WordPress is going strong, even in 2022. With a 40%+ market share, it is popular among news websites, bloggers, and small businesses. With wide usage, security is always a concern. Introducing – FluentAuth plugin from the WPManageNinja team, known for popular plugins like FluentCRM, Fluent Forms, and more.
WordPress is a fantastic solution, and we make a living by providing high-quality tools and plugins to businesses to help them grow and improve their conversion rates.
The default WordPress authentication system is limited, requiring users to install multiple plugins to enhance security and improve the user experience. One of the biggest challenges WordPress site owners face is their site getting hacked. Hackers often use brute-force attacks to guess passwords and gain access to the admin panel. Another issue is that people often use the same password on multiple sites, making it easy for all of their accounts to be compromised if one password is exposed.
Many WordPress users install multiple security plugins to address these issues, but these plugins can be resource-intensive, intercepting every WordPress request and applying many unnecessary rules that slow down the site.
To address these issues, our security plugin offers a simple and effective solution. It enhances the authentication process by enabling Two-Factor Authentication for selected user roles and limiting the number of login attempts from a specific IP address within a given time frame, effectively eliminating brute-force attacks. It also improves the user experience by allowing users to log in via email or social media accounts, eliminating the need for passwords. In addition, the plugin offers email notifications for important events, detailed logs of failed and successful login attempts, and customizable login and logout redirects. It is built for performance, using the latest technologies to minimize its impact on server resources.
Our approach to solving the issue of insecure authentication on WordPress sites is straightforward: we focus on securing the authentication process. We have developed a range of features that can be quickly and easily implemented to improve the security of your site.
Enable Two-Factor Authentication for selected user roles
You only need to restrict high-level user roles. You may not need to enforce complexity for low-level user roles like your subscribers.
Eliminate Brute-Force attacks
Set how many times an IP address can try to log in for a specific time frame. This will prevent brute-force attacks and guessing your password.
Log in via Email (Magic Login)
In addition to enhancing security for high-level user roles, we have also improved the authentication process for end users like customers and subscribers. Traditional password-based login systems can be inconvenient for users who forget their passwords and have to go through multiple steps to reset them. In some cases, this can cause users to abandon your site, resulting in lost business.
To address this issue, we have improved the login flow and added features that allow users to log in without a password. Instead, users simply need to type their username or email address, and the plugin will send them an email with a secure, one-time-use link to log in to the site. This eliminates the need for password resets and improves the user experience.
Social Logins / Registration
In addition to the email-based login feature, we have also implemented social login using GitHub (with support for Facebook, Google and other platforms coming soon). This allows your users to log in to your site using their existing social media accounts, eliminating the need for passwords altogether. This makes the login process faster and more convenient for users, and also improves security by reducing the number of passwords that need to be managed and protected.
Email Notification on Important Events
As a business owner, it’s important to have multiple users with high-level permissions, such as administrators, editors, and authors, to create and manage content on your site. It’s crucial to know when these users are logging in, or if someone unauthorized is trying to log in. To help with this, our plugin includes email notifications to alert you of these events. This allows you to monitor the login activity on your site and take action if necessary to protect against unauthorized access.
Detailed Failed / Successful Login Logs
We also added powerful logs to see exactly when someone is logging into your site and via which media (normal login form, magic URL, or social media).
Conditional Login / Logout Redirection
WordPress is used by a wide range of business types, and often, it’s necessary to redirect users to specific pages after they log in or log out. Our plugin includes a convenient configuration option that allows you to easily create your desired login and logout flow using a drag-and-drop builder. This gives you more control over the user experience and helps guide users to the relevant pages on your site.
Built for Performace
When we build any plugins, we always make it super fast and keep it simple yet powerful. This plugin was built using all the latest technologies like WordPress REST-API, VueJS V3, Vue-Router, and Element-Plus for UI building. For storing the audit logs, we use custom Database tables so they will not mess up with your default WordPress Database tables.
We could never have imagined the love, support, trust, and admiration that the WordPress community has shown us at WPManageNinja. We know we can never fully repay this debt, but we can certainly express our gratitude. The release of FluentAuth is our way of thanking the WordPress community for making us feel special and honored.
We extend our heartfelt thanks to all our users and supporters. Thank you!