your site stops paying.