- With the increase of attacks on WordPress websites, it is imperative that you add an extra layer of security to your WordPress website login page.
- To do this, you need to enable what is called 2-factor authentication (2FA) which is one of the best forms of protection against users using weak passwords, and automated password guessing and brute force attacks.
- This 2FA will provide an extra layer of protection and no one will log in or attempt to log into your website using your credentials without you receiving an alert via your phone right away.
- And they will not be able to log in without supplying the login screen with a specific code that only you have access to.
- It is one of the most popular forms of authentication and large corporations use it extensively to protect their websites.
- If your website is hosted by us, we have already enabled your website to integrate with 2FA and we highly recommend that you take advantage of this opportunity.
How To Set Up 2FA On Your Website
First, choose an authenticator app to use if you do not already have one installed on a cell phone or tablet. There are many available for iOS, Android, and other platforms, including:
- Google Authenticator
- Sophos Mobile Security
- FreeOTP Authenticator
- 1Password (mobile and desktop versions) See: 1Password help
- LastPass Authenticator
- Microsoft Authenticator
- Authy 2-Factor Authentication
- Any other authenticator app that supports Time-based One-Time Passwords (TOTP)
Enabling two-factor authentication:
-
Go to the Login Security page on your website dashboard. If you are not too sure how to go to this section here is a screenshot:
-
Open your authenticator app and add new entry; most apps have a plus sign or a tiny QR code
-
Scan the QR code on the login security page; your authenticator app should then display a six-digit code. If you are accessing a site on a phone or tablet and obviously can’t point the camera at its own screen, you can copy the line of letters and numbers below the QR code, and paste that in an app, using the app’s “manual” setup option
-
In the “Download recovery codes” section, click the Download button. Your recovery codes can be used if you lose your device. Print or save the file, and store it in a safe place. Enter the six-digit code that appears in your authenticator app. This code changes every 30 seconds. If the code expires, you can enter the next code instead
-
Click the Activate button
That’s it! You may want to try logging in to the site in a different browser or in a private or incognito browser window to check for any compatibility issues before logging out. We will also continue to help keep an eye out for any bad guys trying to log into your website. However, kindly be reminded that your account`s security is your responsibility and we will only play a helping role to help secure it. You will need to exercise good management of your username and password and please, be sure to regularly visit this knowledgebase for any updated security tips that we have.