Warning: Constant SAVEQUERIES already defined in /var/www/vhosts/davidperezgar.com/httpdocs/wp-config.php on line 41
Two-factor authentication in WordPress easily – Davidperezgar.com
Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /var/www/vhosts/davidperezgar.com/httpdocs/wp-content/plugins/wpautotranslate-pro-mlp/public/class-wpautotranslate-public.php on line 95

Two-factor authentication in WordPress easily

·

·

Two-factor authentication is being implemented in more and more online services such as social networks to improve security and prevent identity theft.

Double authentication to increase security in WordPress

The benefits of using double authentication are multiple:

  • Security layer. It offers a layer of security against possible password attacks. It performs a double authentication, so it verifies the user in a more definitive way.
  • Increases productivity and flexibility. Since it allows users to use corporate applications thanks to the greater security it offers.
  • Reduce fraud and create secure online connections.

Does that mean I’m safe with two-step verification?

No. By definition, no system connected to the network is 100% secure. However, it has reduced the risk of data theft by adding an additional level of security.

Multi-factor authentication is based on user identification based on three principles:

Something I have

Mobile, FIDO Device

Something I know

Password

Something I am

Fingerprint, facial recognition, etc.

Therefore, this layer of security is also highly recommended to use in our websites made in WordPress. Thinking that we manage web networks, web pages with user information and sales in online stores. This recommendation is made by Javier Casares, and that is why I started to secure our logins.

To do this, it is necessary to use this plugin:

It allows you to perform double authentication with the following methods based on Something I Have:

  • Email.
  • Time-based one-time password (TOTP).
  • FIDO U2F security keys.
  • Backup verification codes.

The simplest is email, but it’s tedious, which makes you check email every time you want to log in.

The one I recommend would be the time-based TOTP, and you can use different applications such as:

  • Google Authenticator
  • Microsoft Authenticator
  • LastPass
  • 1Password
microsoft authenticator

Until now I used the Google option, but it also generated me to have to go to the mobile and consult the codes and enter them by hand.

1Password and WordPress 2FA option

This is my option that I have managed to make fast and safe.

Once we have installed the Two Factor plugin, we will have to go to the user’s profile edition to activate the different 2FA options. In this case, I use the second one which is the one-time password.

opciones two factor usuario

The QR serves so that our Password Generator App, can be linked to our website (rest assured that the QR I have on my website is not that… hehe).

If we use 1Password, in addition to the normal password, we can add the one-time password, as seen below in adding more in the password edition.

edicion 1password

Then, we scan the QR code from 1Password:

escaner qr 1password

Once we save the unique password option, we already have the password generator option:

contrasena 1 solo uso

And we are left with a very simple configuration, that I have decided on this system. We log in to the website:

inicio sesion wordpress

And in the next step, 1Password enters this generated password with which it is very easy and fast. You no longer have to go to a different device and you maintain double authentication.

inicio sesion wordpress contrasena 1 solo uso

This system is the one I have implemented from now on. If we think about it, it would also be a triple counting on 1Password even unlocking it using fingerprint.

From now on, you should take it into account especially in online stores, and websites with a lot of traffic. Think if they entered your website in administrator mode, what they could do… how to change the payment method, etc …

What method do you use?


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.