Quick summary: Unsure about setting up WordPress Two Factor Authentication? It’s time to learn how setting two-factor authentication can be made easily with different available plugins. Why you must use two-factor authentication Everything that provides more security to your site is a must have. I’m sure you know that the Internet is a dangerous place. Two-factor authentication […]
Unsure about setting up WordPress Two Factor Authentication? It’s time to learn how setting two-factor authentication can be made easily with different available plugins.
Why you must use two-factor authentication
Everything that provides more security to your site is a must have. I’m sure you know that the Internet is a dangerous place.
Two-factor authentication is a strategy to enhance security, requiring users two things:
One you know, a username and password combination;
One you have, a numeric or alphanumeric code, delivered via app or SMS, or a token.
Someone with your login data – username and password -, can’t access the website console without the code, refreshed in some seconds within the app ou that will arrive shortly inside a message.
In the WordPress ecosystem, brute-force attacks are one of the most popular known methods of hacking. The bad guys try to find out your username and password. Bots usually do the dirty job, trying to guess the access credentials. If they are successful, you’re in serious trouble.
Two-factor authentication works as another way to improve security by applying an extra layer.
It’s not the end of your worries. The site can be hacked by another sort of attack vector but, at least, you reduced the chances of intrusion.
How is the code delivered to you?
There are many ways to receive the code, depending on the app or system you use:
Email Services: The code is sent to your email;
SMS: Sent to your mobile phone;
App: Generates a new code automatically in very short intervals;
USB Tokens: You have to insert a token into your USB port (plus a token password).
There are systems more beautiful than others but, in this case, it is not the beauty that counts but rather the ease of use and the user experience.
Two-Factor Authentication for WordPress for more protection
If you haven´t already removed the plugin, get it done after finishing read this. The team made a useful little guide in four steps. It’s time to say goodbye. And a warm welcome to your new safety companion.
Let’s look at some of the top authentication plugins available for WordPress.
The Google Authenticator plugin is one of the most popular. Gives you two-factor authentication using the Google Authenticator. The app is available for iPhone (and iPad), Android, and Blackberry.
Install and activate the plugin. Set a secret key or use a QR code. Download the free Google Authenticator app and enter the secret key or QR code. From now on, any time you try to login to your site, you’ll need to open the app and enter the authenticator code.
The easiest of them all to start and the most attractive for the password haters.
The same procedure: download, install and activate the plugin. Go to your login page, insert username and password and wait for the email Rublon sends you. Click on the link, and you are ready to go. Your next login from the same device will need only your password.
From this point, you’ll want to use the mobile app (available for Android, iOS and Windows Phone). You’ll have to scan a QR code.
Rublon is free for personal use on one website. To add more accounts, you will have to opt for paid plans. There are no prices on the website but we learned that is 2 dollars per user and month. They prefer to get contacted because then they know who is interested in the service.
Now it’s on you. Choose your solution and get your hands dirty. In the end you’ll have a more secure website.