Security for your WordPress website is needed. Very similar to how security is needed for a bank vault. But of course, if you don’t publish anything on your website and you don’t take your website seriously, you can forgo the security measures.
In most cases, if you have a WordPress website, that means you have paid for it. And not taking care of something which you have paid is really not a wise decision.
In short, security is important.
One way to improve the security of your WordPress website is by enabling two-factor authentication.
What is two-factor authentication
Two-factor authentication is an extra layer of security added to the standard username and password security. This extra layer of security is like a quick Q&A session.
Which is why it’s called two-factor authentication. The first factor involves authentication using username and password, and the second factor involves authentication using a one-time code or secret answers to secret questions.
It’s quite a popular security method on the web. Even sites like Google and Twitter makes use of it because it strengthens security.
How it strengthens security
Have you heard of brute force attacks? Brute force attacks is a trial and error method used by cybercriminals to decode encrypted data such as passwords. It’s like breaking into a safe box by trying many different digit combinations.
By adding the two-factor authentication layer, it further secures the account. Only users who manage to bypass both the username and password section and the Q&A session like security will be able to access the account.
How to add two-factor authentication for WordPress
To add two-factor authentication for WordPress, you will need a two-factor authentication plugin. I recommend using the Two Factor Authentication plugin developed by David Nutbourne and David Anderson.
It’s free. It’s reliable.
Here I will show you how to use the plugin.
As how the journey of using any WordPress plugins begins, you gotta install and activate in WordPress.
After the plugin is activated, head over to the plugin’s configuration page to begin configuration.
Once you are in the plugin configuration page, you will need to enable the current code and save the changes.
Those changing codes which you are seeing before your very eyes right now are the live feed of the one-time codes being generated.
What you will need to do now is make use of the Google Authenticator app on your smartphone to sync with the live feed. By doing so, the next time you log into your WordPress website and you are asked to input the one-time code, the code on the app and the code in the plugin matches, hence, the login is authenticated.
If the code does not match, you will be locked out of your WordPress website. So, it’s quite important to get it to sync.
To sync the Google Authenticator app with the live feed, you will first need to install the app on your smartphone.
Once the app has been installed, you will need to scan the QR code on the plugin page using the app’s Scan barcode feature.
You will need to scan the QR code below:
Another way of doing it is by entering the Private key pointed out below via the app’s Manual entry section.
Both ways will sync the app and the live feed the right way. It’s up to you to choose.
Once it’s scanned you will notice that the code on the app and the plugin page are the same.
In other words, they are synced.
Next, head back over to the plugin page and select the TOTP option under the Advanced settings section.
And save the changes.
That’s it! Your WordPress website is now two-factor authentication enabled.
To test it out, log out from your WordPress website and log in like how you normally would.
After logging in, you will be required to input a One Time Password. Here’s an example on what you will see.
The one time password can be found on your Google Authenticator app. Simply input the code that is displayed on the app and you are in.
On the other hand, if you prefer security questions as a two-factor authentication for your WordPress website, see our tutorial here.