Two Free Ways to Add Two-Factor Authentication in WordPress

We’re moving to a digital world. As a result, one can have multiple online accounts which contain his important information.

Along with the convenience we can get from online accounts, it also raises several questions about personal information security.

A few decades ago, two factor authentication might not cross your mind. But now, as a result of security concerns, it turns out to be the must-know security method to keep your accounts safe.

In this article, we’ll dive into the importance of protecting your WordPress site with two factor authentication. Followed by two free two-factor authentication plugins that help you enhance your site security.

Questions about Security in WordPress are Raising

Among several CMS platforms, you can’t really say if one platform is more secure than others or not. The more common a platform is used, the higher probability of security issues happens. In other words, when a platform is widely used, numerous vulnerabilities will be found by hackers.

Security issues of WordPress sometimes are caused by the lack of experience of WordPress site owners. Sad but true. It’s a common problem for beginners who have no idea about basic security knowledge.

Nowadays, thanks to the widespread popularity of the IT industry, many documentations have been written for non-tech savvy users.

Just a click on Google with security keywords, you can see a lot of results about how to enhance your site’s security returned. It might be to change your login URL or hide the WordPress version from Wappalyzer which our previous articles have mentioned. But first, you must choose complex passwords for your site, not after.

The Importance of Two-factor Authentication

One of the common ways that help you have complex passwords is to apply two-factor authentication. Maybe you haven’t realized yet, but this method is pretty useful. Never let your site be easy to attack because of your simple-to-guess password. It’s an unacceptable if not silly mistake.

However, even when you have a very strong password, at least in your opinion, you can’t really make sure that your site is unable to attack.

Don’t worry, when hackers are spending their time guessing your password, let’s go one step ahead of them. It’s when two-factor authentication comes in handy. Even if you have a weak password or somehow attackers can find your strong password, they will need to know a private code which is sent to your phone to access your admin dashboard. Your site will be extra secure, won’t it?

Known for its high security, however, WordPress doesn’t have any built-in function to secure your site with two factors. Luckily, many plugins are launched to effortlessly help you with that.

In this article, we will dive into two plugins that help you secure your site with two factor authentication. They are not only free but also perform outstanding functions.

Two Factor Authentication

Two factor authentication

The name says it all. You can easily secure your site under two factor authentication with this plugin. With over 20,000 active installations and a 4.5 out of 5-star rating, this plugin won’t disappoint you. They provide both free and premium versions for you to choose from.

Key features of the free version:

  • Graphical QR codes for easy mobile scanning
  • WooCommerce and Affiliates-WP login form support
  • WordPress Multisite compatibility (plugin should be network activated)
  • Emergency codes and premium design layouts (premium version)

You can easily find and install the Two Factor Authentication plugin in your WordPress directory

Once installed and activated, the plugin will be inserted into your WordPress dashboard.

Step 1: Personal Settings

Go to your Dashboard > Two Factor Auth.

A new screen displays. You’ll do the very first settings here to continue with the plugin.

At this step, you should download an QR app on your phone. We’re using Google Authenticator.

Choose Enable > Save Changes.

Open Google Authenticator app on your phone.  Type the private key or scan the QR code, then hit Save Changes.

Step 2: General Settings

Go Settings > Two Factor Authentication, choose the settings as needed then Save Changes.

That’s it! You have enabled two factor authentication for your WordPress site.

Next time you log in to your WordPress, you’ll be asked to provide the private code on your phone.

Google Authenticator

If you’re looking for an absolutely free solution, the Google Authenticator plugin is a good choice.

With this plugin, you can:

  • Enable two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry.
  • Enable for your administrator account, but log in as usual with less privileged accounts.
  • Enable the App password feature.

To make use of Google Authenticator, you must install and activate the plugin first.

Once things are done, go to  Setting > Google Authenticator.

You have several choices to tick on what you need. Remember pressing Save Changes.

That’s it!

Now, back to Settings > Google Authenticator. A new screen with QR Code displays.

To scan QR code or input secret numbers, you need to have a QR app on your phone.

Open your QR app in your phone > scan QR code. An authenticator code will display on your phone.

Input into Authenticator code then hit Save Authentication Code. The screen will go back to the dashboard.

Congratulations! You have completely activated WordPress two-factor authenticator for your site.

Summing Up

It is very easy to install and set up two factor authentication plugins to your WordPress dashboard. With our article, we have introduced 2 free plugins which help you secure your site under 2 factor authentication.

If you want to get a completely free plugin, Google Authenticator is the most suitable choice.

If you want to combine 2 factor authentication with more extended features in the premium version, let’s try the Two Factor Authentication plugin.

But first of all, remember to download a QR Code app on your mobile. Remember not to give bad guys any opportunity to attack your site and take anything away from you if you can prevent it from the beginning .

Let’s secure your WordPress site now.