Use Two-Factor Authentication to Bulletproof your WordPress Login

Two-Factor Authentication

Two-Factor Authentication is one of the few guaranteed security methods that every WordPress website should use. The method is popular among many websites (WordPress or non-WordPress) that take security seriously such as banks because it ensures that unauthorized users will not be able to access your account, even if they have your password.

So why is it so secure? Two-Factor Authentication relies on two elements in order for someone to login:

  1. Your Password – Something you know.
  2. Your Mobile Device – Something you have.

It’s easy for someone to steal your password or even guess it no matter how closely you guard it. However, the chances of someone knowing your password and having your mobile device is extremely unlikely.

You may already be familiar with Two-Factor Authentication methods but in case you aren’t, here is how it generally works:

  1. Login as usual with your username and password.
  2. On the next page, a message will inform you that a text message has been sent to your phone.
  3. Check your phone for the text message and find the code that was sent.
  4. Enter the code on the page to complete the login process.

In the past several years, we have seen many variations of the Two-Factor Authentication method. Below, we will go over several methods and plugins that you can easily implement to bulletproof your WordPress website’s security.

Two-Factor Authentication by Clockwork SMS

Clockwork’s Two-Factor Authentication plugin is the most simple of all options to use and is very reliable. First, you will have to sign up for a Clockwork SMS account through their website, which charges you about 3 cents per text message sent. Then, you will have to simply install their plugin to connect your Clockwork SMS account.

Once you install it and begin to use it, you will be sent a code via text message by Clockwork that you will have to enter on your screen in order to continue logging in.

Wordfence Cell Phone Sign In

You won’t have to bother with Clockwork SMS nor pay for it if you already maintain a Wordfence subscription. Wordfence offers this tool for free to its users. To activate it, you’ll have to navigate to your WordPress Admin’s Wordfence section and click the Tools option where you will see a tab titled Cellphone Sign-In. Activating and using it is just as easy as Clockwork.

Google Authenticator

If you are looking for a free option rather than Clockwork’s paid option or if you do not have a Wordfence subscription, then Google Authenticator is your next best choice. Instead of sending you a text message to verify that you are in possession of your device, you will be prompted to open up the Google Authenticator app on your phone and enter the randomly-generated code displayed on your smartphone.

Setting up Google Authenticator and connecting it with the plugin is also much more simple. When you first install the plugin, you will also have to install the Google Authenticator app on your phone. Once both are installed, you will have to open up your Google Authenticator app and scan a QR code provided by the plugin on your computer screen. And that’s it, the two should now be connected.

Google Authenticator has been becoming the popular choice over traditional SMS verification as of late because it works even when you do not have reception and/or connection to the Internet. In addition, the element of a text message never making it to you is not present because the codes will always display in your Google Authenticator app.

Want to read more articles like this one? See 25 Ways to Improve WordPress Security

Sign Up for New Content