Do you worry about the security of your WordPress blog? Do you wish there was a way in which you could dramatically increase the integrity of user logins? Today I am going to explore some great options, by showing you how to enable duo two-factor authentication on your blog.
Duo two-factor authentication is not as complicated as it may sound. Nor is it as difficult as you may think, to integrate into your blog. Thanks to a couple of WordPress plugins, you’ll be able to juice of the security of your blog in as little as 5 minutes.
What is Two-Factor Authentication?
Have you ever come across a Web service that required you to “verify” your account before using it either via phone or SMS? Well, this is considered duo two-factor because it requires a second method of authentication.
If you choose to verify by phone, usually a pin is displayed on the Web page and then you’ll need to enter that pin into your phone – once you receive the verification phone call. SMS verification works a little differently. Instead of receiving a phone call, you’ll get an SMS message with a pin that you’ll have to enter on the Web page.
Both of these methods are obviously more secure than a single login because only you will have the phone used to receive the call or SMS message.
Additionally, there’s a newer method now that makes use of smartphone applications on iOS and Android devices. If you use Google’s Authenticator application, you’ll know what I mean. The app actually generates a one-time passcode and that passcode will refresh every 10 seconds or so. You’ll then need to enter that passcode for authentication.
Also let’s not forget about PayPal’s security key, which I happen to use myself. It works much like Google’s Authenticator, except it create a code on a credit card sized portable “key.” Again, it helps to make your account more secure and will stop hackers dead in their tracks.
I think you get the point: there are numerous ways that you can protect both your blog and your users. So let’s take a quick look at two WordPress plugins that help you to enable duo two-factor authentication.
Duo Two-Factor Authentication
This WordPress plugin adds five different methods of two-factor authentication to your blog:
- Telephone callback
- SMS passcode
- Mobile app passcode via generator
- Mobile app passcode via push authentication
- Hardware token
You’ll need to sign up for an account at Duo Security and then add your Integration Key and Secret Key to your blog to complete the setup. The next time you or a user logs back into your blog, you’ll be prompted to authenticate yourself with duo two-factor.
Duo Security is only free for up to 10 users. If you have up to 500 users, it’s $3/user/month. For anything over 500 users, you’ll have to get a quote.
Since some of your users might find this added authentication process annoying or inconvenient, you should reassure them that it’s for their own good.
WP SMS Verification
This WordPress plugin is a little different in that it lets you pick and choose which content to protect via two-factor authentication. So the main use of it is to restrict specific posts or pages from any type of user – whether logged in or not.
It only uses SMS verification, which will be a problem for those that don’t own a mobile phone. However, you can manually verify users from the admin panel in your blog.
Sadly WP SMS Verification is not free; the cost is $14 for a regular license or $70 for an extended license.
Bonus: ManageWP
Yes, your beloved ManageWP has this great security feature as well! If you want to secure your login to ManageWP so that you need to input a verification code, be sure to enable this in settings. You can get the passcode sent to you by email or on your mobile phone.
Final Thoughts
If you have a lot of issues with spammers, have sensitive data to protect or just want to make your users feel secure, enabling duo two-factor authentication for your blog is a great choice. It’s pretty simple to add to your blog and you have nothing to lose – besides spammers and hackers.
Do you use duo two-factor authentication on your blog?
George
Hi,
am trying to use Clickatell in my WordPress website, and have installed the plugin and also changed the settings in the dashboard using that API.
Now am trying to use it so I need your help.
I have a booking system (DUDA) which I am using and works great, I have also integrated Paypal so that it redirects the user there.
I want to be able to use Clickatell just before Paypal redirection.
How can I achieve that?
Please let me know.
Thanks,
George
mattsawyers
Duo Security no longer plays nicely with ManageWP. I’m unable to access my websites that have the Duo Security plugin enabled.
Trenton
I use Two-Factor Authentication across a lot of my accounts. I feel a lot more secure when I can telesign into my account. If you have that option available to you use it, it is worth the time and effort to have the confidence that your account won’t get hacked and your sites are not up for grabs. If you opt into 2FA, you will have to “Confirm your phone”. You would receive a text message with a specific code to be entered into the system. If you don’t want to do this every single time, you can designate your smartphone, PC, or tablet as a trusted device and they will allow you to telesign in without the text code. Should an attempt to login from an unrecognized device happen, it would not be allowed.
jimkitz
Looks good. I just activated the ManageWP security. Will activate PayPal security.
Duo is too pricey at $3/user/month. WP SMS can’t sent a message to my phone.
What service does ManageWP use?
ManageWP
ManageWP has built in two-factor verification and uses our partner Clickatell to send SMS messages.
jimkitz
Thank you. It seems that Clickatell should have a WordPress plugin for two-factor verification.
ManageWP
I doubt it. They are SMS provider only, the two-factor solution was custom built by us for our users.
christopher
So what are the chances of you guys sharing the plugin / integration into clickatel? 🙂