How to Get Two Factor Authentication for Your WordPress Blog

An Authy verification code on a smartphone.

The idea of getting hacked and having my blog’s data compromised or destroyed is pretty heart-wrenching. I’m sure you feel the same way — that sinking feeling is one that I want to avoid desperately.

With that in mind we all appreciate the value of good online security. Hopefully you subscribe to the fundamental “rules” of online security by creating complicated passwords and not using the same password across multiple accounts. Unfortunately, under such circumstances you are still potentially vulnerable to attack.

However, with two factor authentication you can take a massive step up in terms of protecting yourself. In this post I want to explain what two factor authentication is and explain how you can set it up for your WordPress blog in just a few minutes.

What is Two Factor Authentication?

Picture how you might typically login to an account online — you enter a user name and a password and you’re in. The problem with this system is that if anyone else knows (or can figure out) your user name and password they can essentially “be you” in terms of that account. That in a sense is a problem with operating in the online world — generally speaking you can’t put a face to a name.

That’s where two factor authentication comes in. One extra step is added to the login process that makes a world of difference in terms of security. First you have to enter your username and password, but you must then also enter a unique code that is sent to your cellphone as a natural response to your login attempt. This has a clear benefit: someone can only login to your account if they have your username and password and access to your cellphone.

How to get Two Factor Authentication for Your WordPress Blog

The benefits of two factor authentication should be crystal clear; if you’re security conscious then it is probably something you should consider carefully. But how easy is it to get two factor authentication setup on your WordPress blog?

The answer is “very easy” and also free by using the Authy Two Factor Authentication plugin. If you want to know how easy it is to get up and running with this plugin just check out this short video:

Authy is free to use up to 1,000 users and 500 login attempts. So on average you can login more than sixteen times per day and not pay a penny for the huge increase in security. And if your site does ever get so big that you have a number of users and multiple login attempts, Authy is equipped to handle the increase in volume with payment plans starting at $49 per month.

To be honest I was pretty blown away by Authy’s ease of use. Sure — it is a hassle to have that extra line of security between you and successful login, but ultimately your decision should be based upon the importance of security.

Two Factor Authentication with ManageWP

If you’re a regular ManageWP reader then you’ll know that we’re not ones to toot our own horns (well, not much anyway ;-)) but it would be remiss of me not to mention that our service (even the basic package) comes complete with the option of two factor authentication built-in. We recognise the importance of security so it seemed a no-brainer to us to include this option within the ManageWP package.

Two factor authentication is a fantastic option for any security-conscious blogger and I would advise that you consider it carefully even if you’re not that bothered about security. The unfortunate statistical truth is that if you are not particularly concerned about security you are far more likely to suffer a potentially fatal breach — far better to think ahead and be prepared then react to the worst happening.

Download Authy from WordPress.org here.

Tom Ewer

Tom Ewer is the founder of WordCandy.co. He has been a huge fan of WordPress since he first laid eyes on it, and has been writing educational and informative content for WordPress users since 2011. When he's not working, you're likely to find him outdoors somewhere – as far away from a screen as possible!

5 Comments

  1. Shruti

    This is a simple program so a lot of the functions won’t work. This is something you will be using for posts that are all text. There won’t be preview, you can’t add a featured image, photos and video uploads won’t work, can’t embed photos and only “article” posts are available.

  2. McBart

    Hi,

    I think Two factor authentication is a great way to have better security. However the option set of Authy is very basic an limited.

    I tried and very much like Duo Security https://www.duosecurity.com/

    It is pretty need how these people approach two factor.

    The most sleek option is having the app on your smart phone, log in to your WordPress site, push a two factor authentication and watch your smartphone when a notification pop up, it is juts two clicks to confirm and you are logged-in. No typing of log complicated numbers.

    If you don’t have connectivity for your smart phone, there are fallback options.

    1) Authenticate with a six diget code from teh smart phone app
    2) Have a list with code sms-ed to your. (up to ten codes)
    3) Have a call placed to your phone and push a predefined number to authenticate.

    There is also an option to bypass two factor when your laptop is on a trusted network. You can set this by IP or IP range.

    Duo Security is free up to ten users. Above ten it’s $3,- peruser / month
    You can also buy a hard token.

    You can add other accounts to your app like Google and DropBox two factor authentication , it uses the same algorithm.

    So with this feature set Duo Security surpasses Auhty. The only drawback is the ten user limit after which you have to pay. Authy can be more cost efficient if you have a not t big user base.

    1. Tom Ewer

      Author

      That sounds pretty awesome! I’m going to look into it. Thanks!

  3. Phil T

    Thanks for sharing Authy. I’ve not heard of that before.
    What about “Google Authenticator”? Personally I’ve not used it, yet. However I’m about to start (I have several Google accounts already using their 2step authentication).
    Anybody got any views?

    1. Tom Ewer

      Author

      I think Google Authenticator is supposed to be a pretty good solution — I recently remember a trusted blogger saying that they like it. May be worth a try…

Leave a Reply

Your email address will not be published. Required fields are marked *

Over 65,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!

Have questions? Get in touch!

Over 65,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!



Have questions? Get in touch!

Over 65,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!



Have questions? Get in touch!

Over 65,000 WordPress professionals are already using ManageWP

Add as many websites as you want for free, no credit card required. Sign up and start saving time!



Have questions? Get in touch!