Has your website ever been hacked?
We can only hope this won’t happen to you, because it is quite a challenge to make your website hack free again.
You can’t get one hundred percent protection, but you can make it as hard as possible for malicious types to get access to your website.
This can be done with the two factor authentication in WordPress. You basically add an extra security step to log into the WordPress content management system.
Two factor authentication in WordPress
There are many ways to secure your website, as you can read in the article Seriously, you really need to secure your website now.
Two factor verification offers maximum protection to your WordPress website.
And is also becoming more common amongst the ‘big boys’. Google (Gmail), Facebook and also Apple are now using it.
When you log into Google, you will receive a code through sms which you need to fill in.
There are different ways to secure your website with two factor authentication in WordPress. In this article I will give you an overview of the most used ones.
One of the best methods to secure your website with two factor authentication is Google Authenticator.
There are different ways to do this. You can arrange it through the Google Authenticator and download the app to your smartphone.
After installing, activating and setting the plugins settings, the Google authenticator will ask for a code.
You can get this by going to the Google authenticator app. Perhaps you first need to download this to your smartphone.
You can add different websites on the app and you will see a 6 digit code appear beside them. This code is only visible shortly, then the code expires. So fill in the code fast.
After entering the code, you can enter your website’s cms.
Besides the Google Authenticator plugin there are other plugins which can arrange two factor authentication. One of them is WP Defender by WPMU DEV. This also works according to the same principle as the Google Authenticator plugin.
DO YOU WANT EXTRA PROTECTION?
You can install another plugin, the Google Captcha by BestWebSoft plugin.
Captcha is known for protecting your contact form against spam. But this plugin also adds another security to your login page. It will look like this:
It is a very ingenious technique by Google. Which ensures that evil bots are recognized and can’t access your website. Bots are programs which login hundreds of times in a row with different passwords.
BUT IT CAN BE EVEN MORE SECURE!
Not only your website can be hacked, but when hackers gain access to your hosting environment, they can do a lot of damage to your website.
Also the hosting environment can be protected with two factor authentication!
NOTE: this is not yet possible with every hosting party. I have a subscription with Siteground and there is has become possible recently. I expect that more hosting parties will be following soon.
You will have triple security when integrating above security measures in your website!
But again; a one hundred percent guarantee to prevent a break in is not possible.
There are more plugins which offer two factor authentication in WordPress. One of them is Rublon plugin, which you can easily install and activate.
After adjusting the settings, the plugin is ready for use. You can get a verification code through the Rublon app (on your smartphone) or through sms.
Rublon also offers the option that for example the admin has to login with two factor authentication, but subscribers don’t.
Subscribers already have limited access to the website and perhaps you might find it unnecessary that they also need to login with two factor authentication.
I can see how it is not very user friendly if you first have to login with your username and password, and then fill in a code which you receive on your phone.
But the reality is that hackers keep coming up with more ingenious resources to break into your website.
So it is absolutely necessary to secure your website!
Two factor authentication is a great way to do this. The chance that others will gain access to your website will become a lot smaller.