Two-factor authentication in WordPress is becoming increasingly popular as website owners look for more ways to secure their sites against unwanted infiltration. There are several really good ways that you can get WordPress 2FA in place.
Today, I am going to show you how to do it using a smooth plugin.
There are several other really great ways to keep your website secure, but 2-factor authentication for WordPress is definitely one that is gaining steam. Seems like every site should have this set up at some point, so let’s look at how you can easily get it into place on your website.
What is Two-Factor Authentication?
Simply put, 2FA is an extra layer of security that is used to make sure that anyone trying to gain access to online accounts is actually who they claim. It works in conjunction with smartphones, and a user has to verify at least one trusted phone number to enroll in 2FA.
Apple iOS, Google Android, and Windows 10 all have apps that support 2FA. This means that it enables the phone itself to serve as the physical device to satisfy the authentication portion. It works by asking users to enter a six-digit number.
Right after a user enters a name and a password, they will immediately be asked for another piece of information to verify that they are who they say they are. The second factor could be any of the following:
- PIN Number
- Secret Questions
- Something You Have (credit card, smartphone, hardware token)
- Finger Print
- Iris Scan
- Voice Print
The last three are more advanced but can be set up when needed.
I am going to show you how you can easily add two-factor authentication to WordPress and help keep your site safe from potential hackers.
Let’s take a look at the plugin we are going to use today and see all that it has to offer.
2FAS Light – Google Authenticator
2FAS Light – Google Authenticator is a smooth, simple to use, easy to set up plugin that allows you to add WordPress two-factor authentication to your site. It works by having users employ the Google Authenticator mobile app to confirm their identity.
This is actually a free 2FA for WordPress and also works with other mobile apps that generate tokens including Microsoft Authenticator, Authy, Free OTP, 2STP, OTP Auth. All-in-all, you will be hard-pressed to find a better two-factor solution for WordPress that is as powerful as this one and also free to use.
Another great thing about this plugin is that you will not need to register or create any third-party accounts. The only thing we need to do is get the plugin installed, activated, and set up for use. From that point, you are good-to-go.
The 2FAS Light plugin does not communicate with any external sites. All data needed to make the plugin work properly are stored in the WordPress database.
As stated above, the 2FAS Light plugin is free for all WordPress users. The moment you get the plugin activated and set up, you immediately protect your site from:
- Brute-Force Attacks
- WordPress Takeovers
- Phishing and Keylogger Attacks
Let’s get the plugin set up and running together so that you can start to protect your site.
Set Up Two-Factor Authentication in WordPress
Step 1: Install and Activate the Plugin
Before you can use WordPress two-factor authentication, you first need to install and activate the 2FAS Light plugin. You can do this by heading over to the Plugins page in the WordPress admin dashboard.
Just use the available search field on the page and search the plugin by name. Once you see it pop up, install and activate it right from there.
Step 2: Go to the 2FAS Light Setup Page
Now that the plugin has been installed and activated, you need to head over to the main setup page. To do this, click on the “2FAS Light” link tab that is located on the left side menu area of the dashboard.
You can see that this option has appeared because you activated the plugin. This will take you directly to the main configuration page. From here, you can configure the plugin and get it running properly on your site.
Step 3: Download Appropriate App to Your Smartphone
Download the appropriate app for your smartphone. You are free to pick which one you want, but the Google Authenticator app or the 2FAS Authenticator app are the most recommended. They are both easy to use and easy to scan with.
Step 4: Scan QR Code
Now that you have downloaded the app of choice, go ahead a scan the QR Code that is given. Just click on the “Show QR Code” button and scan the box that displays. You will use the app to scan the code.
Note: You can also enter your private key manually if you chose to do so.
Step 5: Enter the 6-Digit Token
Once you scan the QR Code box from the previous step, you will be given a 6-figure token. Go ahead and copy and paste that token into the provided box and then click on the “Add Device” button.
That’s it! You will now get a confirmation showing you that 2FA has been configured and enabled for your device and you are all set.
You can add more trusted devices if you need them. At this point, two-factor authentication in WordPress is set up and running. From here, when someone tries to log in to the site, the extra 2FA authentication step will be added.
Note: If you choose to uninstall or disable 2FA, then that extra step will just disappear upon login. You will need to go through the setup process again to enable it.
Are Password Alone Still Good Enough?
That is a good question, and it will depend on who you ask. In my opinion, it is never a bad idea to use WordPress two-factor authentication. It adds an extra layer of security and is not difficult to configure.
That being said, there are also so many other ways to secure a site that many people may not be as attracted to using 2FA. It can also be hard for some people to use, as not everyone may understand the concept behind it. This leads to site lockouts when they are not necessary. So, are passwords enough? Maybe, it depends on your password and password manager.
This is going to be more of an opinion than anything else.
Setting up two-factor authentication in WordPress is actually not a difficult task at all. You simply need to know the tool to use and how to use it. The 2FAS Light plugin makes the task easy and fast, so if you are looking for an extra layer of security, then this is a great way to go.
I hope this tutorial was able to show you how easy it really is to add an extra layer of security to your site with 2FA. Simply use the plugin above and follow the steps even and you will be good-to-go.
What other tools have you used to get two-factor authentication working on your site? Have you found that using this is more of a hassle?