This document will walk you through setting up the Acceptto WordPress plugin and enabling multi-factor authentication to enhance the security of your website’s user and administrator accounts.
If you don't have an Acceptto account or the Acceptto mobile application, please download the app and register a new account on it:
Please navigate to the Administration panel of your WordPress page and select Add Plugins, then search for Acceptto:
Click on the "Install Now" button.
After Installation, Click on the "Activate Plugin" link.
Go to our Dashboard Login and Sign In with the account you registered on Acceptto's mobile app. Then go to Applications page:
Click on the "New application" button. It will take you to new application page, for each
application you want to integrate with Acceptto you should create an application here.
Set the name of application to whatever you like for example: "My Wordpress Web site".
Set the redirect URL to "http://your_domain_name.com" for example for our showcase website we set it to "http://wordpress.acceptto.com".
Set the color to whatever you like, this is the color band user will see next to your application name in Acceptto mobile app.
Click in the "Create Application" button, Now your application is created and you can copy "UID, Secret, API Host" from here:
Copy the "UID, Secret and API hostname" of your application from here.
Go back to your Wordpress admin panel and click on plugins and then click on "Acceptto plugin settings"
In Plugin settings you should specify UID, Secret and API Hostname. Paste the values you copied from Acceptto's dashboard.
In Enable for roles you can specify which roles you want to allow to use Multi Factor Authentication. By default all roles are selected. Finally click on the "Save Changes" button.
After you activate the Acceptto WordPress plugin, all of your current users will need to register on Acceptto on their next login. For example, if you select the Editors role in the plugin configuration page, it means all the Editor users will be redirected to the “Select your authenticator” page for MFA process. When editor users want to log in if they had Acceptto's account, they should go to MFA page directly but if they did not register Acceptto backend redirect the user to the Signup page to create the user.
After a user has registered on Acceptto they will be redirected to the “Select your authenticator” page. This is where the user chooses how they want to authenticate. They can choose between SMS, Phone Call, Email or Offline TOTP (This option requires the Acceptto It’sMe mobile application and must be configured beforehand). After selecting one of these options you will receive a PIN to authenticate. Upon successfully entering this PIN you will be logged in.