Today, protecting an entire website with a single password is becoming a thing of the past. As passwords can be bought, stolen, and guessed by hackers, companies no longer want to leave themselves vulnerable to attack based on one set of alphanumeric characters.
That’s where two-factor authentication, or 2FA, comes into play.
“Two-factor” implies there will be an extra step required at login besides one username and password. And while some may cringe at adding an extra step for every login, the alternative is much worse: getting hacked.
While two-factor authentication is important to use in many instances online, if you’re a WordPress developer, it’s even more critical to consider adding 2FA. That’s because WordPress is the most popular web design software online out there, making it also the most targeted by hackers, according to the hosting firm, Kinsta.
Another aspect of WordPress that can make it more of a security concern: the ease of use of the software means beginners are often in charge, and are more likely to inadvertently leave open back doors that could be breached. A common risk is installing insecure plugins without realizing they’re causing the site to become more vulnerable to attack.
Is Two-Factor Authentication Foolproof?
While two-factor authentication provides a strong added layer of protection to thwart most hacking attempts, as TechRepublic points out, there’s still one security hole where hackers find success getting around 2FA: social engineering.
Social engineering is when hackers essentially hack people, attempting to gain someone’s trust to get them to turn over login information.
For example, two-factor authentication can’t stop a hacker from simply calling a support line and pretending to be a customer to get their password. Hackers can bypass every security layer in the book by simply gaining a human’s trust.
Support techs should make sure that they are always working with valid clients before sharing sensitive info. And often, the most effective way to do this is through 2FA.
Activating Two-Factor Authentication
Many popular sites already offer two-factor authentication, such as Google, Apple, Facebook, and most banking sites. When it comes to using 2FA on your own website, it helps if you’re using WordPress. That’s because there are lots of options for adding a new layer of protection to a WordPress installation.
A popular solution offering 2FA for WordPress is Google Authenticator, as it’s free and universally available. Google Authenticator has a 4.5 out of 5 star rating, and is used by tens of thousands of people.
Setting Up Google Authenticator
- To set up Google Authenticator on your WordPress website, the first step is to download the plugin from the official WordPress site.
- After you install the plugin and enable two-factor authentication for a website, you can view any user’s account and you’ll see the new option to activate 2FA under Google Authenticator Settings. Simply click the box to activate, then create a secret key (another option is to show a QR code to scan).
- You will then need to install the Google Authenticator app for mobile. Here are the links for adding the Google Authenticator app, depending on your config:
- With the app open, you’ll see a + symbol to add a new site. Click that and you’ll then have a couple of options: view and scan the QR code in the WordPress dashboard or enter the information manually.
- After you have set up the Google Authenticator app and activated 2FA on your site, you’ll see a new field appear on your WordPress login page. To log into WordPress from now on, you’ll need to confirm your identity through your phone’s Google Authenticator app.
- Congrats! You have now protected your WordPress site with an extra layer of security using two-factor authentication.
If you need assistance securing your website or adding two-factor authentication, contact the web development experts here at Hall.