In May 2025, Duo, a cybersecurity solution provider, announced that its WordPress plugin will fully support Duo Universal Prompt to improve the security and convenience of user login. The plugin is now open source, and the code is hosted on GitHub, and users can freely obtain and use it.
Duo officially stated that the traditional Duo Prompt and the old prompt embedded in WordPress via iframe will stop supporting on September 30, 2024. Users need to upgrade to the new version of the plugin as soon as possible to experience the redirection-based Universal Prompt. The new version of the plugin not only simplifies the authentication process, but also provides a more intuitive interface and stronger security.
To enable the new version of Universal Prompt, users need to register a Duo account, create a WordPress application in the admin panel, and obtain the corresponding client ID, key, and API host name. Duo reminds users to keep the key properly to avoid leakage.
The upgrade process includes installing plugin updates, completing the first Duo two-factor authentication, and activating the Universal Prompt function in the admin panel. For applications created before March 2024, Duo recommends referring to the official upgrade guide to ensure a smooth transition.
To install the plugin, you can search for “Duo Security” directly in the WordPress backend plugin directory, or manually upload the compressed package for installation. During configuration, users need to fill in the authentication information generated in the admin panel, and can select the applicable WordPress user role to enable two-factor authentication according to their needs.
After completing the configuration, users will be directed to Duo to complete two-factor authentication when logging into WordPress to ensure account security. Duo also recommends turning off the XML-RPC function to further enhance security, but this will affect the use of some mobile applications and offline clients.
To ensure system security, Duo also specifically reminds that unauthorized users will not be able to access new applications, and administrators need to assign access rights to users in the admin panel. In addition, the plugin update reminder function has been integrated into the WordPress backend, and administrators can easily upgrade versions.
For users who still use the old version of the Duo WordPress plugin, the official pointed out that the two cannot be upgraded directly. The old plugin must be disabled first, and then the new version of the Duo Universal plugin must be installed to complete the migration.
Duo provides an exhaustive knowledge base and community support to help users solve problems encountered during upgrades and use. In the future, as traditional prompt support is discontinued, Universal Prompt will become the standard experience for two-factor authentication in WordPress environments.
Related Topics
- Motors WordPress Theme Has Critical Admin Takeover Vulnerability
- Beginner’s Guide: How Do You Set Up a WordPress Staging Site?
- Webflow VS. WordPress: What IS The Difference?
