Your WordPress login page is a very tempting and easy target for hackers. In fact, one doesn’t need to be an expert to capture your username and password. There are a lot of tools available on the web that can be used to bypass your admin login.
Securing your WordPress website is essential. You can add a layer of security to your WordPress logins by activating two-factor authentication offered by WordPress or implementing 2FA from a third-party plugin.
Activating 2FA via SMS
Two-factor WordPress authentication via SMS is the easiest and most accessible method. You don’t need any extra hardware or software, and you can activate it even with the oldest phone models. Here’s how to activate 2FA via SMS on WordPress:
- Step 1: Log in to your WordPress Admin using a desktop browser.
- Step 2: From the “Settings” tab, select “Security” on the left-hand side of the screen.
- Step 3: Select “Two-Step Authentication” and click “Get Started.”
- Step 4: Prompting you to register your mobile phone. Enter your country code and phone number without dashes or spaces.
- Step 5: Select “Verify via SMS.”
- Step 6: Wait for a few moments to receive a 7-digit code. Enter this code in the space provided and click “Enable.”
- Step 7: Click “Generate Backup Codes” and print your codes in case your phone goes missing.
Activating 2FA via Authenticator App
WordPress also offers two-step authentication using an authenticator app. To activate 2FA via app, you can follow the steps above. However, in Step 5, select “Verify via App” instead of “Verify via SMS.” Make sure to have Google Authenticator or Authy installed if you want to select this option, then follow the following steps:
- Step 6: Scan the presented QR code using your chosen authenticator app to get a 6-digit verification code.
- Step 7: Enter the code in the space provided and click “Enable.”
- Step 8: Click “Generate Backup Codes” and print your codes.
After you set up two-factor authentication, you’ll get an option to generate back-up codes. Don’t skip this step.
You also need to verify your backup codes. Just enter any of the ten codes in the space provided to verify your codes. Respectively WordPress doesn’t recommend saving your backup codes on your computer in case your device gets hacked. If you lost your codes, you could generate a new set. This will automatically deactivate your previous codes as a security measure.
On your next login, aside from your usual username and password, you will be prompted to enter a code sent to your phone via app or SMS. In the event you want to change your device, you can disable two-factor authentication and link it again to another device.
Activating 2FA with a Plugin
Implementing two-factor WordPress authentication via SMS or authenticator app isn’t the most secure option. Recently on the IT headlines, we’ve been hearing about phishing schemes bypassing 2FA in the YouTube community. Popular YouTubers had their channels stolen and sold in the darknet.
If you want a more secure 2FA deployment method, you can activate 2FA from a plugin. Install your chosen login management or 2FA targeted plugin and follow plugin instructions on how to set up 2FA. The activation process might be different based on the plugin you choose. Below are other possible authentication methods for two-factor WordPress authentication:
- Biometric authentication- fingerprint scan, iris scan, face recognition, voice recognition, palm geometry, and more.
- Physical Key- magnetic cards, flash drives, or small devices providing unique codes.
- GPS- location-based factor utilizing the GPS device on smartphones
Going Beyond 2FA
All 2FA options have their own disadvantages. Lost or stolen Physical keys . Lifted fingerprints, and facial features can be faked using a 3D mask. The most secure method is to add multiple layers of security through multifactor authentication. If you are looking for an excellent login security plugin for your WordPress, try TraitWare’s Login Management Plugin.
TraitWare’s Login Management Plugin provides a passwordless MFA and SSO login system. It delivers adaptable multi-factor solutions from two-factor up to four-factor authentication. TraitWare supports single sign-on, which can help you link your WordPress logins with other enterprise apps.
Leveraging TraitWare’s admin console helps with provisioning as well as de-provisioning. Choose TraitWare for more secure and seamless logins.