Skip to main content

WordPress plugin integration

This document walks you through setting up the Acceptto™ WordPress™ plugin and enabling multi-factor authentication to enhance the security of your website’s user and administrator accounts.

Initial steps

  1. Download the Acceptto 'It'sMe™' application on your mobile device and create an account in the app.

  2. Login to the Acceptto admin panel and navigate to the Applications tab.

  3. Click the 'New Application' button, enter the name of your application (i.e., My Wordpress Site), enter the URL for your WordPress site, and select a color. The name and the color are what the users of your site see in the Acceptto It'sMe mobile app. Within this newly created application are your UID and Secret.

Installing the Plugin

Navigate to the Administration panel of your WordPress page, click the plugins tab, select ‘Add New,’ then search for Acceptto.

wordpress_add_plugin.png

Click on the "Install Now" button.

Activate the Plugin

After Installation, click the "Activate" button.

wordpress_activate.png

Configuration

For this step, you need your Acceptto UID, Secret, and API Host URL that you got in 'Initial Steps.' In your WordPress admin panel, click on plugins, then click on the Acceptto plugin settings.

wordpress_plugins.png

Configure Plugin

Here you need to enter the UID, Secret, and API Hostname.

wordpress_plugin_settings.png

In 'Enable for roles' you can specify which roles you want using multi-factor authentication. By default, all roles are selected. Finally, click on the "Save Changes" button.

Enable Multi-Factor Login for User

Now you can enable Multi-Factor Authentication for any user that has registered for an account with Acceptto. For example, let's set up your account! Click on "Users" in the WordPress Admin Panel and navigate to your profile. At the bottom of your user's profile page, there is now a field titled 'Acceptto Email' beneath 'User's Acceptto Email Address For Multi-Factor.'

wordpress_plugin_add_email.png

Set this field to your Acceptto email address which you registered, then click 'Update Profile' and your account will be multi-factor enabled. To try out the new functionality, 'Log Out' of WordPress and sign in again. You will be taken to a multi-factor authentication page to choose whatever authentication method you want.

Acceptto Email Field

All users now have the 'User's Acceptto Email Address For Multi-Factor' section in their user profile. Select any user and click ‘Edit.’ You will see at the bottom of the user the plugin has added a new field for ‘Acceptto Email.’ This email address is the same one that is associated with the account. If the user's email address is already registered with Acceptto, then the user will experience Multi-Factor Authentication upon their next login. If the user's email is not yet registered, then the user will be redirected to register at the Acceptto website the next time they log in to your site.

wordpress_plugin_email.png

User Registration

After you activate and configure the Acceptto WordPress plugin, all of the users that aren't already registered are redirected to register with Acceptto the next time they log in. To log in, they must register their Acceptto account.

wordpress_register.png

User Multi-Factor Authentication

After registering their Acceptto account, the user can log in to their account using Multi-Factor Authentication (see below). This is where the user chooses how they want to authenticate. They can choose between SMS, Phone Call, Email, or Offline TOTP. TOTP requires the Acceptto It’sMe mobile application and must be configured beforehand. After selecting one of these options, the user receives a security code to authenticate. Upon successfully entering this code, the user is logged in.

Select MFA method

Support

If you have questions or need assistance, contact SecureAuth Support.

Sales

Want to learn more about our MFA solutions? Contact our Professional Services for a demo today.

Disclaimer

All product names, trademarks, and registered trademarks are the property of their respective owners.

All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the SecureAuth Corporation.

WordPress are either registered trademarks or trademarks of Automattic Inc. and/or one or more of its subsidiaries in the United States and/or other countries.