Two Factor Authentication with WordPress

If you have a very strong password for your WordPress site, the chance of someone breaking into your account via brute-forcing or dictionary attacks is not likely. However, it would still be possible for someone to access your account if they managed to get hold of your login credentials through phishing, keyloggers, a MITM attack or any other way (such as giving out your login details to the wrong person).

Two Factor Authentication will allow you to enable a new layer of amazing security. Even if someone knows your password, they still won’t be able to access your account without the second level of authentification. You may have seen this type of protection available on websites such as PayPal and Online Banking.

Sounds great! How do I implement Two Factor Authentication on my WordPress site?

There are several options to choose from when setting up Two Factor Authentication on a WordPress website. Here are some of the most popular:

Google Authenticator

You can implement two factor authentication with Google Authenticator. This requires you to have your phone available in order to login to your WordPress account. Simply open the Google Authenticator mobile app, get your unique Google Authenticator code and enter into the field provided when logging in. This code will reset automatically every 30 seconds.

Plugin
Google Authenticator
https://wordpress.org/plugins/google-authenticator
4.5 out of 5 stars
Active Installs: 20,000+
Price: Free

Install
– Make sure your webhost is capable of providing accurate time information for PHP/WordPress, ie. make sure a NTP daemon is running on the server.
– Install and activate the plugin.
– Enter a description on the Users -> Profile and Personal options page, in the Google Authenticator section.
– Scan the generated QR code with your phone, or enter the secret manually, remember to pick the time based one.
– You may also want to write down the secret on a piece of paper and store it in a safe place.
– Remember to hit the Update profile button at the bottom of the page before leaving the Personal options page.
– That’s it, your WordPress blog is now more secure.

Duo Two-Factor Authentication

Similar to Google Authenticator, you can use the Duo Security two-factor authentication plugin for a second layer of security.

When they log in, your users have multiple ways they can authenticate, including:
– One-tap authentication using Duo’s mobile app (our fastest, easiest way to authenticate)
– One-time passcodes generated by Duo’s mobile app (works even with no cell coverage)
– One-time passcodes delivered to any SMS-enabled phone (works even with no cell coverage)
– Phone callback to any phone (mobile or landline!)
– One-time passcodes generated by an OATH-compliant hardware token (if you’re feeling all old school)

Plugin
Duo Two-Factor Authentication
https://wordpress.org/plugins/duo-wordpress
4.5 out of 5 stars
Active Installs: 20,000+
Price: Free (10 users) – Upgrades Available

Install
See instructions at https://duo.com/docs/wordpress

Other Options

Clef Two-Factor Authentication
https://wordpress.org/plugins/wpclef
4.7 out of 5 stars
Active Installs: 800,000+
Price: Free

Rublon Two-Factor Authentication
https://wordpress.org/plugins/rublon
4.3 out of 5 stars
Active Installs: 2,000+
Price: Free (1 account per website)

Authy Two Factor Authentication
https://wordpress.org/plugins/authy-two-factor-authentication
4.5 out of 5 stars
Active Installs: 1,000+
Price: Free (Less than 100 Auths/Month) – Upgrades Available

As well as Two Factor Authentication, make sure you also use a strong password!

Need help setting up Two Factor Authentication with your WordPress website, looking for a WordPress Developer, or have any questions? Get in touch.

Share this post: