Do you have a WordPress website? If you do, then you understand that it’s not just an ordinary website. It is your own unique space on the Internet. As such, you want to ensure that it’s safe from unauthorized third-party access. In fact, we wrote an article in the past about steps you can follow to secure your WordPress website so you don’t fall victim to various cybercrimes which continue to persist to this day.
One of the steps we mentioned is implementing Two-Factor Authentication to add an extra layer of security. Aside from having a hard-to-crack password (your first line of security), we recommend you enable 2FA (or Two-Factor Authentication).
This is to lessen the chances of any security breaches to your online account. While we primarily focus on websites in this article, you can actually use 2FA on all your online accounts like Facebook, Twitter, PayPal, Gmail, bank accounts, and many more.
Two-Factor Authentication is a security process that requires a two-step verification before a user can log into their account. The reason why it’s two-step process is that:
1.) you need to provide something that you know (e.g username and password)
2.) you need to possess something with you (e.g. smartphone or fob key)
If you enabled 2FA for your website account, then you need to do a second step verification by entering a time-sensitive security token generated from your mobile device associated with your website account.
The good thing about 2FA is that you’re not only limited to generating these security tokens from a mobile device. Two-factor authentication can be done in different ways. There are instances when you need to enter a PIN (Personal Identification Number) in addition to a username and password. Others may require you to complete a distinct visual pattern before granting access to your account.
Some high-end companies like banks offer their clients with a key fob as an added security when logging in to their online account. A key fob is a small hardware device that displays random series of numbers that you need to enter into a blank field to authenticate your identity. As the name suggests, you can easily attach your key fob to a keychain. The series of numbers periodically change every 30-60 seconds. As for WordPress, here are some options you can choose when setting up two-factor authentication.
You can install a plugin to enable 2FA on your WordPress website. Just search for a 2FA plugin here:
As you will see, there’s a lot of 2FA plugins to choose from. The popular ones are those found on top with the best star ratings and the most number of positive reviews.
If this is your first time downloading any plugin, please take a few minutes to read this article: WordPress Plugins Guide for New Users. Here you’ll find helpful tips for downloading and installing plugins. These are just a few of the two-factor authentication plugins we recommend you use for your site:
Once you have successfully downloaded and installed your plugin, just follow the steps indicated specifically to that plugin to enable 2FA for your WordPress website.
One of the methods to set up 2FA for your website is a mobile app, Google Authenticator. Many people may have already installed this on their smartphones to enable 2FA for their other accounts like Google and Outlook. If you already have this on any of your mobile devices, we suggest using this also for your WordPress website for the obvious convenience.
Here are the steps to set up with Google Authenticator app via WordPress.com:
Your WordPress website is now set up for two-factor authentication. You can try to check if your backup codes are working by typing in the backup code on the blank field here: https://wordpress.com/me/security/two-step.
To set up SMS Codes via WordPress.com:
If you prefer to access Google Authenticator from your computer desktop on a Chrome browser, you can do by installing any one of these Chrome extensions:
Click on the “Add to Chrome” blue button on the upper right-hand corner. Make sure to follow the steps for that specific extension when implementing 2FA for your website.
With the growing numbers of websites affected by security breaches each year, we find it extremely important for all website owners to be proactive when it comes to maintaining the security of their sites.
Adding two-factor authentication does not guarantee that you won’t be hacked at all, it just makes it a little more difficult for hackers to gain access to your WordPress website. Now that we’ve shared the different ways you can implement 2FA for your website, which one would you use? We’d definitely love to hear your thoughts in the comments below.
Other Stuff