PHPMatters Help You Better Hosting Your PHP-based Sites
Ultimate Guide to Secure WordPress Using Two-Factor Authentication

Ultimate Guide to Secure WordPress Using Two-Factor Authentication

Since every webmaster takes website security seriously, there are a large number of tips for security enhancement appearing on the Internet. Among the various options, strengthening password becomes an essential way that gets most attention. Even so, many people suffer password crackers and sustain a big loss.

To avoid such an embarrassing situation, WordPress two-factor authentication helps you get a good lift by making your site under duplicate protection. In the following post, we are going to make an in-depth introduction about two-factor authentication and the way to add this advanced function to your website.

What Is WordPress Two-Factor Authentication?

what is wordpress two-factor authenticationAs its name suggests, the two-factor authentication is a measure to enable two authentication stages on the website, including password and a one-off dynamic code. In this way, if users intend to log into their accounts, they are required to enter password along with a code that will be sent to the users’ mobile phone or other devices. People have to get the two factors right, or they cannot access to their accounts successfully.

Obviously, it is a great method to protect your website from attacking, especially when someone attempts to break your password. Maybe now, you have had a taste of how powerful the two-factor authentication and wish to try your hand at this function. Here, we make a guide on how to add two-factor authentication to your website by using WordPress plugin.

Make Use of DUO Two-Factor Authentication

DUO Two-Factor Authentication (https://wordpress.org/plugins/duo-wordpress/) is selected in the following guide to help you achieve the goal, which is one of the most trust-worthy options for security enhancement. To enable this plugin, you are required to log into your website backend and go to Plugins > Add New. Once seeking DUO Two-Factor Authentication out, you need to click “Install Now” and then activate it.

set up Duo Two-Factor Authentication plugin

When accessing to the Installed Plugins page, you are required to target the DUO Two-Factor Authentication and click “Settings”. And then, you will come to the setting page, which asks you to enter integration key, secret key, API hostname and other information. Visit the Duo administrative interface and follow the guide to get the needed information step by step.

set up Duo Two-Factor Authentication plugin

The first step is to sign up an account on DUO. Click the given link to the sign up page and fill out your personal information as required. Note that, the information should be real and effective. Finally, click the Create My Account button to confirm the information.

set up Duo Two-Factor Authentication plugin

The next step requires you to set a password. Keep in mind that you need to set the password as strong as possible so as to protect it from password crackers. And then, click Continue button.

set up Duo Two-Factor Authentication plugin

If you are using an iPhone or Android device, you are asked to integrate your mobile with Duo by launching an app store on the phone and scanning the give barcode. If not, you can skip this step and go to the next page. Here, you are required to log into your account with email address and password and click Submit button. And then, you can select the way to receive a passcode. Here, we pitch on “Text Me”. Fill in the given code and click Submit button again.

set up Duo Two-Factor Authentication plugin

The New Integration interface comes to you. Firstly, you need to choose an integration type from the drop-down list and name the integration according to your needs. Here, we select WordPress because we create the website based on this great platform. And then, click Create Integration button.

set up Duo Two-Factor Authentication plugin

Once you have created integration successfully, you can get the detailed information about this newly created integration, including integration key, secret key and API hostname. Note that, you have to keep the details as a secret and avoid leaking them to the third parties.

set up Duo Two-Factor Authentication plugin

There are multiple options below Details box are available for customizing the newly created integration. You can change the name of the integration as you want. Besides, the Policy option allows you to select a new user policy and enable/disable trusted devices, trusted networks and group policy on this integration. The Other option gives you more possibilities to customize the integration. Finally, click Save Changes button to confirm all settings.

set up Duo Two-Factor Authentication plugin

Move your mouse back to the Details box and then copy and paste the integration key, secret key and API hostname one by one to the Duo Two-Factor Authentication setting page on your WordPress dashboard. After having the copy-paste done, you need to click Save Changes button.

set up Duo Two-Factor Authentication plugin

The WordPress dashboard is turned to the page shown as the following screenshot, which shows you the way to set up Duo Two-Factor Authentication plugin. Click Start Setup button and get started to make full use of this plugin right now!

set up Duo Two-Factor Authentication plugin

You are required to select a device used to enroll with Duo from three options, including Mobile phone, Tablet and Landline. Here, we pitch on Mobile phone. And then, click Continue button.

set up Duo Two-Factor Authentication plugin

Fill out your phone number in the blank and select the region where you are. If the phone number is confirmed, you should click the Continue button and go to the next page. Here, you are required to choose an operating system from the 5 options that your phone runs on. Click Continue.

set up Duo Two-Factor Authentication plugin

You need to check whether you have installed Duo Mobile. If this were done, you need to check the box near “I have Dup Mobile installed” option and then click Continue.

set up Duo Two-Factor Authentication plugin

Open the Duo Mobile app and click the button on the top right corner. And then, scan the barcode and click Continue button. So, you have connected your phone to the newly created Duo account.

set up Duo Two-Factor Authentication plugin

Click “Send SMS passcodes” and enter the passwords that you have received just now. Note that, you will receive several passcodes at a time, and you need to select one of the passcodes according to the prompt. Click “Log in” button. When receiving a notification on the phone, you need to click Approve.

set up Duo Two-Factor Authentication plugin

If the page turns to WordPress dashboard automatically, you have successfully enabled the two-factor authentication on your website. Since now, when you log into your WordPress account, you have to provide password in the first step and then enter a passcode that has been sent to your mobile phone. It is just like the way to log into Duo administrative interface.

Summary

Since username and password are not enough, the two-factor authentication is a great way to double-secure your website. In addition to Duo Two-Factor Authentication, there are more options available for you, like Google Authenticator, Authy Two Factor Authentication, Toopher Two-Factor Security, etc.

However, if you wish to have your website well protected, you should adopt more methods rather than just rely on the two-factor authentication. You can choose a reliable hosting provider, update the website regularly, make use of security plugins, and so on. Here, we would like to recommend three of the most popular WordPress hosting companies as below, which provide you with the most reliable and secure hosting environment.