Protect Your Website With Two Factor Authentication
“2FA” or “Two Factor Authentication”, is a process that adds a second step to authorize a login. 2FA is easy to set up and will harden your WordPress website’s security. Even if someone were to steal your password, 2FA requires an additional validation to complete a login. A hacker is unlikely to have access to your phone or device which gives the second authorization.
Mind you, 2FA isn’t perfect. The device you use for the second 2FA step must be secure as well. Generally your phone hosts the 2FA application. All devices you login a password need to be treated like your computer which means functional anti-virus and anti-malware protocols/software.
Logging in using 2FA starts with your usual WordPress Admin page login. Once your password is accepted, the next step usually involves an app, but the second authorization could come by way of an email or text.
My client websites have 2FA set up via WordFence, but there are a lot of plugins you can choose from. WordFence 2FA is validated via the Free Google Authenticator plugin on my iPhone. Using this scenario, there is no need for a dedicated 2FA plugin. When it comes to plugins, in my book, fewer is better, faster, and less hassle to maintain!
Google’s Authentication plugin is one of many 2FA authenticators that works across platforms. For example, my active client websites (WordPress), all have 2FA login which requires me to visit an app on my phone and enter the six digits as a second step to login into the Admin area.
Once you start, use 2FA everywhere you can!
In the case of Google Mail, 2FA is pretty easy. If you have the Google Mail app on your phone, you just need to set up 2FA in your Google Mail settings on your computer. Any email used to log into a website, should also be protected with Two-Factor Authorization!
The Google Authenticator app also connects with LinkedIn, Hubspot, and a few other logins. To be clear, to login into Gmail, I do not use the Google Authenticator app. For Gmail, I just open the Google Mail app on my phone which generates a validation question. You can pick one of many authenticator apps from the Microsoft Store, Google’s Playstore or the Apple Store.
The bottom line is that if your can add 2FA, do it. I takes a few additional seconds to complete a login, but you will reduce your chances of having your password used by a hacker or someone seeking to steal data or damage a website.
Back to the security of your devices. 2FA is not bulletproof. You should still resist logging in via a public wifi network. You should still change your passwords quarterly. Your passwords should still be a complex mix of upper and lower case letters, numbers, and symbols. You should also have your browsers clean out passwords after they shutdown. And finally, you need to have updated anti-virus and anti-malware tools installed on your computers, phones, and tablets.