According to recent data, WordPress now 27.1% of websites. This success is ideal for the development of WordPress. But unfortunately, WordPress success makes it also an attractive target for hackers looking to steal data and to inject spammy links.
In Sucuri recent analysis of more than 9,000 chopped Web pages, they found that 74% of the hacked sites with WordPress. I talked about how you scan your WordPress site for malware, but now I want a way to prevent that malicious actors still on your website speak:
Two-factor authentication makes it so that a user to your site login, both must enter his password AND authentication code. Because it is almost impossible for hackers, both pieces of information, this makes it very difficult for them to steal your login information. In this post, I’ll show you how to set up two-factor authentication.
Note: not all solves your security risks (the most hacked sites were running outdated software/plugins), but your login process will make it much safer.
Two factor authentication for WordPress
There are a few different types of two-factor authorization options for WordPress. But in the simplest sense, it works like this:
You go to your login page as normal. After you have entered your user name and password, you must enter a more “Authentication Code” on your account access. You can get this code in several ways.
For WordPress, the most common methods are:
- Smartphone app
- text message saved usable code
The plugin I will show unique, you can use one of the following methods, plus some additional backup methods, such as security questions and email.
Like, add two factor authentication for WordPress with MiniOrange
WordPress two-factor authentication, you will need the MiniOrange two-factor-authentication plugin (also known as Google authenticator). This plugin is free for a user account. If you want to use two-factor authentication for multiple accounts, you need to upgrade to the premium version.
The plugin to install like any other plugin from the wordpress.org repository. Once you activate the plugin, the first thing you need to do is sign up at MiniOrange:
The plugin, please send an email with a so-called access code OTP. “One-time password” stands for OTP. You must enter this code in the plugin dashboard continue to configure plugin:
After you enter the code, it is plugin shows you an overview of pricing. You need only two-factor authentication for an account, you can use the button ‘OK, got it” continues to with the free plan:
Then, you see a list of all the authentication methods and devices supported for each method. I’ll show you how to set the Google authenticator app, but you can choose one of these options. With this method of integration the plugin will use the official Google authenticator app to provide the authentication code.
To begin, click on the link Google authenticator:
Choose your phone. a Smartphone need for this method. If you have a Smartphone, you use the options for e-mail or security issues.
Next you need to download the Google on your Smartphone authenticator app. Once you have downloaded it and choose you signed in to your Google account “ barcode scanning” option in the app:
Then scan the barcode on your screen:
The app is designed to show you a 6 digit code. This code is for ~ 20 seconds expires, you need to make sure are the latest code type:
Enter this code in the box on your WordPress dashboard. As soon as the code submit, you should see a confirmation message from the plugin:
Make sure to test it by following the link. You must return only the authenticator app to the latest 6-digit code. This 6-digit code changes all the time, so you always get it directly from within the app. Must, if the test works, you’re done!
But it is important that you have one…
You must configure security questions. If you have configured Google authenticator only without a backup method, you could may you ever lose your phone from your account locked.
This is not good! So, back to ‘setup two factor’ tab and click Configure on the security issues:
All you need to do is choose to type questions and answers. Click “store “.
Logging in WordPress with two-factor authentication
Now, each time you log see your WordPress account this screen after your enter your user name and password:
Remember, you can also configure, that one of the other methods. I think that is the easiest to use Google authenticator. And because it comes from Google, you can trust its safety. It is exactly same app uses Google as a way to provide two factor authentication for Google accounts.
Keep in mind – it is important that you configure one of the backup methods, so that if you lose your Smartphone, your don’t get blocked WordPress account.