Smartest Way to Secure WordPress Login using Login Dongle Plugin

As It is very difficult to get a comprehensive and easy to understand answer to the question, that How do I secure my WordPress site? since we all know that no doubt that WordPress is decidedly one of the biggest blogging platforms in the world today. Even though it is not a free platform, the professional manner of this platform is what makes it more popular. And that is the reason why a lot of online business entrepreneurs are using WordPress.

Being one of the most popular platform, WordPress is targeted by hackers all the time. Since WordPress relies on PHP, MySQL,  plugins and themes, and it’s not so tough to find a vulnerability in any existing poorly coded theme or plugin. Even, at times when WordPress rolls out new version, we often see a security exploit. So before I share few plugins to secure WordPress logins, let me clear few points about WordPress security and also here I’m linking to some of the previous articles, which will help you to make your blog more secure:

Here are few articles from past, which will help you to tighten your WordPress blog against hacking:

Here at ShoutMeLoud, we have talked a lot about WordPress login security and especially, when you are running a multi-author blog or a guest blogging enabled blog, you need to take extra steps to secure WordPress login page. I’m sure most of the bloggers have heard about Login lockdown plugin or conditional captcha plugin, which is one easy way to safeguard your WordPress login from bruteforce attack. Now, lets assume you have a blog with single author (You) and you want to make sure that your login security is top notch, how would you do that?

How to use Login Dongle to Secure WordPress admin login?

If we say that Blog on WordPress would be 100% secure that is not possible at all as if a hacker is desperate to hack your Blog then there is no way out but still we can make it secure at some level using a few Plugins one among them is Login Dongle . As we go to WordPress plugin repository we could find almost 22k+ plugins out of which there are more than 1000 plugins are related to security with different kinds and purposes .

Let’s get back to the topic Login Dongle is a plugin that takes a very unique approach to protect your WordPress Blog, It generates a book marklet with a secret question that you can add to you bookmarks. Let’s check out its working :-

Login dongle

Just after you’ve completed with installing this plugin you need to go to the plugin page under Settings and you’ll be followed by the screen  you can see above. Now you need to type the message that an individual will see even if he got your WordPress Blog’s Username & Password and tries to login into it without pressing the bookmark that you’ll drop in your Browser’s bookmarks links. for ex. you can write here any line that you want a failed login person(generally Hacker) will see. You can also add html links of your homepage of images in this box .

Next Step : Now,you need to go to your WordPress Blog’s profile and you will see the screen shown in image Below:-

Login Dongle settings

Now, you have to fill the Challenge & Response columns with a question and a answer of that like in the Challenge field you can write “What are You Doing Here?” & in response field you can write “logging into my Dashboard”  you can understand it properly by viewing image below:-

Login Challenge

Next step navigate below and click on Update Profile button ,Now again open your WordPress Blog’s profile and below the Challenge & Response you can see a new field of Generated Codes with following sub-options

  • Raw bookmarklet
  • Encoded bookmarklet
  • XM–RPC end point

Now , you can choose any link  from these options ” I use the Encoded bookmarklet ” you just need to drop the link in your Browser’s bookmark link list and now its time to test that is it working or not ? just Logout from your admin panel and try to login again with your username & password and click on Login button, you’ll not be able to login now and you will see a new window with the message you’ve typed at the very first step looks like this :-

WordPress login security

now again go to the wp-admin page of your WordPress Blog and write your Username & Password like you always type and now click on the Link which you’ve dropped into your Bookmark’s tab and you will see a popup window with a message that the page at says below that you will see the text you’ve put in Challenge Box now all you need to do is to fill the Response text and hit enter ,That’s it now you’ll be redirected to your Dashboard successfully and added an Extra Shield to your WordPress Admin Panel :)

2 More WordPress plugins to Secure WordPress login:

You can also Use two other great Plugins for securing WordPress login page :-

Google Authenticator

The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry. You may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on your Gmail or Google Apps account. The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.

Duo Two-Factor Authentication

This plugin enables Duo Security’s two-factor authentication for WordPress logins. Duo provides simple two-factor authentication as a service via:

  • Phone callback
  • SMS-delivered one-time passcodes
  • Duo mobile app to generate one-time passcodes
  • Duo mobile app for smartphone push authentication
  • Duo hardware token to generate one-time passcodes

These are few of the options to add an extra level of security in your WordPress login page. Though, I find the Login dongle as the best option to secure WordPress login for a single authored blog. Depending upon how you use your WordPress blog, you can pick any of these above mentioned Login security plugins to make your blog secure from Hackers.

Do let me know which WordPress login security plugin are you using on your blog? Also, if you find this article useful, don’t forget to share it on Facebook and Google plus.

This is a guest article by Ayush Jain from AyushJain.Info. If you would like to write for ShoutMeLoud, check our guest submission guidelines.

Subscribe on Youtube

Article By


COMMENTs ( 3 )

  1. says

    Thanks for sharing the plugins Ayush. I have been using Login Lockdown on my site and it adds a layer of security by blocking IP address from where many failed login attempts have been reached.

  2. Manish says

    Hi Ayush, Thank you so much for this amazing post. I was really looking something like this that ensures the security of wordpress.


    • Ayush Jain says

      Thanks for appreciating !! soon i will write more articles here on WordPress security and on my personal blog too ..