Two Factor Authentication for WordPress

wordpress-category-inverted

I’ve used WordPress for a long time now and over the years security concerns have changed greatly on the Internet.  Adding plugins to block multiple login attempts and filter out IP address all work well, but technology has moved on and two factor authentication is popping up all over the internet.

It’s primarily been driven by the adoption of “soft tokens”, standard software that can be run on any phone that generates unique numbers used as another layer of security for your login process.

Big companies like Google, Microsoft and others have this as an option, but WordPress does not include it by default.  Instead, you can install it with a plugin.

There are several options to choose from in the plugin directory, but I’ve chosen Two Factor Authentication, primarily because it works well and has a reasonable set of features in the free edition.

Installation is the standard WordPress plugin install and after that a user can activate it by selecting the “Two Factor Auth” menu in the WordPress admin backend.

You can either use the QR code to setup your phone with the account and after that, your good to go.  Using Microsoft or Google Authenticator apps on your phone (or several others that are available) makes managing your second factor easy and quick.

The plugin integrates with most major login plugins (like Theme My Login) and works well.

If there is a downside to it, it is that some of the features are only in the paid edition.  For example; recovery codes and compulsorily usage for roles.  However for the vast majority of sites this won’t be an issue.

The only other downside is the upgrade to the premium version is a little expensive at £19 (about $33 Canadian at the moment) for a small or personal site.

Beyond that, I certainly recommend it and have been using it on several of my sites (including JumbleCat of course) for a few months now.

 

 

 

Avatar photo

Greg

Greg is the head cat at JumbleCat, with over 20 years of experience in the computer field, he has done everything from programming to hardware solutions. You can contact Greg via the contact form on the main menu above.

More Posts - Website

Avatar photo

Greg

Greg is the head cat at JumbleCat, with over 20 years of experience in the computer field, he has done everything from programming to hardware solutions. You can contact Greg via the contact form on the main menu above.

Leave a Reply