How to boost site security with Jetpack Single Sign On

by Diana Thompson Plugins, WordPress
Jetpack SSO

Jetpack is a suite of WordPress plugins created by Automattic, the makers of WordPress. Jetpack was originally created for sites hosted on WordPress.com. Jetpack is now available for use, with a WordPress.com account, on your self-hosted site. The Single Sign On module of Jetpack will enable you and other users of your site to sign in to your WordPress site with the same credentials used on WordPress.com. It also gives you the option to require two-factor authentication, making your site more secure.

The Single Sign On module of Jetpack will enable you and other users of your site to sign in to your WordPress site with the same credentials used on WordPress.com. It also gives you the option to require two-factor authentication, making your site more secure.

Users can also register on your site with their WordPress.com site and Single Sign On respects the registration settings of your site. It’s also very handy for managing multiple website.

Once enabled, a “Log in with WordPress.com” option will be added to your existing log in form. Users can still sign in with your site’s credentials as they did prior to using Jetpack. Signing in with WordPress.com becomes another option.

Once you set up Single Sign On, you can enable two-factor authentication, or two step authentication as Jetpack calls it, for increased security. This means each time you sign in, you’ll receive a verification code via text or the WordPress app to sign in with. Signing in will require both your username and password, plus this verification code, making your site much more resistant to security exploits, like brute force attacks.

Setting Up Single Sign On

To set up Single Sign On, sign in to your website with an account that has the Administrator role or have your site Administrator carry out these steps.

Check for the Jetpack Plugin

You may already have Jetpack installed on your site. If you’re unsure whether or not you have Jetpack installed, sign in to your site and look for Jetpack near the top of the left sidebar. Jetpack will show up for accounts with the default roles from Contributor to Administrator. Accounts with the Administrator role can change Jetpack settings.

If you do not have Jetpack installed, proceed to the Install Jetpack section.

If you have Jetpack installed (and you’re using an Administrator account), hover over Jetpack and click Settings. Activate Single Sign On from the list of modules and proceed to the Using Single Sign On section. Now, you’re ready for the Configure Single Sign On section.

Install Jetpack (If You Don’t Have it Already.)

  1. In the left sidebar, hover over the Plugins menu and select Add New.
  2. From the selection of plugins listed, click the Install Now button for Jetpack by WordPress.com. If you do not see Jetpack listed, use the search field above to find it.
  3. Once the plugin is installed, click the Activate Plugin link. After the Jetpack is activated, you will be redirected to the main Plugins page.
  4. Click the Connect to WordPress button in the green banner at the top. You’ll be redirected to jetpack.wordpress.com.
  5. Either sign in to your existing account and skip to number 7, or click the “Need an account?” button near the top of the page.
  6. Clicking “Need an account?” will create a new tab in your browser. Enter and make note of your email, username, and password, then click “Create My Account.”
  7. Once you have created your account switch back to your “Connect Jetpack” tab and sign in with your WordPress.com username and password. You’ll be redirected back your site and the Jetpack section.
  8. Now, you can either click Jump Start to activate some popular options, including Single Sign On, or select Settings under Jetpack in the left sidebar to pick and choose the modules you want use.

Configure Single Sign On

Once you have set up your Jetpack modules, hover over the Single Sign On module and select the Configure link. There are two simple checkbox options you may select: Require Two-Step Authentication and Match by Email.

Require Two-Step Authentication

This is where the extra security comes in! The advantage of Single Sign On’s Two Step Authentication is that it requires two factors to sign into your site: something you know (your username and password) and something you have (your phone or tablet).

  1. Sign in to your site with WordPress.com. You’ll be given a message about the two step authentication requirement and a link to your security settings.
  2. Click the Security Settings link and click Get Started.
  3. Enter your phone number and select Verify via SMS or Verify via App.
  4. On the following page, enter the verification code you receive on your phone and click Enable.
  5. Print the list of one-time-use backup codes and store in a safe location.

Once two step authentication is set up, each time you sign in to your site with WordPress.com, you’ll receive a verification code via text or app. If you’re not signed in to WordPress.com, you’ll be redirected there to sign in there first.

Match by Email

Select Match by Email and your site will automatically set up Single Sign On for your users by matching their account email on your website to the email of they’re WordPress.com account.

Using Single Sign On

Once you have Single Sign On installed, you’ll use your new WordPress.com credentials to sign in to your self-hosted WordPress site. You’ll go the same page where you always sign in. Now, instead of entering your username and password and clicking the standard Log In button, simply click the Log in with WordPress.com button.