A long and complex password isn’t always enough to keep unauthorized users out of WordPress’s admin dashboard. Passwords can be compromised. Brute force attacks, for instance, can reveal passwords by spamming login forms. A hacker may use software to conduct a brute force attack and, thus, gain access to your website’s admin dashboard.
You should still create a strong password. A recent Data Breach Investigations Report found that four-fifths of all hacking-related breaches are caused by either weak passwords or stolen passwords. To lock down your WordPress website, you can use two-step authentication along with a strong password.
What Is Two-Step Authentication?
Also referred to as two-factor authentication, two-step authentication is a cybersecurity feature that enhances a traditional password-protected login with another method of authentication. Entering a password is a method of authentication. It leverages information that only the authorized user or users should know. Two-step authentication enhances password-protected logins with a second, different method of authentication.
The WordPress dashboard, of course, features a password-protected login. Even with two-step authentication, you’ll have to enter a password on the login page to access it. However, you’ll also be required to enter something you possess.
In the field of cybersecurity, a password is considered something you know. Something you possess may be a mobile device or email address. Two-step authentication may require you to scan a quick response (QR) code using your mobile device. After entering a password on the login page, you’ll be presented with a QR code to scan.
Two-step authentication may require you to enter a code. The code may be sent to your email address, or it may be sent to your smartphone as a text message or automated call message. Alternatively, there are two-step authentication smartphone apps that can generate their own codes. A hacker may crack the password to your website, but he or she probably won’t possess your email address or smartphone.
Pros and Cons of Two-Step Authentication
Two-step authentication will add another layer of security to your website. Password-only logins are slowly fading in favor of two-step authentication logins. It will make your website more secure by introducing a second authentication method.
Hackers won’t be able to log in to the otherwise sensitive admin dashboard by only entering your website’s password. Instead, they’ll need to know the password, and they’ll need to possess something you own, such as your smartphone.
On the other hand, two-step authentication can be a nuisance at times. You may have to wait several minutes or longer to receive a code. The code, in fact, may fail you to reach you altogether, meaning you’ll be locked out of your website.
Depending on how the two-factor authentication is set up, you may need your smartphone to log in to your website. If you arrive at the office, only to realize that you left your smartphone at home, you could be locked out of your website. Most forms of two-factor authentication work in conjunction with a smartphone. Therefore, you’ll need to keep your smartphone nearby if you plan on using it to lock down your website.
Two-Step Authentication With Hosted WordPress (WordPress.com)
Hosted WordPress comes with two-step authentication as a native feature. If your website runs hosted WordPress, you can enable two-step authentication by clicking the profile icon in your account and selecting “Security.” You should see several tabs on the next page, including a tab for “Two-Step Authentication.”
Clicking the “Two-Step Authentication” tab, followed by “Get Started” will begin the setup process. You’ll need to enter your phone number and select your country code.
Hosted WordPress’s two-step authentication requires a smartphone app by default. You can use Authy or Google Authenticator. Using one of these two-step authentication smartphone apps, scan the QR code displayed on the setup page. The last step is to print a set of backup codes. Maintaining a physical, printed copy of the backup codes will ensure that you can continue to access your website in the event your smartphone is lost or stolen.
You can also set up two-step authentication using only your phone number. After entering your phone number, select the “Verify via SMS option.” You won’t have to download any smartphone apps, nor will you have to read any QR codes. Rather, you can enable two-step authentication by entering a code that’s sent to your smartphone.
Two-Step Authentication With Self-Hosted WordPress (WordPress.org)
While not available as a native feature, you can use two-step authentication with self-hosted WordPress as well. Self-hosted WordPress is the standalone version of WordPress that requires WordPress Hosting. Hosted WordPress, in comparison, is a more limited version of WordPress that includes hosting.
To experience the true power of WordPress, you should choose the self-hosted version. It doesn’t offer two-step authentication as a native feature, but it still supports this cybersecurity solution via plugins.
There are two-step authentication plugins available for self-hosted WordPress. Two Factor Authentication and Google Authenticator are available as plugins. Other two-step authentication plugins include Two-Factor, Wordfence and WP2FA.
You can typically choose from one of several authentication options. Most two-step authentication plugins support several authentication options, such as scanning a QR code, entering an app-generated code, entering a text message code, or entering an email code. If you prefer a different authentication option, go into the plugin’s settings to change it.
Don’t let your website fall into the hands of a hacker. Lock it down today with two-step authentication. Whether your website runs hosted or self-hosted WordPress, you can improve its security with two-step authentication.