If you’re an internet entrepreneur, your website is like your home on the internet. And just like you want to keep your physical home safe, you want to keep your website safe too. If you’re using WordPress to run your site, then you’re in luck! WordPress is a great platform with a supportive community. In this article, we’ll discuss how to improve WordPress security using two-factor authentication (2FA), specifically the Google Authenticator WordPress plugin.
To use this plugin, you’ll need a smartphone with either an Android, iPhone, or BlackBerry operating system. Unfortunately, other operating systems like Symbian and Samsung’s JAVA-based mobile operating systems are not supported. The authentication software we’ll be using is the Google Authenticator app on our phone. If you’ve used Gmail or Dropbox’s 2FA feature in the past, then you’ve already installed the Google Authenticator app. If not, don’t worry, it’s an easy process!
Installing Google Authenticator
To get started, install the plugin in WordPress. Go to WordPress Dashboard > Plugins > Add New and search for “google authenticator.” Install the first result that appears and activate it once it’s downloaded and unpacked.
Configuring Google Authenticator in WordPress
The Google Authenticator for WordPress plugin doesn’t have a dedicated menu entry in the WordPress dashboard menu or a sub-menu item under Settings. Instead, you need to activate this plugin on a per-user basis, just like in our last 2FA tutorial. To access the individual user setting, go to WP Dashboard > Users > Your Profile. Scroll down to find the settings under Google Authenticator Settings.
Google Authenticator Settings Explained
– Description: Add a description for your blog to help you recognize the site in the Google Authenticator app.
– Relaxed Mode: This extends the password entry time from one minute to four.
– Secret: This key is needed if you want to manually add the WordPress account to the Google Authenticator app without using the QR code.
– Show/Hide QR code: This displays the QR code that you can scan with the Google Authenticator app to add your WordPress account.
– Active: This activates Google Authenticator in WordPress.
App Passwords: This feature enables you to log in to your WordPress blog using the XML-RPC interface. It’s meant for third-party blogging apps like Windows Live Writer or Microsoft Word 2013, but it’s not recommended to enable App Passwords since they present a serious security flaw for hackers to exploit.
Save the Settings: To save all these settings, click on Update Profile at the bottom of the User Profile page.
Working the Magic
Now that everything is installed, let’s test it out! Log out of your WordPress account and visit the login screen again. This time, you’ll be greeted by a simple but powerful two-factor authentication. Copy the code from the Google Authenticator app on your phone and paste it in the respective field. Enter this one-time password, and you’re in!
Which Two-Factor Authentication Plugin Should I Choose?
The choice between Duo Security and Google Authenticator depends on the website you’re trying to protect. If you’re focused on security, then two-factor authentication is a great step. Google Authenticator for WordPress will get the job done. But if you want to amp up the game, then Duo Security is your best bet. Especially for people who’ve had their site hacked in the past or those who find a lot of unauthorized login attempts in their site should use this protocol.
Conclusion
The Google Authenticator WordPress plugin is a simple and elegant solution to entry-level two-factor authentication protocols. Duo Security provides much more features like OTP (one-time passwords) generation through phone calls and SMS. Of course, the service is chargeable after a certain point, but it includes a wide range of compatibility. For example, with phone and SMS OTP generation, any mobile phone with a carrier signal can be used.
Moreover, Duo Security uses a real-time PUSH protocol, which only works when your phone is connected to the internet. When you attempt to log in, an automation Push notification is sent to your mobile. Once you press the Approve button, you’re automatically logged into your WordPress site.
I personally recommend using Duo Security since it has a lot more authentication mediums for obtaining the one-time password, along with a plethora of other options. If you’re running a site where there’s e-commerce involved, then using two-factor authentication would certainly help improve security.
In conclusion, your website is your home on the internet, and you want to keep it safe. Two-factor authentication is an excellent way to improve WordPress security. Whether you choose Google Authenticator or Duo Security, make sure to activate it on a per-user basis and save your settings. Stay safe out there!
