How to add security with two-factor authentication for WordPress »Compa Marketing

Did you know you can add two-factor authentication to WordPress? If you're not sure you want to add two-factor authentication to your WordPress site, consider this - how many accounts do you have on the internet? All protected by a password? How many people share the same password? If an unwanted visitor gains entry to one account, chances are he can gain entry to another account. You will make him easier if you use easy-to-guess passwords or use public networks. Is that the name of your pet dog? Your birthday? Did you write that password in a diary?

Every day, bots attack thousands of WordPress websites and expose their visitors to malware. A site compromised by a bot will be listed by search engines, hosting providers can block access to the site. This means that the website starts to lose traffic. All your hard work is reduced to futile.

What is two-factor authentication?

Passwords can be broken, especially brute force attacks. This is where another layer of security is added, in addition to a simple password. Two-factor authentication is one way to do this. In fact, many popular websites (e.g., Facebook, Gmail, PayPal, etc.) use two-factor authentication to minimize security breaches in case an attacker steals a user's login credentials.

So what exactly is two-step or two-factor authentication (called 2FA for short)? You can call to enter captcha as two-factor authentication in the simplest form. Or you may be asked to enter an additional PIN. Some websites need you to define a pattern before you can log in. Two-factor authentication basically means that users will have to verify their identity in addition to passwords using some of the devices they own.

Technology does not replace passwords; it is one more step that only you, the legal administrator can access. In the process, you will log in as usual, but then you need to enter the code that will be sent to your mobile phone or any other device. 2FA provides an extra layer of security, so even if your password is bypassed, hackers cannot access your site without adding a piece of code. This code is sent to your registered phone number, email, applications, etc.It is often referred to as a One-Time Password or OTP, and only access to the website is entered by this code.

Which method of getting codes is used for Verification?

Before you start using Dual-Layer Authentication on your system, you should understand how the second step works so you can choose the one that best suits you. The code you enter during verification can be received by you in any of the following ways,

  • Email service: When you try to log in, a code is sent to your email.
  • SMS: Sent to your mobile phone.
  • App generation code: Apps like Google Authenticator automatically generate new codes in a very short amount of time. The code currently generated when you log in will have to be entered. Application may take a bit of setup.
  • USB token: You will simply have to insert the token into your USB port (and can enter the token password). Nothing more. This is a very secure method, as there is no way to authenticate that can be blocked. But the downside is that it doesn't work with mobile phones, because it needs to be plugged into a USB port.

The first two methods will need internet or mobile connection to receive the code, while the last two methods do not depend on the connection.

All services will not provide all the options and you have to choose what's best for you. Some services may offer many options, in which case you will have the option to come back. Usually, when you are setting up authentication, you will be provided with a Recovery Code, which you should keep in mind and keep safe.

In today's post, we share the best two-tier authentication WordPress options to enhance security on your login page. The 2FA WordPress plugins in the following section are easy to configure. They ship with full instructions and installation documentation, so we don't expect any issues. And please share your favorite WordPress 2FA plugins or your security concerns at the end. If you don't have any more trouble, get to work.

#first. Google Authenticator - WordPress Two Factor Authentication (2FA)

google wordpress authentication plugin adds two elements

First on our list is Google Authenticator by miniOrange, a reputable WordPress plugin developer. The plugin provides you with a complete solution to secure your WordPress login pages without paying.

Google Authenticator is a remarkable two-layer WordPress plugin, easy to install and use. It ships with a stunning set of features sufficient to prevent hackers from impersonating.

The plugin boasts features like a polished user interface, multiple authentication methods, multilingual support, IP blocking, custom security questions, support for many WordPress-type plugins, GDPR compatibility, and a list. Large books of more advanced features.

The core plugin is free for one user and you can always get support on the plugin's support forum.

#2. Two-Factor

The wordpress plugin authenticates two elements

The Two-Factor WordPress Plugin is a free and open-source project led by George Stephanis with the help of nine other plugin contributors. This is one of the simplest two-layer authentication plugins you will use.

When you install the plugin, navigate to Users> Your Profile and scroll down to the Layer Options section. In this section, you can enable and configure your two-factor authentication options.

Plugin Two-Factor WordPress supports four authentication methods. You can send the code to an email address, turn on Time-Based One-Time Password (TOTP), FIDO Common Class 2 (U2F), and backup verification codes.

Besides, you get an excellent mock method for testing purposes. On top of that, you can make a positive contribution to the project and Track progress on Github . In addition, the Two-Factor WordPress plugin supports 15 languages ​​and has over 10,000 active installs at the time of writing.

The plugin works as advertised and we will be delighted to see the premium version soon.

#3. WordPress 2-step verification

2-step verification plugin

Did you find a WordPress two-factor authentication plugin you like?

If not, we'd be happy to direct you to the plugin 2-step verification of WordPress by as247, a great PHP developer from Vietnam. Yes, that's our Vietnam, guys :))

But outside of Vietnam, you don't have to worry about hackers stealing your login information anymore with WordPress 2-Step Verification plugin. It combines the best 2FA login page protection measures and ensures attackers stay where they belong; outside your admin area.

The plugin is easy to set up and use and we hope you will configure everything in less than 10 minutes. If you have problems, as247 is ready to help you through the support forums.

Need a faster response? I am always available to help when and where I can

Many features

WordPress 2-Step Verification provides a range of great features, including support for multiple pages, email codes, application-generated codes, SMS verification and backup codes.

In case you lose your phone or verification code, you can use easy recovery via FTP, this is the end. Moreover, you can deactivate 2-step verification on devices you trust, such as your personal computer.

Are you wondering how the plugin supports the code generated by the application? They offer an Authenticator application on the Playstore. The app continues to help you provide passwords for apps that don't support 2-step verification.

At the time of writing, the plugin does not support the Gutenberg Editor, meaning you need to activate the Classic Editor. Plans are underway to add support for Gutenberg, but if you don't mind using the Classic Editor, WordPress's 2-Step Verification plugin is a great option.

#4. Rublon Two-Factor Authentication (2FA)

wordpress two rublon complementary authentication elements

Fourth place belongs to Two-factor Authentication Rublon. The only purpose of this great WordPress plugin is to avoid bad guys, this is really effective. It is a simple solution to enable two-factor authentication on your WordPress site.

The authentic Rublon Two-Factor plugin is super easy to install and use; You do not need training or technical knowledge to run to the ground. You just need to install the plugin and connect it to the Rublon API with a system token and security key.

You will then receive a verification link via email. When you confirm your identity, you need to configure a few options and it's great to rock the party.

Rublon supports a number of two-factor authentication methods, including email, SMS, QR codes, push notifications and TOTP, among others. Additionally, you can whitelist trusted devices eliminating the need for two-factor authentication on subsequent logins.

The plugin comes with a friendly backend interface that makes it easy to add two-factor authentication to your WordPress site. It supports five languages ​​and security professionals as well as beginners are saying great things about the plugin.

#5. GatewayAPI

gatewayapi wordpress plugin

Perhaps the other two-factor authentication plugins on our list don't cut you in terms of ease of use. If you are looking for an easy but super deceptive plugin, say hello to GatewayAPI.

GatewayAPI not your typical two-layer WordPress plugin. This is a complete tool that helps you send SMS right from your WordPress admin area. On top of that, the plugin comes with free and easy to use two-factor authentication.

Notable features of GatewayAPI include:

  • Ability to add custom data to SMS
  • Import recipient lists from a CSV file
  • Bulk sending feature
  • Segment recipients or groups
  • Short codes
  • Easy to use
  • Reconfirm every login or remember the device for 30 days
  • Ability to receive and read incoming messages via your phone number
  • And more

To get started, install the plugin and sign up for a free account. Do not worry; If you're stuck, the plugin will provide helpful text and step by step instructions full of screenshots. Between you and me, I doubt you will need to read the documentation to enable two-factor authentication.

#6. 5sec Google Authenticator 2-Step Login Protection

5 seconds Google Authenticator for WordPress Login protection two steps

Google Authenticator is a premium plugin available on Codecanyon for $ 19. Once you have installed this plugin, no one can log in to your account even if they know the password. When the user logs in, a one-time password is generated, which is received on the user's mobile phone. Access to the site is only available when OTP is entered into the login page.

New login will require creating a new OTP. OTP is only valid for a certain period of time. This type of login is commonly used by banks for financial transactions and the validity of OTP can vary from site to site.

This plugin will protect you from brute force attacks, because the IP-based force protection feature is integrated. And even if you mistakenly click on 'Remember password' on the website, that won't be a problem, since no one can login without OTP. In case you leave the computer without logging out, that is also of interest. The plugin will automatically log you out and the login box will open in the lightbox. You can continue where you left off after entering the new OTP.

What happens if you lose your phone? Well, in this case, a specific URL of a website can be used to log in with just the username and password. Google Authenticator is easy to install and use.

#7. Duo Two-Factor Authentication

Two-factor authentication

Duo plugin will help you add two layers of security to your WordPress pretty easily. All users and administrators will need to verify themselves with a device they have - a mobile or hardware token. This will also help you track user activity on your site.

To use this plugin, you will have to install it, activate it and then sign up for their service. When registering, you will have access to security keys. You can then specify on the user roles that you want to enable two-factor authentication.

Users can authenticate or verify themselves in many ways. They can use OTP distributed by messaging services to mobile phones or generated by hardware tokens or generated by Duo's mobile application. They can call back any phone, or they can use Duo's mobile app for one-touch authentication.

Honorable mention

  • Shield Security (formerly WP Simple Firewall) - A powerful WordPress security plugin that comes with two-factor authentication.
  • Wordfence - A popular security plugin, around which also features 2FA through any TOTP-based app or service.
  • ManageWP - Two-factor authentication is an integrated feature along with all their other useful tools to better manage your website.
  • iTheme Security Pro - iTheme is another security plugin that provides 2FA through applications (Google Authenticator, Authy, FreeOTP and Toopher), email or backup codes to make your website more secure.

Yes you have it; Some of the best two-layer authentication plugins for WordPress. We hope you've found your favorite 2FA plugin from our list, but if you're having trouble choosing, I recommend Google Authenticator by miniOrange.

Also, keep in mind that WordPress security is an integral part of running a successful website, so don't take anything seriously. Two-factor authentication is a great way to prevent bad guys from leaving your WordPress admin area.

What is your favorite two-factor authentication plugin? Have questions, concerns, or suggestions? Please share with us in the comment section below.

Nguyen Diep

My name is Nguyen Manh Cuong. I was born in a poor village in Ba Vi district, HA NOI province - windy and sunny land. Currently

Post a Comment

Previous Post Next Post

Đọc nhiều trong tuần

10 Grands Sites de modèles PowerPoint gratuit
10 Grands Sites de modèles PowerPoint gratuit

PowerPoint est toujours le roi quand il vient à un logiciel de présentation. Il a été autour depuis des siècles et chaque nouvelle version ajoute plus de fonctionnalités et rend …

17 best home jobs in 2020
17 best home jobs in 2020

Earning Money blog access_time April 13, 2020 hourglass_empty 28 least Read Finding work from home is easier thanks to high technology. Not only suitable for tho…

How much RAM is the iPhone 12 Pro?
How much RAM is the iPhone 12 Pro?

The RAM of the iPhone 12 Pro is up to 6GB.
Based on information in the latest Xcode beta from Hiraku, it can be said that both of Apple's new iPhone 12 Pro models have 6GB of R…


JavaScript is a programming language of HTML and WEB. It is lightweight and most commonly used as part of web pages, but their implementation allows Client-Side scripts to interac…