WordPress being popular but security vulnerable platform, it’s important for us to keep our WordPress blog secure. As a blogger, you are obviously strained about your website security. Although, a security strategy is a must for any website. As the website grows, the chances of attacks are also increased. And as I wrote in the previous article, brute force attack is very common.
A Brute Force Attack aims at being the simplest kind of method to gain access to a site. To do so, hacker tries many combinations of usernames and passwords multiple times, until it gets in.
‘Wp-admin’ is common WordPress admin URL that anyone can guess. It is not so difficult for hackers to go through it and insert username and password.
Many bloggers have suggested many security tips. Even, my earlier article was on ‘Use the single sign-on plugin to increase security’.
Single sign on plugin adds an extra layer of security by adding one more input field in the login form.
Two-factor authentication involves securing your website by requiring a password to log in and a code (that you don’t know) sent to your mobile.
Like the single sign on, WordPress provide a number of the two- factor authentication plugins.
In this round-up, we’ll look at some of the top authentication plugins available for WordPress.
1. Google Authenticator:
Google Authenticator is probably the best plugin used for two-step verification in WordPress. A fascinating feature of it that it can work with many providers & accounts.
It uses Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP), for authenticating users. Authenticator provides a six to eight digit one-time password that only valid for 20 seconds. Users need to insert this OTP in addition to their username and passwords.
- Generate verification codes without a data connection
- Automatic setup via QR code
- Integrated barcode scanner
- Option to reorder list of accounts
2. Clockwork SMS
By using SMS, Clockwork SMS plugin offers two-factor authentication. It sends a code to your device. Once you have created an account with Clockwork, you are set. To receive the code, you don’t need to install any app to your mobile. You only need a Clockwork SMS account and some Clockwork credit to use this plugin.
3. Duo security
Duo Security is a cloud-based access security provider that provides two-factor authentication as a service to protect against account takeover and data theft. It consists of the second layer of security in addition to username and password to get in your WordPress accounts. It enables a user to verify their id by using their mobile phone or a hardware token.
- Easy to set up
- No additional complicated software to install.
- Provides One-tap authentication
4. Authy Two Factor Authentication
Authy Two-Factor Authentication protects you from password re-use, phishing and keylogger attacks. It generates dynamic seven digit one-time passcodes on-demand. And the code that it generates is sent via SMS or text-to-speech phone calls. In addition to the code, Authy generates a security token in every 20 seconds.
- Provides powerful security without the hassle of managing it yourself
- Enables user to configure security rules
- Allows user to manage accounts and update phone numbers from any device
5. Rublon Two-Factor Authentication
Rublon, created by a father and son team in Poland provide two-factor authentication. The user needs to install Rublon mobile app.
Rublon is different from traditional plugins. It confirms your identity by asking you to simply clicking on a link or scanning a Rublon Code.
- An easy-to-setup system that will have your new security barrier implemented in less than 10 minutes
- Provides hassle free authentication.
- It is a fully blown two-factor authentication solution
I use Google authenticator on some of my blogs. So let me know which plugin you choose for your blog. You can also make your WordPress more secure by using a .htaccess file.
I hope this article help you to find a best two-factor authenticator plugin for your blog/website.