How To Add Two-Factor Authentication In WordPress?
The most popular website building platform, i.e., WordPress has been found out wanting.
As per the study WP White Security, more than 70% of WordPress installations in the top 1 million websites have been found vulnerable to hacker attacks.
Now, the question is what could be one of the ways to prevent these security threats? The answer is two-factor authentication.
“There are two types of companies: those who have been hacked, and those that will be.”
— Robert Mueller
What Is Two-Factor Authentication?
Two-Factor Authentication is an additional security measure which is taken to enhance the security of your website. It comprises of two authentication stages:
- The Account Password
- A Dynamically Generated One-Time Password (OTP)
You must have seen that nowadays Google gives you the option of enabling two-factor authentication. When you do that, you will be asked to sign in using a password.
Once you enter the password, Google will send an OTP on your registered mobile number. After entering that code, you can get access to the account.
However, as per the survey conducted by The Verge in Jan 2018, 90% of Gmail users have still not opted for the two-factor authentication. Now, if the Gmail users are not adopting the two-factor authentication, then you can imagine that what is the situation of the website will be
Benefits Of Two-Factor Authentication
- Improved security
- Increased productivity & flexibility
- Reduction in fraud cases
- Reduction in data theft
- Reduction in operational cost
WordPress Plugins For Two-Factor Authentication
After reading the benefits of two-factor authentication, you all would be tempted to implement this thing on your WordPress website. Now, to do that in reality, you need to opt for WordPress Two-Factor Authentication Plugin.
Here’s the list of top two-factor authentication plugins:
- Shield WordPress Security
- Google Two-Factor Authentication By Miniorange
- Duo Two-Factor Authentication
- Jetpack Two-Factor Authentication
- Wordfence Two-Factor Authentication
Out of these plugins, you can opt for anyone. However, in this blog, we’re going to provide with a step-by-step guide to add two-factor authentication in WordPress with the help of Duo Two-Factor Authentication plugin. So, let’s get the things underway.
Before going into the details of How To Add Two-Factor Authentication In WordPress, you need to know the prerequisite of it. Here’s the list of requirement you need to satisfy:
- A mobile phone or tablet.
- An active number with internet access.
- A Duo Security Account
1. Setting Up Duo Account
The very first step for adding a two-factor authentication in WordPress is to set up a Duo Security account. For that purpose, navigate to Duo WebSite as shown in the screenshot.
Now, click on the “Free Trial” button which will redirect you to a whole new window as shown in the screenshot below.
Here, you will be asked to fill all the personal details including your name, surname, email id, and mobile number. So, fill all the appropriate information as shown in the screenshot below.
Once you’ve filled all the details, click on ‘Create My Account’ button which will redirect to the whole new page as shown in the screenshot below.
Here, you will be asked to create a password for your account. So, fill the appropriate details and click on the “Continue” button which will redirect to the next page as shown in the screenshot.
Here, you will be asked to activate the Duo Mobile where if you have an Android or iOS phone, you should download the “Duo Mobile” app from the play store or app store. Now, you can use your phone to confirm your identity.
However, if you don’t have an Android or iOS phone, then you can click on “Skip this step” which will redirect you to the new page as shown in the screenshot below.
Here, you will be asked to verify your identity through your mobile number which you’ve entered in the earlier step.
There are two options which you can follow for the verification code – Text or Call. Click on whichever method you prefer and enter the code.
After entering the code, click on the “Finish” button which will redirect to a new page where you will again be asked to prove your identity through OTP.
After completing that process, you will be redirected to the Duo Security Admin Panel as shown in the screenshot below, which means you’ve successfully set up the account.
2. Configuring Duo Admin Panel
The next step is to set the Duo Admin Panel for protecting the WordPress website. For that purpose, search WordPress in Protect Your Application search box as shown in the screenshot below.
Now, click on the “Protect this Application” link next to the WordPress option which will redirect you the next page as shown in the screenshot below.
Here, copy the Integration Key, Secret Key and API Hostname and save it in a document which you can use later on.
If you’ve any problem in setting up the Duo Admin Panel, then you should Hire WordPress Developer. He/She should be able to guide with you with his/her years of experience & knowledge.
3. Connecting Duo Security To WordPress Website
To connect the Duo Security with your WordPress website, firstly you need to install the Duo Two-Factor Authentication plugin to your WordPress website.
For that purpose, login into your WordPress Admin Panel and then navigate to Dashboard >> Plugin >> Add New as shown in the screenshot below.
Now, search for the ‘Duo’ in the search box which will redirect you the new window as shown in the screenshot below.
The next thing you need to do is to install & activate the plugin. For that purpose, click on the “Install Now” button next to Duo Two-Factor Authentication plugin which will redirect you to the new window as shown in the screenshot below.
Now, click on the “Activate” button which will complete the activation process of the plugin. After activating the plugin, navigate to the settings of Duo Two-Factor Authentication plugin as shown in the screenshot below.
Here, you will be asked to enter the value of Integration Key, Secret Key & API Hostname. So, copy that details from your Duo Security Admin Panel and then, paste that values here as shown in the screenshot below.
Click on the “Save Changes” button which will establish the connection between Duo Security and your WordPress website which means that you’ve enabled the two-factor authentication on your WordPress website.
4. Add Authentication Method For Each WordPress User
Now, once you click on the “Save Changes” button, it will redirect you to a whole new window as shown in the screenshot below.
Now, to protect your WordPress website, you need to click on “Start setup” button which will redirect you to a whole new window as shown in the screenshot below.
Here, you will be asked to choose the type of device you want to add for the two-factor authentication purpose. There are 4 types of option for attaching the device: Mobile Phone, Tablet, Landline & Security Key.
However, you should opt for Mobile Phone if possible. So, we’re going with the recommendation, i.e., Mobile Phone. Now, click on the “Continue” which will redirect you to the whole new window as shown in the screenshot below.
Here, you will be asked to enter your phone number. Enter the phone number which you’ve previously given at the time of registration and click on the “Continue” button.
Here, you will be asked to choose the type of phone, i.e., iPhone, Android, Windows Phone or Other. So, select the appropriate device and click on the “Continue” button. If you’re iPhone or Android user, you will be asked to download the Duo Mobile app from Play Store or App Store.
However, we’ve got a simple cell phone, and that’s why we’re opting for the other option. You can choose any of the options as per your requirements.
Now, you have added your device for the two-factor authentication purpose. Here, you will be asked to choose an authentication method for the Login process.
You can either opt for “Automatically call this device” option or “Ask me to choose an authentication method” option as per your need. We’re opting for the second option.
Click on “Continue to Login” button which will redirect you to the whole new window as shown in the screenshot below.
Here, you will be asked to choose an authentication method. So, pick whichever way you prefer and enter the passcode will which redirect you to Duo Security settings page in your WordPress Admin which means that you’ve successfully added two-factor authentication for your WordPress website.
Nowadays when security is the biggest concern for any Custom WordPress Development company around the globe, enabling the Two-Factor Authentication for your website can be a great option.
Taking this factor into consideration, here we have tried to provide you with a step-by-step guide on how to add the two-factor authentication in WordPress which will solve all your problems.
What do you think about two-factor authentication? Do let us know your views in our comment section. We will try to respond to each of your comments. Thank You.!
Disclaimer: We at eSparkBiz Technologies have created this blog with all the consideration and utmost care. We always strive for excellence in each of our blog posts and for that purpose, we ensure that all the information written in the blog is complete, correct, comprehensible, accurate and up-to-date. However, we can’t always guarantee that the information written in the blog correct, accurate or up-to-date. Therefore, we always advise our valuable readers not to take any kind of decisions based on the information as well as the views shared by our authors. The readers should always conduct an in-depth research before making the final decision. In addition to these, all the logos, 3rd part trademarks and screenshots of websites & mobile apps are the property of the individual owners. We’re not associated with any of them.