Use Two Factor Auth in WordPress with Magical Wave of Keyy

dailydose

#1

Meet Keyy - The two-factor authentication plugin for WordPress which works flawlessly like Clef. This plugin has been created by David Anderson and Team Updraft.

keyy-intro

It’s time to forget about …

  • Brute-forcing
  • Weak credentials
  • Key-logging
  • Password re-use
  • Shoulder-surfing
  • Connection sniffing

Getting Started with Keyy

  1. Install the Keyy application on your Android / iOS device.

  2. Next, Install and activate the Keyy Plugin into your WordPress

  3. Go to Plugin Settings > Scan QR code to pair with your Device.

  4. Similarly, for login to WordPress, just scan the magical wave.

I hope this helps and you liked this tutorial. Have any question, please feel free to ask below.

#DailyDose

Thanks & Regards,
Gulshan


How do you protect your password?
Wordpress Security
How do you protect your password?
Which security plugins are you guys using?
#2

What do you think, we should definitely use this plugin or it is optional?


#3

I truly liked this plugin, it’s so easy to use. No optional.


#5

Can I login only from my smartphone while using this plugin?


#6

Yes, of course. Just you need to open site link using its App.


#7

I have installed Keyy on my Wordpress, after recommendation by Gulshan :slight_smile:

It is better than Google 2FA I think.


#8

Should I remove ‘’ Limit Login Attempts ‘’ plugin after installation Keyy plugin?

Last update of the Limit Login Attempts plugin was published 6 year ago by author.


#9

If the app is uninstalled from my phone , I will not be able to login again ? So, should I keep one screenshot of the qr code ?


#10

Of course, yes. We should not use such plugin that has not been updated since years.


#11

After installation Keyy plugin, The plugin gives you an url to login without keyy.

Example: yoursite.com/wp-login.php?keyy_disable=SFKkYd790Fr11o2p8iX2iWUYPDtgLqD

If you login by using secret url without Keyy plugin, Url will be changed each time automatically.


pinned #13

#14

I’m under brute force attack. It shows in WP activity feed that someone is trying to log in with my username in every 2-5 minutes and failing every time. It also tried to log in with one temp ID that I created as an author. So I removed that id too. But the most spooky thing is that it shows localhost [127.0.0.1] as the IP address of the attacker.
I have disabled all access to my APPs, and Server.
Which 2 FA plugin to install?

Google Authenticator by miniOrange or
Keyy 2FA by updraftplus?


#15

Here’s the fix

https://gulshankumar.net/fix-wordpress-showing-localhost-ip-127-0-0-1-comment-author-instead-real/

You can hide original username. Please search forum, written about it.


#16

I have already done that. Thanks.


#17

Ok, is it working or still happening?


#18

I have installed Keyy plugin. So it has stopped. but still in jetpack it shows local IP while in comments it shows real IP. The problem is with jetpack only.


#19

You are using Cloudways + Varnish, this commonly happens in this case. In above link, I have shared solution. It should work perfectly if implemented correctly.


#20

I’ll move from CW to DO next month. Appreciate your help… thank you :smiley: