Logo Logo

Setting Up Two-Factor Authentication in WordPress

July 10, 2016

Even the most sophisticated websites are being hacked by ne’er-say-doers. Hackers are always coming up with savvy ways to tap into the back-end of websites and steal sensitive information about the site or de-face the website with spam, and now even install spam links that can end up on Google Search – causing your website to be flagged.

Security needs to be top priority for websites and their owners. WordPress in particular is a popular target for nefarious individuals and bots, which is why anyone developing a site using this platform needs to make sure that they’ve taken security precautions.

Regardless of what many people may think, a website’s popularity and size does not always matter to hackers. Suspicious bots look for any WordPress website. Among the more common methods that bots use, brute-force login attacks are very common. In this scenario, bots are constantly chipping away at websites, until they gain access, change passwords, create their own accounts and attempt to spread spam, malware, and so on via any method possible (using php mail, using your wordpress database, or even through your blog).

So how does a web developer prevent these issues?
Simple: two-factor authentication.

What is Two-Factor Authentication?

Essentially, this involves a process whereby a second step is necessary in order to log in to a website. You’ve likely encountered these situations yourself when trying to log in to a particular website, especially banking websites, Google, and Facebook.

But such a step isn’t just used with big websites anymore; these days, two-step authentication is popular even for small sites, and rightfully so. The good news is, it’s very easily implemented.

Some websites require users to choose an image and use it later on to verify that you are logging onto a legitimate site. Other sites use text messages that are sent to a user’s smartphone or tablet, while others automatically generate codes – almost every 4 seconds – through the Google Authenticator to confirm the identity of the person.

Despite the fact that this second step can be quite annoying to users, it protects users’ websites and information – and sometimes even reputation. As far as WordPress is concerned, keeping bots and other mischievous individuals from getting access to administrator accounts is incredibly important.

How to Add Two-Factor Authentication to WordPress

ADDING this additional layer of protection is easy for WordPress platforms. There are some popular plugins that are able to handle two-factor authentication. It should be noted that each of these plugins differs from one another, so it’s important to understand how they each work before you decide to use a particular one.

Here are a few examples of plugins that offer two-factor authentication:

Google Authenticator

Google Authenticator uses the same app that the search engine giant uses with all of its other services. All you need to do is install the plugin on your website, install the app on your smartphone or tablet, and the app will generate a temporary code to verify the user. This plugin adds a separate field on your WordPress login screen.

WordFence

WordFence is a popular security suite that provides developers with a firewall and consistently scans your website for spam and malware. The premium version, two-factor authentication lets you manually add users who you want to be able to use the feature. It then sends a text message out to the user every time they want to login. This code is added on to the end of the user’s password.

Clef

Clef is also quite popular, and takes a somewhat different approach to two-factor authentication. For starters, no password is necessary. All you need to do is install Clef on your site, then install the companion app on your smartphone. When you log in to your website, a “Clef Wave” will appear on your screen that will need to be scanned using the mobile app. The other authenticating factor can be either a pin code or a fingerprint scan.

Taking this extra step to protecting your website is well worth it in the end. The good news is, with the variety of WordPress plugins available, installing such a component to your site is simple.

Leave a Reply

Your email address will not be published. Required fields are marked *