How to Add Security Questions to WordPress Login Screen
Most financial institutions and large companies require you to add security questions on your account for identity verification. Recently one of our readers asked if it was possible to add security questions in WordPress to add an additional security layer. In this article, we will show you how to add security questions to WordPress login, registration, and reset password page.
Why Add Security Questions to Login & Registration Forms in WordPress?
There are many ways to protect WordPress admin area from unauthorized access. However, if you run a multi-user or WordPress membership site, then it becomes difficult to choose between security and user experience.
Adding a security question to your WordPress site’s login screen acts like an additional password. Your users can choose a question from a list of random questions and then add an answer to that question.
This makes it difficult for hackers to enter a website using compromised password or email address.
Having said that, let’s see how you can easily add security questions to your WordPress site.
Video Tutorial
If you don’t like the video or need more instructions, then continue reading.
Adding Security Questions to Improve WordPress Login Security
First thing you need to do is install and activate the WP Security Question plugin. For more details, see our step by step guide on how to install a WordPress plugin.
Upon activation, you need to visit Settings » Security Questions page to configure the plugin settings.
You will see a list of security questions already setup. You can add your own security questions by clicking on the “Add more” button at the bottom. Alternatively you can also edit or remove the existing questions.
At the bottom of the settings pages, you will find the options to enable security questions on login, registration, and lost password pages.
Don’t forget to click on the save settings button to store your changes.
That’s all. From now on all users on your site will be asked to select and answer their security question on the login page.
Your WordPress site’s registered users can visit their Profile page to select a security question and add their answer to it.
Users who do not set a security question will still be able to login by just using their username/email and password.
If you enabled security questions on registration page, then new users will be able to select a security question during registration.
Enabling security question on forgot password page will ask users to answer their security question to get the password reset email.
If a user’s email address is compromised, then this would stop someone from gaining access by resetting password.
At WPBeginner, we use Sucuri to protect our website from malicious attacks and login attempts. Sucuri is a web security company that offers website monitoring and firewall services.
See how Sucuri helped us block 450,000 WordPress attacks in 3 months.
We hope this article helped you learn how to add security questions to your WordPress login screen. You may also want to see our guide on how and why you should limit login attempts in WordPress.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
