Two Factor Authentication for WordPress

Bulletproof Backups for Your WordPress Website

Fortify your business continuity with foolproof WordPress backups. No data loss, no downtime — just secure, seamless operation.

Passwords have been our primary means of protection in the WordPress world for a really long time. However, with use of passwords becoming commonplace, more and more attacks on them have been successful. Making matters worse are users who think of obvious and easy-to-guess passwords or reuse the same password for multiple accounts. A practical way to strengthen authentication is to use a second factor of identification after the username/password stage. This technique is known as Two Factor Authentication. Apart from your password, two factor authentication requires you to have another type of credential before you gain access to your account.

Traditional two factor authentication solutions used hardware tokens that generated one-time passwords for the second stage authentication. However, these hardware tokens were highly inconvenient to use. It took time to distribute these tokens to the right people and track them continuously. They didn’t come cheap and were often lost or misplaced. Needless to say, there were high levels of frustration among users when it came to token based systems. Security agencies were quick to realize that using an existing device to achieve two factor authentication will be far more effective. So they decided to use mobile phones to communicate the one-time passwords. This reduced deployment and training costs, and improved the end-user experience in a big way.

There are many WordPress plugins that help you enable two factor authentication for WordPress without any fuss. Here are some of the popular ones.

Google Authenticator

Google is one of the earliest players to deploy two-factor authentication on a large scale. Quite naturally, the Google Authenticator plugin is the first choice to come up when you think of two-factor authentication. The plugin provides you two-factor authentication using the Google Authenticator app installed on your smartphone. If you are security aware, you may already have this app installed for two-factor authentication on Gmail/Dropbox/Amazon etc. With this plugin, two-factor authentication can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.

Google Authenticator - Two Factor Authentication for WordPress

Duo Two-Factor Authentication

The plugin is easy to setup and use, and provides the simplest form of two factor authentication. Once you install the plugin and signup for their service, you are all set. You also have the option to choose the user roles for which you want to enable two factor authentication – admin, author, editor, etc. You can download this free plugin from the WordPress plugin repository.

Duo - Two Factor Authentication for WordPress

Clef Two-Factor Authentication

The plugin provides an easy-to-use and strong two-factor authentication using your smartphone. However, it is significantly different from other plugins in that it replaces passwords and one-time codes with something called a clef wave. The plugin stores your encrypted private key on your phone rather than in a central database. So even if the Clef servers are breached, your login credentials remain secure on your phone. Every Clef login requires two identification factors- your phone and a fingerprint or PIN. So even if your phone is lost or stolen, your login will be safe. It disables passwords for all three WordPress authentication avenues – Dashboard access, API access, and automatic password resets via email. Thus it protects your site against the full spectrum of password-based attacks.

Setting up this free plugin is quite simple. It primarily involves installing the plugin on your site, the clef app on your phone and syncing the wave on the phone with that on your screen. Once this is completed, the app will automatically register your WordPress site, and you’ll be able to login using your phone.

Rublon

The plugin adopts a slightly different approach from that of Clef in not completely eliminating passwords altogether. Instead, it adds an extra layer of security known as trusted devices. Once you install and setup the plugin, you need add your computer as a trusted device. After this, only users visiting your site from a trusted device will be able to login. If you try and login to your admin account from any other device, you will be denied access, unless you add that device to the trusted devices list. But once a device is setup, you’ll never have to worry about it again.

Rublon - Two Factor Authentication for WordPress

Two-factor authentication is undoubtedly the wave of the future, and has already been implemented by some of the biggest companies around. With everyone accompanied by a smartphone these days, it is obviously the easiest way to secure your WordPress site.

Tags:

You may also like


How to Limit Form Submissions with Droip in WordPress
How to Limit Form Submissions with Droip in WordPress

Forms are an indispensable part of any website because of their versatility, letting you collect information for various purposes! However, people with ill intentions often attempt to exploit these forms…

Manage Multiple WordPress Sites
How To Manage Multiple WordPress sites

Management tools help agencies become well-oiled machines. Each task is completed with the least amount of effort and highest rate of  accuracy.  For people managing multiple WordPress sites, the daily…

PHP 8.3 Support Added to Staging Feature
PHP 8.3 Support Added to Staging Feature

We’ve introduced PHP version 8.3 to our staging sites. Test out new features, code changes, and updates on the latest PHP version without affecting your live website. Update PHP confidently…

How do you update and backup your website?

Creating Backup and Updating website can be time consuming and error-prone. BlogVault will save you hours everyday while providing you complete peace of mind.

Updating Everything Manually?

But it’s too time consuming, complicated and stops you from achieving your full potential. You don’t want to put your business at risk with inefficient management.

Backup Your WordPress Site

Install the plugin on your website, let it sync and you’re done. Get automated, scheduled backups for your critical site data, and make sure your website never experiences downtime again.