One way to help protect account access is to use an additional authentication method other than a password. This is known as Multi-Factor Authentication (MFA), also commonly called Two-Factor Authentication (2FA). The additional method (also called a “factor”) recommended for WordPress is the use of a software “token.”.
- There are a lot of different places to increase the security of a site, but the WordPress Security Team has said that “The weakest link in the security of anything you do online is your password,” so it makes sense to put energy into strengthening that aspect of your site. Top ↑ Drawbacks # Drawbacks.
- Two-factor authentication (2FA) is a one of the best ways to secure account access – for any platform, WordPress included. 1 extra piece of information alongside your account password goes a long way. It reduces vulnerability to a category of issues that surround account integrity.
- 2 days ago Increasing Productivity While Using WordPress. Two-factor authentication goes by the more popular term 2FA and provides a level of redundant security that mimics redundancy used in military aircraft. A redundant system is a safety net that can perform the same task as a primary system. 2FA goes a long way toward ensuring your network.
- The first plugin which is called Two Factor provides multiple ways to set up 2-step verification in WordPress. The second plugin, which is called Two Factor SMS is an addon for the first plugin. It adds support for 2-Step SMS verification. You will need both these plugins installed and activated.
It is no secret that WordPress is one of the favorite targets of cybercriminals. Since more than 30% of the Internet runs on WordPress, there is always a chance that your WordPress website could be on the radar of a cybercriminal.
Two Factor Authentication (2FA) is a popular method used to confirm the identity of the user accessing the website. When active, the user is verified twice using two separate methods. This way even if a hacker guesses your username and password, they cannot log into your account because they would fail the next check required to complete the 2FA authentication.
How to Integrate Two Factor Authentication in WordPress?
In keeping with the WordPress’s reputation of convenience, 2FA could be integrated in several ways. In this article, I will demonstrate the following methods:
- 2-Step SMS Verification through a plugin.
- Google Authenticator for 2FA.
- Two Factor Authentication using Email.
SMS Verification Through Plugin
In this WordPress two factor authentication setup, once a user enters the credentials, an SMS is sent to a registered phone number. The SMS contains a verification code which the user must enter on the login screen (or the next screen) to complete the login process.
To demonstrate this method, I will use FraudLabs Pro SMS Verification WordPress plugin.
Open your WordPress dashboard and install this plugin. Go to Settings and click FraudLab Pro SMS Verification. The following window will open up:
In order to get the API key, you need to create an account on FraudLabsPro website. The API key will be sent to the registered email address. Enter the API key in the plugin’s settings page.
Scroll down and select the form(s) where you would like to verify the user through SMS verification.
Currently, I only require the verification of the WP login form. Click Save Changes to save all settings.
To see SMS verification in action, I will log out and try to log in back.
As you can see, the login screen asks not only the credentials but also the fields for a phone number where a one-time password (OTP) could be sent to complete the verification process.
I can only log in if I enter the code sent via SMS even though my username and password are correct.
Wordpress Google Authenticator
WordPress 2 Factor Authentication Through Google Authenticator
Another method of setting up 2FA is through the Two Factor plugin.
Go to Plugins and install and activate the above-mentioned plugin. Now navigate to Users and click on Your Profile. Two Factor options are available at the bottom of the screen. Choose the second option and click the View options link.
Install the Google Authenticator app on your phone and scan the QR code to get the six digits code. Next, enter the code in the plugin’s settings page and click the Update profile button to complete the process.
Wordpress Multi Factor Authentication
Now log out from the WordPress dashboard to see the WordPress 2 factor authentication in action:
I cannot log in unless I provide the Google Authentication code.
2FA Through Email
This method is similar to SMS verification method. However, instead of an SMS, users receive a verification code in the email. The good news is that you could use the same Two Factor plugin we used previously.
Go to Users from the WordPress dashboard and click Your profile. Scroll all the way to the bottom and choose the Email option.
Now click the Update Profile to save the changes.
A verification code will be sent to the registered email address every time you try to log into the WordPress dashboard.
Wordpress 2fa Login
Final Words
Two Factor Authentication is a highly recommended best practice for WordPress security. Since WordPress 2 factor authentication could be easily setup through plugins, there is no reason why you should not have it set up on your website. If you need help in setting up these plugins, do leave a comment below.