...
| URL | Area | Purpose |
|---|---|---|
| http://www.dailyplanet.com/blog/ | Public | You can hit this url right now and see a default working site. This url is where your users will enter. |
| http://www.dailyplanet.com/blog/wp-admin/ | Administration | This url results from clicking the "Log In" button after the WordPress install is complete. It can also be accessed through the Public homepage by click "Log In" located at the bottom right under "META". The Administration area allows the customization and configuration of WordPress. Also, once logged into the administration, if you browse to the public area, you will see new additional buttons and options to create posts and edit the website contents. |
If you have the Install WordPress Success Screen still up, click "Log In" will take you to the Word Press Administration url or use the url in the table above.
...
Minimal Security - Block Login Attacks
| Plugin | Description | Review |
|---|---|---|
| Google Authenticator | The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry. If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on your Gmail or Google Apps account. The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts. If You need to maintain your blog using an Android/iPhone app, or any other software using the XMLRPC interface, you can enable the App password feature in this plugin, but please note that enabling the App password feature will make your blog less secure. | |
| Duo Two-Factor Authentication | This plugin enables Duo Security's two-factor authentication for WordPress logins. Duo provides simple two-factor authentication as a service via:
This plugins allows a WordPress administrator to quickly add strong two-factor authentication to any WordPress instance without setting up user accounts, directory synchronization, servers, or hardware. | Free signup but it looks like only 1000 transactions for the life of the account. Looks very professional. |
Set Up Users
The default user created is an administrator and has more privileges than necessary. The very first step is to create users with specific roles provided by WordPress. The roles are outlined below in order of most privileges to least.
...