Two-Factor Authentication for WordPress Sites and Why It’s Important

Reading Time: 4 minutes

wpw-two-factor-authentication

Have you noticed some extra steps you’re taking to log into some of your accounts lately? From a security standpoint, logging into an account is the most vulnerable thing you do online. Therefore, sites are applying additional ways to secure your (and their) safety during logins. Two-step or two-factor authentication (sometimes shortened to 2FA) is becoming increasingly common as a means to make logging in safer.

Why Are Logins “the Weakest Link”?

When you create a new password, it could be intercepted along its way to the site’s servers. Then the next time you log in, as your computer “passes” your login credentials to the remote database to receive and recognize them, there’s another opportunity for your password to be intercepted. Finally, we tend to use passwords we can remember, which can easily be broken by hackers. It’s a bit creepy, no? But adding another factor to identify you ensures others won’t breach your accounts.

What Is Two-Factor Identification?

Okay, let’s make this fun. There are three ways for an account to recognize that you are, in fact, you.

Imagine you’re Ethan Hunt in Mission Impossible and you need access to the safehouse. This requires a 27-character combination of letters, numbers, and symbols; a digital keychain fob that generates a new, 4-digit passcode every 60 seconds; and a DNA sample. What three types of things do you need to be Ethan? You need:

  1. A SECRET (Something You Know) – This is the one we’re most familiar with, and it’s your password. Long before the internet, people used secret passwords to identify themselves as “belonging” to a group or for access to a place or information. (Think: “Open Sesame!” from Ali Baba and the Forty Thieves – which may date as far back as the 8th century!) Fortunately, your typical online account doesn’t require 27 characters. (Plus there are tools to help us remember long and/or complicated passwords!)
  2. A POSSESSION (Something You Have) – In your/Ethan’s case, it’s the digital fob that gives him the (literally!) up to the minute, additional passcode needed. You/Ethan needs to have the fob with him in order to get access. In your typical case, what you have is your phone (and/or possibly your computer) with its apps and access to your email.
  3. A BIOMETRIC (Something You Are) – For this example, your DNA is the biometric, which would unequivocally demonstrate who you are. Other examples of criteria that demonstrate who you are include, fingerprints, facial recognition, iris or retinal scans, palm print, voice, and signature.

Two-factor identification involves using two of these three methods of verifying your identity. When a website uses 2FA, there’s no means by which for it to check your biometrics, so we’ll just be talking about the first two today. But it’s worth mentioning as the third possible factor, as you likely already have a device that can recognize you by your biometrics, such as facial recognition on your iPhone or a fingerprint pad on your laptop. (OMG, you really are Ethan Hunt, aren’t you?!)

What Are the Benefits of Two-Factor Authentication?

As mentioned, though logging into an account may seem like it happens instantaneously, the time it takes for the remote computer to recognize you after you submit your credentials is the least secure of your online activities. With cybersecurity threats on the rise and logins as the weakest point, it makes sense that the WordPress security team has been focused on shoring up that aspect of our sites, among other security measures they are taking.

Your business is your livelihood, and your online presence is essential for success in the marketplace today. It’s imperative to keep the data on your site as secure as possible. Ensuring security for you, your business, and your clients is why we recommend using two-factor authorization for your WordPress site. In fact, we are updating all of our clients’ websites to include two-factor authorization. Using 2FA for your WordPress site minimizes the chances of a security breach.

How Do I Set Up Two-Factor Authentication on WordPress?

Now, if some of your existing online accounts (e.g., email) have moved to two-factor authentication, forcing you to grab your phone for a code sent to you via text or to take action within an app, you may think you’d like to pass. But don’t do it! First, setting up 2FA doesn’t mean performing both steps every time you log in to your site. The options we recommend will only require the second step every thirty days or when you are logging in from a new device. As long are you’re working from your own devices, you’ll only need to perform both steps once a month.

Okay, now that we’ve convinced you to add two-factor authentication on your WordPress site (right?!), you need to know how.

There’s a Plugin (Or a Few) for That.

You may have been thinking: “But I don’t have the tech skills to set up 2FA on my WordPress site!” Not to worry! As with many WordPress functions, there are a variety of free plugins that allow you to set up two-factor authentication without the need for web development expertise!

Two plugins we have used for our clients (who have all been set up with 2FA!) are Wordfence and Duo. If you have never installed a plugin on your own, it’s super easy! However, you should first check out how to install and update your plugins without crashing your site.

Additional WordPress Help

Interested in learning more about managing your WordPress website? The Raney Day Design blog offers a variety of WordPress how-tos, so it’s a great place to look for answers to questions you may have. Even better, the Raney Day Talks Biz Facebook group is where you can pop in and ask us your specific questions, and we and the other group members will be delighted to point you in the right direction!

Leave a Comment