Security New and Improved
as opposed to old and inferior. With a rash of security issues earlier this week, we have taken some steps to better protect your data. If you try and log on to your website you’ll notice a new feature on your login screen. Your old login will continue to work however we’ve enabled a multifactor authentication method for your website. You are free to chose if you want to use this or not, but of course we recommend that you do. This requires you to not only have your password but also a 6 digit code generated by your smart phone. This code changes ever minute to prevent someone from stealing your account.
Before you can enable Multifactor Authentication on your WordPress account, you'll need to install the Google Authenticator app on your smartphone or tablet device.
NOTE: If you already have the Google Authenticatorapp on your smartphone or tablet device, you just need to click the "+" in the lower right corner (iOS) or open the settings for the app and click "Add account" (Android) and then proceed to the next section of this walkthrough.
Google's official documentation on downloading and installing the app can be found here: http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447.
The app can be downloaded from your device's App Store (or use Google's direct link for BlackBerry):
Turn On Multifactor Authentication
- Once you have the Google Authenticator App installed, log in to your wordpress account and on the dashboardgo into your user profile on the uppermost right hand corner. It should show “Howdy, person” Click on your name and chose Edit My Profile. You should see a section called “Google Authenticator Settings”
- Enable the Activebutton to enable multifactor authentication.
- In the description field, enter the name as you want it to appear in your app, ie, mydomian.com (optional)
- Click the Show/Hide QR Codebutton.You will now see a QR Code and a 16-digit Secret Key that you will need to activate Multifactor Authentication.
- Use the Google Authenticator App to scan the QR code. If your device does not have a camera you can enter the 16-digit Secret Keyshown above the QR code into the app manually. If you have more than one device running Google Authenticator, scan the QR code or enter the key on every device that you want to use with this account.
- The Google Authenticator app will display a 6-digit passcode. Enter the 6-digit passcode in the Passcode field.If you are using counter-based codes you may need to press the refresh button to display the first code
- Click the Activate!button and we'll make sure our servers are properly synced with your phone.Your account now has Multifactor Authentication enabled.
- If you suspect your account may be compromised (for example if you have lost your phone or mobile device), you can use the Regenerate Key button to invalidate the old key and create a new one.
Changes to Login with Multifactor Authentication Enabled
Once you've enabled Multifactor Authentication, you'll notice changes to the Loginscreen and the steps necessary to access your account.
Your Login screen will look like this:
You will now see a Google Authentication Code field which you will use to enter the 6-digit passcode generated by your mobile device, and a Remember this computer?drop-down which will save you the step of generating and entering a passcode for either 1 week, or 1 month.
If you choose one of the options from the Remember this computer? drop-down such as 1 month, and log in during the time period you've selected, instead of the Multifactor Authentication Code field you will see a message indicating that your computer has already been verified.
After the time period you have selected expires, you will once again see the Multifactor Authentication Code field.
Changes When Logging in from a New Computer
Multifactor Authentication uses browser cookies to function, so if you try to log in from a new computer that has never been logged into DreamHost before, the Multifactor Authentication Code field will not initially be visible, and your first log in attempt will fail. After that first attempt, DreamHost will identify your account and make the Multifactor Authentication Codefield visible so that you can log in.
- This error message will appear the first time you log in with a new computer or if you do not enter a Multifactor Authentication Code: