Do you worry about the security of your WordPress blog? Do you wish there was a way in which you could dramatically increase the integrity of user logins? Today I am going to explore some great options, by showing you how to enable duo two-factor authentication on your blog.
Duo two-factor authentication is not as complicated as it may sound. Nor is it as difficult as you may think, to integrate into your blog. Thanks to a couple of WordPress plugins, you’ll be able to juice of the security of your blog in as little as 5 minutes.
What is Two-Factor Authentication?
Have you ever come across a Web service that required you to “verify” your account before using it either via phone or SMS? Well, this is considered duo two-factor because it requires a second method of authentication.
If you choose to verify by phone, usually a pin is displayed on the Web page and then you’ll need to enter that pin into your phone – once you receive the verification phone call. SMS verification works a little differently. Instead of receiving a phone call, you’ll get an SMS message with a pin that you’ll have to enter on the Web page.
Both of these methods are obviously more secure than a single login because only you will have the phone used to receive the call or SMS message.
Additionally, there’s a newer method now that makes use of smartphone applications on iOS and Android devices. If you use Google’s Authenticator application, you’ll know what I mean. The app actually generates a one-time passcode and that passcode will refresh every 10 seconds or so. You’ll then need to enter that passcode for authentication.
Also let’s not forget about PayPal’s security key, which I happen to use myself. It works much like Google’s Authenticator, except it create a code on a credit card sized portable “key.” Again, it helps to make your account more secure and will stop hackers dead in their tracks.
I think you get the point: there are numerous ways that you can protect both your blog and your users. So let’s take a quick look at two WordPress plugins that help you to enable duo two-factor authentication.
This WordPress plugin adds five different methods of two-factor authentication to your blog:
- Telephone callback
- SMS passcode
- Mobile app passcode via generator
- Mobile app passcode via push authentication
- Hardware token
You’ll need to sign up for an account at Duo Security and then add your Integration Key and Secret Key to your blog to complete the setup. The next time you or a user logs back into your blog, you’ll be prompted to authenticate yourself with duo two-factor.
Duo Security is only free for up to 10 users. If you have up to 500 users, it’s $3/user/month. For anything over 500 users, you’ll have to get a quote.
Since some of your users might find this added authentication process annoying or inconvenient, you should reassure them that it’s for their own good.
This WordPress plugin is a little different in that it lets you pick and choose which content to protect via two-factor authentication. So the main use of it is to restrict specific posts or pages from any type of user – whether logged in or not.
It only uses SMS verification, which will be a problem for those that don’t own a mobile phone. However, you can manually verify users from the admin panel in your blog.
Sadly WP SMS Verification is not free; the cost is $14 for a regular license or $70 for an extended license.
Yes, your beloved ManageWP has this great security feature as well! If you want to secure your login to ManageWP so that you need to input a verification code, be sure to enable this in settings. You can get the passcode sent to you by email or on your mobile phone.
If you have a lot of issues with spammers, have sensitive data to protect or just want to make your users feel secure, enabling duo two-factor authentication for your blog is a great choice. It’s pretty simple to add to your blog and you have nothing to lose – besides spammers and hackers.
Do you use duo two-factor authentication on your blog?