In this article we are going to explain how to add two-factor authentication for WordPress (aka two-step or two-way authentication) and why you need it to increase your website security.
Two-Factor Authentication for WordPress
Your WordPress website contains your personal and business information. Plus, it also has all the valuable content. Thus, it’s essential to ensure the safety of the login page.
You should know that brute force attacks on websites are becoming increasingly common. Hackers use automated scripts that use different combinations of username and password to break into your account.
But, you can secure your WordPress website with two-factor authentication.
Please note, there’s a hacker attack every 39 seconds. You can contact a professional WordPress CMS development company to build a website with high security.
Nonetheless, below is your step-by-step guide to adding two-factor authentication.
Why Add Two-Factor Authentication?
Single-factor authentication means the website needs a single ID and password to log in. In such a case, attackers can easily break into your website. And that’s where two-factor authentication comes into the picture.
Two-factor authentication, aka 2-step-verification, allows you to add an extra layer of protection to your website. It safeguards your website against various attacks like phishing, password theft, and brute force attacks too.
It makes it impossible for attackers to access your site without a unique code. No one can log in to your website unless they have a piece of information sent to your device. You may also consider hiring WordPress design and development services to foster security on your website.
There are two ways you can add two-factor authentication in WordPress. First, you can use an SMS verification method. And secondly, you can use a Google Authenticator App. In this blog, you can learn how to add 2FA using both the methods.
Part 1 – Adding Two-Step SMS Verification to WordPress Login
You can add two-step SMS verification to your WordPress login screen. After you insert your user ID and password, you will receive a unique code on your mobile device via SMS.
Install the Two-Factor Plugins
First thing you need to do is install the Two-Factor and Two-Factor SMS plugins. The first plugin, called Two-Factor, allows you to configure SMS verification in various ways.
And the second plugin, Two-Factor SMS, acts as an add-on for the first plugin. You should install both the plugins and activate them too.
Enter Twilio Account Details
After you activate the plugins, you need to navigate to Users > Your Profile page. Further, scroll down to select Two Factor Options section.
Select the box with SMS (Twilio) option. And also click on the round button to mark it as your primary verification method.
After that, scroll down to the Twilio section. Here, you need to provide your Twilio account information.
Set-Up Your Twilio Account
In case you don’t know, Twilio is an online platform that provides SMS, phone, and voice message services. You can use these services with your applications. The platform offers limited free services, but that may still be sufficient for you.
Now, you need to go to Twilio and set-up your free account. You will need to fill a basic form; you can input the information as shown in the image below.
After the sign-up is complete, you will land in a Twilio dashboard. Follow these steps below –
- Now, click on ‘Get Started’ button.
- It will take you to set wizard. Here, you should click on the ‘Get your first Twilio number’ button.
- Then, it will give you a US-based phone number.
- You should save the number and click on ‘Choose this Number’ button.
- Exit the wizard and navigate to Settings > Geo Permissions page. Here, you need to choose countries where you want to send the SMS. Well, you’re using this service for yourself. So, choose the country where you live, and you visit often.
- Head over to Twilio console dashboard to copy your Account SID and Auth Token.
Complete the Process
- Now, get back to your WordPress profile page and enter the Twilio account details.
- Next, add your phone number in the ‘Receiver Phone Number’ section and click on ‘Update Profile.’
So, the next time you log in to WordPress, you will need to enter a unique code sent on your mobile device.
Part 2 – Adding Two-Factor Authentication Using Google Authenticator
This method is rather the easiest one to activate 2FA on your website. You may hire a professional hire WordPress web developer to develop a highly secured website for you. But, if you’re a DIY enthusiast, then below are the steps you should follow.
First thing you need to do is log in to your WordPress dashboard. And you need to install the plugin called Google Authenticator. After you install and activate it, do a few things as below to set it up.
- Navigate to Settings > Google Authenticator
- You can change the settings as you want. Here, we are setting up 2FA for website administrators and editors.
- After you have chosen the necessary settings, click on ‘Save Changes’ and get back to Installed Plugins. Now, you will get redirected to another settings page which will have a QR code.
- You first need to install the Google Authenticator app on your mobile device.
- Type in the generated code on your phone in the ‘Authenticator Code’ field and click ‘Verify.’
And that’s all; now, you have enabled two-factor authentication for your WordPress website.
When you log in to your WordPress account in future, you will need to provide the code on your phone. Keep in mind that the code on your mobile app keeps changing after 30 seconds. So you have to keep the app installed.
To Sum It All Up
Since COVID-19, there has been a 300% increase in reported cybercrimes. Thus, Website security should be your top priority.
2FA adds an extra layer of security to your WordPress website. You can use any of the methods above to add two-factor authentication to your website.
Even better, you can consider WordPress customization services. A professional web development company can give you a website with unbreakable security.