Facebook and Google, those popular websites we all know and love, have cleverly hopped on the security bandwagon by offering two-factor authentication (2FA) to their users.
Now, WordPress users can join the party too! With the nifty CM Secure Login plugin, you can fortify your WordPress site with an extra layer of protection, making it nearly impossible for sneaky hackers to hijack your internet escapades.
This plugin offers a range of user-friendly 2FA methods, ensuring top-notch security for you and your registered users. Plus, it shows detailed information about the user login method, browser info, IP address, and more.
In this hands-on review of CM Secure Login, we’ll look at how to set up and configure the plugin from scratch. Read on to discover how you can enhance your website users’ security with this robust 2FA plugin.
CM Secure Login: Overview and Key Features
CM Secure Login is a powerful WordPress plugin that provides enhanced security measures through two-factor authentication (2FA). It offers multiple authentication methods to ensure secure logins for users. Here are some of its key features:
- Multiple Authentication Methods: Users can choose from various authentication methods, including mobile phone SMS, Google Authenticator, email code, email ink, or Email/SMS code.
- Protection Method Settings: Administrators can specify which user roles require two-factor authentication, ensuring enhanced security across the board.
- IP and Device Restrictions: Limiting logins to specific IP addresses and devices adds an extra security layer, preventing unauthorized access attempts.
- User and Admin Notifications: Customize email templates for user notifications, including SMS/email verifications, GA secret creation, and security feature activation. Admins can also receive login information notifications for added visibility.
- Login Statistics: CM Secure Login enables the collection of comprehensive login statistics, providing insights into user activity, devices, browsers, IP addresses, and login methods.
Hands-On With CM Secure Login
In this section, I’ll explain how you can install and start utilizing CM Secure Login to enhance your website’s user security.
To begin, download the plugin from CreativeMinds’ official website. Once you have the plugin file (.zip) in your possession, navigate to the Plugins section within your WordPress admin dashboard. From there, simply upload the plugin file and proceed to install and activate it.
Upon successful activation, you’ll immediately notice a dedicated CM Secure Login menu added to your admin dashboard. This menu will serve as your gateway to unlocking the full potential of the plugin.
CM Secure Login Use Cases
CM Secure Login has various use cases. You can use the plugin to:
- Improve WordPress site security: CM Secure Login plugin adds an additional level of security to each user account with a secret key, effectively blocking bots, threat actors, and malicious users.
- Safeguard admin accounts: Enhance the security of powerful user accounts on your site by adding Google Authenticator as a secondary password, ensuring peace of mind.
- Enable exclusive SMS login: Users with the Subscriber role can log in only with the SMS link, eliminating the need for password management and enhancing convenience.
- Simplify user login: Integrate social media login options, allowing users to access their accounts using their existing social media credentials for a seamless login experience.
To showcase the versatility of the CM Secure Login, we will demonstrate a selection of these use cases. (Note: Some of them require functionality that’s only available in the Pro version of the plugin.)
Article Continues Below
General Settings to Set Up 2FA
To set up 2FA via CM Secure Login, you’ll need to make changes in General settings. Open the plugin dashboard, then click the General tab to proceed.
The next step is to choose a protection method. As I mentioned earlier, you can enable 2FA via mobile phone SMS, Google Authenticator, email code and email verification. Here’s a guide to help you learn more about each of them.
Once you’ve selected a protection method, select “Yes” for require a protection method for all users.
Here’s what users will see after you’ve enabled 2FA on your website.
CM Secure login also lets you disable password for every user or just those with specific roles. This option does not mean that users will just need their username to log in. Rather, it will prompt them to sign in with their username + preferred authentication method.
This area allows you to set whether a user entering an incorrect code needs to wait before trying a new one and how long the code will be valid. You can also choose to automatically logout after a certain period to ensure the safety of the account (even if the user forgets to log out).
For code generation, you can choose which characters should be used to create the code and define the length.
Want to collect detailed info about all users who logged in using 2FA? Make sure to Enable Statistics. This prompts the plugin to collect data and sort it by:
- User role
- IP address
- Login method
- Device Info
- Login time
Plus, the latest version of the plugin allows you to filter the data by the specific user and period of time.
Moreover, you can view the success rate of logins to your site. This enables you to gauge whether more users are leveraging the 2FA option or otherwise. Based on the results, you can continue with your initial configuration or make changes to drive successful logins.
Changing CM Secure Login Form’s Appearance
You can customize the login form that CM Secure Login displays for 2FA sign in. Go to the Appearance tab and replace the default login instructions content with your in. Those familiar with CSS can even design their own login form and align it with their brand/website theme.
Configuring Email Notifications
In the notifications tab, you can choose to send the 2FA authentication code via email. Here, you can also customize the subject and body template of the electronic message. Remind users of how to use the authentication code to log into your website.
CM Secure Login Pricing
The basic version of CM Secure Login is free to install and use on your website. But if you want access to the advanced features, you’ll need to sign up for a plan.
CM Secure Login comes with three different price plans:
- Essential (Pro): $49 for 1 website
- Advanced + HTTPS SSL Plugin Bundle: $69 for 3 websites
- Ultimate Security Bundle: $119 for 10 websites
All plans come with 1 year of support and updates and a 30-day money-back guarantee.
Having run a WordPress site for years, I’ve witnessed users conveniently overlooking security. Understandable, given the tedious and baffling nature of it all. Yet, relying on luck to fend off hackers is less than ideal.
That’s where CM Secure Login shines. This plugin not only allows you to effortlessly set up 2FA for your visitors, but it also lets you ditch those old-fashioned passwords entirely. What sets it apart are the nifty extra features: custom authentication methods, IP address and device limitations, and WooCommerce compatibility.
Don’t leave with your website security to chance.