The password is the main and primary standard of security implementation in the world of the computer and internet. But, they can be guessed, intercepted or hacked and that is a major downside. So to overcome that weakness, all the webmasters have a great option that is two-factor authentication.
Unlike a password, this two-factor authentication is a two-step process, which asks for two of the three possible factors: things you have, things you are and things that you know that prove your identity.
Right now the implementations of the two-factor authentication use the something that you know such as password and something that you have such as email account, mobile phone, hardware token, etc.
Whether you know it or not but WordPress now do offer two-factor authentication through free plugins that offer many different ways to two factors. In this article, I will show you how to add two-factor authentication in WordPress.
Introduction to Two-Factor Authentication
As the name suggests, the two-factor authentication is a process. It requires two sets of authentication just before you are logged into your WordPress site. There are tons of big name sites right now make use of two-factor in one way or another. The big names are Google, Twitter, Facebook and even Amazon use it as well.
Why Do We Need It?
The two-factor authentication includes another layer of security to your site. In the world of digital marketing where hacking has become commonplace, it is essential to add two-factor authentication to your site. In short, you need it just because all you require is to protect the personal information of your and your site from those people out there.
Brute force attacks happen continuously using the automated scripts. This way hackers try to guess the username and password to break into your WordPress site. Once they hack your site, they can infect it with malware. This is the reason that two-factor authentication becomes more essential.
We are using here two ways to setup this two-factor authentication in WordPress so that you can secure your site with this easy free to use plugins:
- SMS Verification: This way you will receive a verification code through text message.
- Google Authenticator App: With this, you will receive the verification code in the app.
Let see how you can easily add two-factor verification to your WordPress website.
How to Add Two-Factor Authentication to WordPress Site
To add two-authentication to your WordPress site you need to install Two Factor and Two Factor SMS plugins. You can do this by only visiting WordPress Admin Area and look for both these plugins and install and activate them.
First, we are going to see the SMS verification to your WordPress site login page. Here we go.
1. Two-Factor Authentication with SMS Verification on WordPress Site
To start and enjoy this SMS Verification authentication you will require to have Twilio account. Whether you know it knows, Twilio is an online service, which offers phone, SMS services and voice messaging to use it with your application. If you don’t have Twilio account yet follow the given below steps.
#Step 1: Visit Twilio website and to create your free account click on Sign up from the top upper corner.
#Step 2: Here, on the signup page, you will be asked for regular information. And once you fill up all the information you will be requested for the three more options like which product do you plan to use first? Here you need to choose SMS.
In What are you building? Select Two Factor Authentication, and in Choose your language selects PHP.
#Step 3: Enter your Phone number for verification.
#Step 4: You will receive a code via SMS sent by Twilio. Enter the code in the next step and you will redirect to the Twilio App dashboard.
#Step 5: At the very first Screen of Twilio Dashboard, select an option “Get a Number” under in order to processed with the Two-Factors Authentication For WordPress.
#Step 6: Select the number and suggested by Twilio. Or you can search for a different number. Copy the selected Phone number and paste in a text file on your local computer.
#Step 7: Now, go to Settings → Geo Permissions page in Twilio. Here you require to choose the countries there you will be sending SMS. As you are using the service of receiving SMS by yourself, you need to select your country in which you are living and countries you travel to.
#Step 8: Once you are done with the Geo Permissions. Visit Twilio Console Dashboard and navigate to Show API Credentials. From here copy your Account SID and Auth Token. Paste them the text file of your local computer and save these details for later use. All this information you will need to use them for your User profile page.
#Step 1: Once you activate Two Factor plugin go to Users → Your Profile page and scroll down to the section of Two Factor Options.
#Step 2: On that page look, the SMS (Twilio) along with Check Box and Radio Button check them both to make it your primary verification method.
#Step 3: Then scroll down to the Twilio section, here you will need to provide your Twilio account information that you have already collected.
#Step 4: On this Page Paste you Twilio Account SID, Auth Token, and the Twilio Phone Number. Add your phone number in the section of Receiver Phone Number on which you want to receive SMS.
Then click on Update Profile button to save all the settings.
#Step 5: Now, log out from your WordPress dashboard this is how you are going to know that the plugin is working or not.
#Step 6: Now, again on the login screen enter your WordPress username and password. You will then quickly receive a verification code via receiving the SMS notification on your phone.
#Step 7: On the login screen, you will be asked to enter the verification code that you have received on your phone. Enter the code received in the SMS, and now you can access admin panel of your WordPress site.
2. Two-Factor Authentication with Google Authenticator
This is a fallback option, and to set up Two-Factor Authentication along with Google Authenticator. The SMS verification is the primary method for the Two-Factor Authentication. However, in any case, if you don’t get SMS, then you can take advantage of Google Authenticator app on your cell phone.
But before you start following the steps to setup two-factor authenticator using Google Authenticator app. First, you need to install Google Authenticator app on your cell phone. To install it look the below steps:
If you are an Android user, then go to Play store and look for the Google Authenticator app and install it. And if you are an iOS user then go to App Store and search for the Google Authenticator app and install it on your iPhone/iPad.
Now, to take advantage of Google Authenticator App for Two-Factor Authentication in WordPress, follow the given below steps.
#Step 1: First off, go to User → Your Profile page and scroll down until you find two-factor options section.
#Step 2: Here, click a check box to enable the Time-Based One-Time Password (Google Authentication). You will even find one link below this option that says View Options click on that to start Google Authenticator setup.
#Step 3: Once you hit that link, you will then present with the QR code which you need to scan along with the Google Authenticator app on your smartphone.
#Step 4: Open Google Authenticator App on your Smartphone and Begin Setup.
#Step 5: Select Scan Barcode option to Scan the QR Code appears at Your Profile page.
#Step 6: Once the Scanning is done the app will detect and add your WordPress website. This will generate six-digit code on the screen. Enter this code in the plugin’s settings page, and this is it.
Then just click on the Update Profile.
#Step 7: Now, again log out from your WordPress dashboard. And again enter your WordPress username and password access admin panel. This will ask you to enter the verification code.
#Step 8: Enter the Shown in the Google Authenticator App to complete the TFA in WordPress Login.
This is it!!!!
This is how you can integrate two-factor authentication on your website.
Integrating two-factor authentication in WordPress is an essential thing in the world of hackers because this is one of the best ways you can secure your WordPress site. And even you can protect your site from the brute-force attacks and even password theft. You can even combine it with other security measures to enjoy extra peace of mind.