Integrate two-factor authentication for WordPress websites.
In previous posts, I have shown you how to change the WordPress login link and limit the number of failed login attempts to prevent brute force attack, right? However, what if the hacker guesses both your login link and password? The final block that can help you prevent them from accessing the WordPress Admin is 2-step security, also known as two factor authentication.
Table of Contents
What is 2-Step Security?
In simple terms, two-factor authentication or two-factor authentication is a security method in which two layers of authentication are used before allowing someone to log in. Enter your account:
- Layer 1: is the username and password that you set when registering your account.
- Layer 2: a random and often timed piece of code, obtained from an app (Google Authenticator, Microsoft Authenticator, Authy…), email or SMS.
Because of the random nature and constant change, this code is very difficult to guess. Thanks to that, your account will also be much more secure. Even if the username and password are exposed, others cannot log in.
Integrated 2-step security for WordPress website
In WordPress, you can do everything easily with the help of plugins.
Using the Defender Security plugin
This is a plugin that we often pre-install on the websites of our customers who are using the WordPress Hosting service provided by WP Basic.
1. If you are also using this plugin, go to Defender => 2FA => click on the button Activate to enable 2-step security.
2. After activation, you will see an interface similar to the image below:
- User Roles: select the user roles for which you want to enable two factor authentication.
- Lost Phone: enable this feature so that you can receive a login code via email in case your phone is lost (can’t get the code from the app).
- Force Authentication: force other users to use two factor authentication.
- App Title: name the code in the application (to distinguish it from other codes).
- Emails: customize the email content to receive the code. You can leave the default.
- App Download: select the application that you want to use to generate the login code. For example here I choose Google Authenticator.
- Active Users: see a list of users who have enabled two factor authentication.
- Deactivate: disable two factor authentication.
Once the setup is done, click the . button Save Changess to save.
3. Access to Users => Profile => scroll down and find the item Two Factor Authentication then click the button Enable.
4. Use the Google Authenticator application to scan the QR code displayed on the screen => get the code generated from the application and fill in the box Enter passcode => click button Verify To confirm.
4. If the confirmation is successful, you will receive a message as shown below:
5. Log out of your account and log back in. You’ll see a request for a 2-step security code that looks like this:
Get the code generated from the Google Authenticator app to log in. It’s simple, right? Good luck!
Some other plugins
In addition, you can also refer to some of the following plugins with completely similar features:
- Two Factor Authentication (download).
- 2FAS Prime – Two Factor Authentication (download).
- WP 2FA – Two-factor authentication for WordPress (download).
- miniOrange’s Google Authenticator (download).
Are you using 2-step security for your WordPress website? What method did you use to do that? Feel free to share it with us via the comment box below.
If you liked this article, follow my blog to regularly update the best and latest articles. Thanks very much. 🙂