Inspiration

What we experienced on daily basis with Wordpress.

Do you know the kind of Heart Attack someone experienced when you recieve an SMS alerts in the Midnight by your security softwares that Your Wordpress admin Login Page is being attacked, Spamboted or Brute-Forced. Someone's mind wont be at rest especially if you are not a Programmer.

Now its time for over a billion of Wordpress web hosted applications to have peace of mind and run smoothly with lesser cost and Minimal Security Resources. All thanks to TypingDNA

At last,the long awaited unbeatable security measures in the world history has just arrived for billions of Wordpress Web hosted applications and that is TypingDNA Two-Way Biometric Factor Authentications.

According to whoishostingthis, source( https://www.whoishostingthis.com/compare/wordpress/stats/)

Wordpress is the largest open sourced Content Management System in the world with over a billions of hosted web applications along with numerous confirmed additional plugins, Themes including the adorable Woo-Commerce, Digital downloads etc.

Wordpress being open sourced suffers a lots of security issues ranging from Phishing Attacks, Session Fixation Attacks, Session Hijacking, Cross Site Scripting, Spambots Attacks, Password Brute Force Attacks etc. With my experience as a Wordpress Security Professional, all this attacks is geared towards breaking into Wordpress Admin Panels which controls the entire applications.

Because the Users/Admin panel can easily be spotted by calling up something http://yoursite.com/wordpress/wp-admin/

An attacker can just go straight to that page and start his Spamboot Attacks, Password brute force attacks,DOS, Malware etc with all efforts of getting into the Admin Page.

In case of Brute Force Attack on Login Page and Spambots Menance,

1.) The trial security approach commonly used was to implement login attempts limits.

This means a WordPress user will have only limited chances to enter the right credentials such as 2 attempts or 3 attempts. After this, they will need to use the ‘forgot password’ option. This option has a serious limitations because an attacker can still brute force the Wordpress Admin/Users login credentials and there by creating online unrest for Wordpress Admin/Users. Too many of this brute force attempt can result in a DOS attack which will drain someone application Bandwidth.

2.) SMS Two Factor Authentication and Its Problem:
There are alot of security reports and questions by some Wordpress Admin's/Users and other Professionals on whether if SMS 2-Way Factor Authentications will really protect the Site Login.

In reality, SMS factor Authentication is very troublesome most atimes and my observations suggests that SMS Two-way Authentications has serious disadvantages listed below.

A.) Most at times, The SMS Authentication Code send by the Authenticating Website can be put on queue by the SMS Provider, this causes a delay on the SMS code arrival on the end users Mobile Devices. No one will like to have his precious time been wasted on your site just like that. consequently, a single mistake/failure in the Sms Code factor authentication might lock the user out of the system.

B.) Some site still runs under http as opposed to https and thus the SMS authentication code can still be spoofed by the Man in the Middle attack.

C.)In case of Emails, If you access your email be it hotmails, yahoo etc. may be from a Cafe or any from any public internet shops and mistakenly forgets to logout, someone can just move into your account and immediately change your 2 factor SMS Mobile Numbers and your Email account will automatically become his. It happens to one of my friend and we are unable to find an immediate solution from the Support options because anytime we try to run forget password,an SMS verification code will be sent which will be ultimately be sent to Intruders updated Mobile no to his Mobile phone.

D.) Another issue with 2 way SMS Factor authentication is that it depends on authenticating code delivery to mobile devices only. if your Mobile Device is stolen or damaged by Water, you are finished.. with Stolen or Damaged Phone, You won't be able to get the SMS Code on your Mobile Phone as a second authentication factor. consequently Relying on other Biometrics Authentications options is very costly and to a very big extent not effective. Eg. Biometrics Factors like Iris, Voice, Eyes and fingerprint Scanning can also be lost due to accidents.

SMS Authentications just limit one to just Mobile devices. It simply means that if your phone is not charged, you are in trouble. Without Phone no authentications, no access for wordpress users.

While account recovery is possible, it’s likely to be time-consuming and to some extent somewhat difficult.

( But with TypingDNA, you can use both Phones, Laptops, Palm tops, Computers etc.) With Typing DNA, There is no limit to devices needed

E.) SMS Authentications increases monotony in the Work Task for Support Departments: On daily basis many customers often complain that either they could not get their SMS authenticating Code on their mobile devices on time or that they are out of the SMS Coverage and thus cannot login to access their data when needed. This in turn causes too many help request flooding various Supports departments.

Evolution of TypingDNA as a game Changer for Wordpress Security:

TypingDNA as a game changer. Here is my Observations why TypingDNA is the best.

1) Intrusion Detection and Prevention: All DNA typing patterns are highly secured and encrypted as data moves over http or https. Website site that uses http has nothing to fear from any hacker eavesdropping their Login Data while on data is on transit thus Man in the Middle Attack is rendered obsolete by encrypted typing pattern powered by TypingDNA.

2.) Multiple Device Access: SMS Authentication limits Users only to Mobile Devices but with TypingDNA, One can use any digital devices ranging from both Phones, Laptops, Palm tops, Computers, Desktops etc. This simply means that if you implement your typing pattern with Phone, Desktops etc. then you have double chance of authentications and access. If someone phone is stolen or damaged, no problem as TypingDNA can allow you access via Desktops, Palm-tops,Laptops etc.

3.) SMS Coverage Setup Mitigations: With TypingDNA, no need to setup any costly SMS Gateways. No need to worry about SMS Coverage issues, Once you have an Internet Connection and you are with your any digital device, then you are good to go.

4.) Drastic Reduction in Monotonous Work Flooding Sites Supports Departments: Many Problems we are having with Wordpress and other Web Applications is about numerous users complaining about their Wordpress account being attacked, spamboted or Brute Forced. This causes alot of help request flooding the site Admin. With TypingDNA, Users account is highly secured because what the user typed is not noted but what is recorded is how the word is being typed and since everyone has a unique typing pattern, this will render scanvenging Spambots, Hackers or any Brute Force Attack 100% obsoletes and various Site Supports Departments can never be flooded or overwhelmed with request complaints arising from attacks on their various Client/Users accounts.

5.)Easy integration into any Website/applications likes Banking System, Voting Systems, School Attendance System, Online Examination System, E-commerce etc. to help prevents Attacks, Frauds and Unauthorized access to real Users Accounts.

6.)Spambot Killer: TypingDNA renders every spambot ineffective. Spambots works by either dynamically filling the Form inputs or by making directly request over http/https. TypingDNA carries out this security roles by ensuring that the User must type the enrollment data (typing pattern) with his hands for data to be processed. This makes it extremely difficult for Spambots to succeed. Consequently, this protection gives all the site Admin the full assurance that data sent to their ends is submitted by Humans and not by automated Bots.

What it does

Its a Two-Way Factor Authentications designed to give Wordpress Applications, Wordpress Admin/Users unbeatable Security Protections against Hackers, Spambots and all other form of Web attacks on various Wordpress Sites, Plugins and Themes.

How I built TypingDNA for Wordpress.

Wordpress should be no 1 targets for TypoingDNA Implementations not because over a billions of Hosted applications running on it but to also help keep Wordpress Applications Safe and reduce the hacking threats experienced by the Admin/Users.

To build any Wordpress Plugin, one needs to know all the Wordpress Hooks needed and where and how to implement them. Below is listed some of the Wordpress Hooks and functions used to Power 2-Way Factor TypingDNA Biometics Authentications for Wordpress.

1.) register_activation_hook(): Used to initialized Wordpress Plugin Activation and Deactivations. With Mysql data are passed within the functions, the tables are automatically created as Plugin is being installed.

2.) add_action(admin_menu): For creating Clickable TypingDNA menu links Pages withing The Wordpress Plugin Side Bars.

3.) add_action(admin_footer) and add_action( 'wp_ajax_my_action) : For Initializing Wordpress applications to use Jquery/Ajax for purpose of building a plugin that makes Ajax/Jquery calls.

4.) add_action(admin_head): Hooks for performing login validation to ensure that users are Verified by TypingDNA Before taking to the venerable Wordpress Admin/Users Page

5.) add_action(wp_login): used to hook TypingDNA Verification System.

6.)add_filter(login_message): used to Customize Wordpress Login Page to reflect TypingDNA Purposes

7.) add_action(wp_logout): Hooked to ensure that TypingDNA Verified Login session are destroyed as Users/Admin logout.

8.) And Many More....

How to use this application:

1.) Go to https://wordpress.org/download/ and download the latest version of Wordpress and Install it., but before then you can use/install XAMPP Server and ensure that PHP and Mysql is installed and Working fine. As of writing,am using the latest Wordpress version which 5.5.1 and it can also works in all versions of Wordpress.

2.) Once Wordpress is installed and running, copy the application folder (typingdnaplugin) from github to Wordpress Plugins folder something like C:\xampp\htdocs\wordpress_test\wp-content\plugins. Copy and paste it there.

3.) Go to your wordpress login Page and Login, if successful, it will take you to the admin Page to make some configurations.

Click on Plugin Links at Admin left side menu down. select plugin named TypingDNA Plugin and click on activate to install the plugin as can be showed in the screenshot below.

Alt text

4.)Click on TypingDNA Plugin link at the left side page down as can be seen in the screenshot below.

Alt text

You will see three options A.) View DNA Registered Users

B.) Add New New DNA Users

C.) DNA API Settings.

First, go to DNA API Settings to setup typing DNA API Keys and Secrets.

Alt text

Secondly, Goto to Add New New DNA Users to register New User for TypingDNA Enrolments. The Application ensures that you enrolled at least twice as requested by TypingDNA Engineers.
You will need to enter your Wordpress Email Address and UserID. You can use your Wordpress Username as UserId

Alt text

Thirdly, View DNA Registered Users shows list of Typingdna Enrolled Users along with their Enrollment Counts. You can also Check Registered Users availability with typingDNA API. You can also delete the user leveraging TypingDNA API.

Alt text

Alt text

3.)Once done, You can logout and try to login Again with your Wordpress Credentials and see how your Admin/Users Page will be protected by TypingDNA.

Alt text

Once successfully login into Wordpress, you will be presented with a TypingDNA 2-Way Factor verification Form requesting you to type your Enrolled Email Address and UserId. but before then, If you try to Access the Wordpress Admin Page Eg:(http://yoursite.com/wordpress/wp-admin/), It will denied you access telling you that you have not been verified by TypingDNA as can be showed in the screenshot below

Alt text

The screenshot below shows TypingDNA Verification Form.

Alt text

If Users Inputted data is successfully verified by TypingDNA API Call, then Wordpress Admin/Users will finally be granted access otherwise they will be denied access.

Challenges I ran into

Building a TypyingDna Two-Way Factor Authentications for Wordpress Plugin and integrating the appropriate Wordpress hook is not an easy task but am glad it works.

What I learned

TypingDNA 2-Way Factor Authentications has numerous applications . Outside using it to secure network via Two way authentications, it can also be used in Voting System, Banking Apps, Health Systems, E-commerce Site and many more to help prevent Intrusions and Fraudulent activities within any application system.

What's next for TD For Wordpress

Built With

Share this project:

Updates