SUA – Secure User Account WordPress Login is a plugin that will allow you to secure your account and change your personal information in a quick and easy way
Online Demo
Installation : The plugin is easy to install like any other WordPress plugins
Configuration : After the installation of the plugin, you just have to create a new page with the shortcode [sua] and add an administrator with a secure username (case insensitive) and password(at least 1 uppercase character (A-Z)
at least 1 lowercase character (a-z)
at least 1 digit (0-9)
at least 1 special character
at least 10 characters
no more than 2 identical characters)
Sign In : The authentication is secured by using the new Google captcha (reCAPTCHA) which is safer than blocking the IP addresses to prevent brute-force attacks
Sign Up : New user needs a username, email address and a password to register, the plugin reserve usernames and email addresses only after the validation of the account
Account History : History of all connections made on your account with all the necessary information to identify the user (browser, country, city, ip address)
Account Home : The user space is well presented, and the navigation is done in a modern manner, without reloading the page by using a secured single-page application (error messages, input validation, logging, clickjacking defense, cross-site request forgery (csrf) prevention, cross-site scripting (xss) prevention)
Change Password : The password is easy to edit, and you can change the number of attempts that a user can do before the automatic logout
Delete Account : All users can delete their accounts and you can change the number of days before the deletion
Email Notifications : You can enable email notifications by using the primary email address, recovery address or both, for all critical operations made on the user account
IP Verification : To enable the IP verification you just have to activate this option on your account and you will receive a mail with a code every time you will login to your account from a different location
Mails : All mail sent by the plugin are editable
Multifactor Authentication : The multi-factor authentication (MFA) has become necessary for all secure connections, that’s why the plugin offers this option by using a grid that you can print or save to confirm your connections
Notifications : All notifications sent by the plugin are editable
Personal Information : The user can change his personal information easily, and each time that the primary email address is changed the user must validate it before it will be accepted
Pin Code : The pin code is a 4 digit code to enhance the security of the account, to avoid using the password for each change and to require re-authentication for sensitive features
Recovery : The plugin implements a very secured password recovery mechanism to prevent spam and hacking attempts
Recovery Email : Each user can have a recovery address which can be used in the recovery of his account if he can’t use his primary address
Security Questions : Security questions are used before the recovery of an account to confirm the change of the password, answers are encrypted and the user can either create their own questions or use canned questions that are provided by the plugin
Token Verification : The tokens used by the plugin are unique and hard to guess and they have a lifetime that you can easily change