The Importance of Two-Factor Authentication With WordPress

2FA, better known as ‘Two Factor Authentication’ has been a hot phrase in the tech world for the better half of the decade. We’ve all experienced a single factor authentication anytime we’ve simply logged in with a username and password alone. However, as more online businesses and services look to improve user security when it comes to protecting logins for consumers, 2FA has become a widely accepted security protocol these last 5 years or so. You may not always encounter 2FA (sites like Google and online banks have offered it for longer) but chances are you already have.  iCloud, for example, is one popular service that utilizes 2FA and that I personally use regularly.

Theoretically, 2FA essentially adds an extra layer of authentication to a users standard login procedure with the end goal of verifying your identity and making it more difficult for hackers to access your account(s). There are three basic ways to identify yourself. 2FA requires two out of the following three:  

1. Password
2. One Time Code
3. Finger Print (think Apple’s Touch ID)

By combining your password with just one of these extra factors, attackers can’t access your account EVEN if they have your password from the getgo. For example, in a scenario where you’re prompted to verify your identity with a one-time passcode via your phone’s SMS, a hacker would also have to have possession of your phone; the password alone will not let him move forward thanks to 2FA.  

Now that we’ve briefly touched on the basics of two-factor authentication, let’s shift gears and talk about 2FA with regards to WordPress! As you can now probably better understand, 2FA for WordPress is a must in order to further protect your valuable asset (aka your Wordpress website). At HD, we swear by the Google Authenticator Plugin for WordPress. It is the ‘industry standard’ and most popular when it comes to 2FA plugins for WordPress websites. The Google Authenticator Plugin can be easily installed and gives you two-factor authentication for iPhones, Androids and even Blackberrys (no judgment here). Choosing a premium hosting provider that prioritizes security is important, too. According to a WordPress security infographic via wptemplate, 41% of WordPress sites get hacked because of to their hosting providers’ inadequate security. Yikes! Fear not as our knowledgeable and seasoned staff at HD utilizes the Google Authenticator Plugin and a slew of other vital security protocols as part of HD’s Managed WordPress Hosting package. Check it out today!