Enabling 2FA in WordPress: A Guide

Learn How to Enable Two-Factor Authentication for WordPress Using Duo Two-Factor Authentication Plugin

In today’s world, online security is of utmost importance. With the increasing number of cyber attacks, it is crucial to take measures to protect your website from unauthorized access. One such measure is two-factor authentication. In this tutorial, we will learn how to enable two-factor authentication for WordPress using a free plugin called Duo Two-Factor Authentication.

Duo Security is an enterprise-level security service that is trusted by hundreds of companies like Sony, Microsoft, Accenture, Toyota, and Yelp. It is extremely secure and easy to use. Two-factor authentication is an additional security measure intended to enhance the security of the site/product it safeguards. It consists of two distinct authentication stages: the account password and a dynamically generated security code called a One Time Password (OTP).

For example, with two-factor authentication enabled on Google accounts, when you sign in to your account from a new or previously unused IP address, the first barrier is your password. Next, Google will send an SMS or call your registered mobile number and send a 6 digit code. Only when you enter the code, you are granted access to your account.

The benefits of two-factor authentication are invaluable in an insecure environment. Even if someone came to know your password, they won’t be able to gain access to your account. The 2nd authentication stage, i.e., the OTP would stop them. However, in rare cases where the perpetrator has access to both your password and phone, then you’re done for.

Enabling two-factor authentication requires a mobile phone or tablet, preferably a smartphone, an active phone number, and a Duo Security account. The first thing you need to do is create a free Duo Security account using your active phone number. Once you’ve set up the account, you’ll be automatically redirected to the admin panel.

From the admin panel, select Integrations > New Integration and under Integration Type, select WordPress. The Integration Name can be anything you want. Click on Create Integration to establish a connection between your WordPress site and Duo Security.

To connect Duo Security to your WordPress site, go to WP Dashboard > Settings > Duo Two-Factor. Copy the secret keys from the Duo Security admin interface and paste them in the respective fields. Hit Save Changes, and the connection is established. Now two-factor authentication is enabled on your site.

To add an authentication method to each WordPress user, log out of the WP Dashboard and log in again. You should see a message indicating that the user does not have an authentication method activated for Duo Security. The available authentication methods under a free account are phone call, SMS, BlackBerry, Android, and iOS. The phone and SMS method requires retail credits, and you have 1000 credits to begin with, which you’ll have to buy once they’re spent.

To add an Android device as an authentication method, select Tablet under Choose Your Device, and install the respective mobile app. Open the Duo Mobile app on your device and click on the Key icon to launch a barcode scanner. Scan the barcode from the screen to transform your tablet/phone into a recognized authentication device.

Once everything is set up, keep your phone/tablet nearby and navigate stage one by entering your password. Now you’re at the Two-Factor Authentication junction. You can select Duo Push or Passcode as a login method. If you’ve selected Duo Push, click on Log In. You should see a notification in your Android/iOS device. Launch the Duo Mobile app and select Approve. You have now successfully overcome the 2nd stage of the two-factor authentication process and can access the WP Dashboard.

Enabling two-factor authentication is one of the best ways to prevent unauthorized access. It serves as an excellent security practice. Although it takes a bit more time to log in to your WordPress site, the extra work is rewarded with peace of mind. There are other plugins in the market that help you set up two-factor authentication, but Duo Security is free for all to use.

Stay in Touch


Related Articles