In the event that someone attempts to log in from a different IP address, this function will send a verification code to the account email address. This will give another layer of security to each member’s profile.
To enable this feature:
- Go to Settings and then select Global Settings.
- In the Global Settings dashboard, scroll down further and select the Security.
Simply enable the Log in IP detection option. - Then, click on the SAVE CHANGES.
How this works:
When a person initially logs in, his IP address is associated with his account.
If he or someone else returns later and tries to login, but the system detects that the IP address is different from the initial one, the user does not login but instead sees an input box asking him to enter the verification code that was emailed to him.
The site generates a code, which is recorded on the account profile and is only valid for 30 minutes. That code has an expiration date that has been calculated and recorded in the database.
The created code is shown in the email, and the user must enter it on the login page to proceed and login.
The new IP address is subsequently recorded and overwrites the old one.
If the user enters the incorrect code, the page displays an error message in red: “Invalid code.”
If the user enters code after 30 minutes, the time currently is older than the database’s code deadline, the error message “Verification code has expired” is presented.
If the user or someone else returns later and attempts to login using a different IP address, the process is repeated.
If the user returns and signs in with the same IP address, he will be able to login.