WordPress Two-Factor Authentication, or WordPress 2fa in short, is not difficult to enable. It is not a feature that’s available by default, but free and paid plugins are here to help us out.
But before we learn how to quickly add 2fa to our WordPress website, we should check what Two-Factor Authentication is and why it’s so important for the security and safety of our website (and our users!).
What is Two-Factor Authentication (2FA) And Why It’s Important
Any system with Two-Factor Authentication, or 2fa in short, adds another layer to your login, increasing the security of your WordPress website, as even if anyone knows your password, they won’t be able to login without this code.
It can be an SMS to your mobile phone, a unique code you get from an app, an email or something similar, but by requiring this further step, your website’s users are more secure.
This is extremely important for administrators: WordPress is one of the most popular platforms in the world and it is powering 39% of the websites. This means a lot of attacks are targeted towards WordPress.
Hacked websites are something you don’t want to deal with, and there are many ways to prevent your site from getting hacked: Two-Factor Authentication (2fa) plays a crucial role, along with Firewalls, Antivirus and more.
This extra layer of security is also very helpful, as weak passwords are all too common. This does not mean we should have a weak password, but this extra protection can make the difference against password guessing and brute force attacks
What types of 2fa are there?
You can add many different authentication methods, depending: you could use SMS, email, phone calls, one-time codes via an Authenticator App such as Google Authenticator or Authy or even a physical key that gives one-time codes (Yubikey).
Along with that, you often have Backup Codes, which are one-time only codes you can use to login if for some reason the device you get the Two-Step Authentication code on is not available.They’re extremely useful as an extra precaution, as long as you keep them in a safe place, and serve as a backup method to authenticate.
How to Enable in WordPress Two-Factor Authentication
Now that we know what 2fa is and why it’s so important, let’s enable it. While WordPress does not offer this functionality by default, there are several free plugins that do the job perfectly well.
It’s easy to setup, requires no code and you can also choose roles and users with mandatory or optional Two-Step Authentication. As an example, you could only require your admins to setup 2-Factor Authentication.
There are also premium plugins that have a whole security suite along with 2fa, but they bring a lot more features to the mix.
WP 2FA – Two-Factor Authentication for WordPress
WP2FA has more than 6,000 active installs and is developed by WP White Security, makers of WP Audit Log. After the plugin installation a wizard will guide you step-by-step in enabling 2fa on your WordPress website.
- Supports TOTP (code from authenticator apps) and OTP (email codes)
- Supports 2FA backup codes
- Policies for a grace period
Two Factor Authentication
With 20,000+ active installs, Two Factor Authentication is developed by the UpdraftPlus plugin makers and it’s one of the most popular wordpress 2fa plugins.
It supports both TOTP and HOTP protocols.
It does seem to support WordPress multisite.
Some features are behind the premium version of the plugin.
Google Authenticator
With 30,000+ active installs, Google Authenticator is a completely free plugin that adds 2fa to your website. It will add an additional field in your login page, and you can choose whether you want to enable it for everyone or only for certain users.
Conclusion
Security is crucial for any website and WordPress is no different from other systems. Any of those WordPress Two-Factor Authentication plugins are very easy to enable and will offer extra security you need, for free. We cover more Security plugins that have more features too, but in this article we wanted to focus on this one specific important feature.
There is no reason not to enable it, so pick your favorite and let us know which one you chose and what your experience is. If there are any other great plugins, let us know! and follow us for more.
P.S.
we also suggest extending the Two-Step Authentication process to as many logins as possible, to keep them as safe as possible. Authenticator apps are free.
