These days, every website is a target for malicious attackers – no matter how large or small. And since WordPress is the most widely-used content management system (CMS), sites built with it have an extra bullseye on their backs.
Much of the malicious activity comes from bots. These automated scripts are designed to look for any weaknesses in your website’s setup. That could range from outdated software (WordPress core, themes or plugins) that have known vulnerabilities to brute-force attacks that attempt to log into your site’s dashboard.
It’s reasonable to assume that, every second of the day, a bot is probably trying to compromise your website. Therefore, it makes sense to tighten security in any way we can. Today, we’ll take a look at one effective solution: two-factor authentication (2FA).
What is Two-Factor Authentication?
Every online service we access (banks, social media networks, eCommerce websites) require us to log in with a username and password. This is all fine and good, except that passwords are vulnerable. Using common passwords are too easy to guess. And even complicated ones can still be exposed in a data breach.
Two-factor authentication adds an additional layer to the login process. It requires us to do something extra to verify our our identity. Some common methods of 2FA include:
- Entering a verification code sent via SMS text message or mobile app such as Google Authenticator;
- Clicking a verification link sent via email;
- Answering a security question;
- Verifying an image we selected during account setup;
While this extra step does mean an extra bit of work on our part, the benefits outweigh the inconvenience. This second layer of security means that, even if someone does manage to discover our password, they can’t access anything until they’ve provided the extra verification.
In essence, an attacker would need our account password and one of the following, depending on method: our cellphone; access to our email account; intimate knowledge of how we’d answer a security question, etc.
Adding Two-Factor Authentication to WordPress
There are a number of ways to add 2FA to WordPress and all are fairly easy to implement. If you’re interested in the tools available, you’ll want to check out a previous article I’ve written: How to Add Two-Factor Authentication to WordPress.
Utilizing 2FA is something I’m recommending to all of my clients. However, it’s important to choose a method that works best for your particular situation. For instance, if your phone isn’t always in hand, SMS messages or mobile apps may not be ideal. Perhaps a verification link via email is more convenient.
Regardless, if you’re a current client and interested in setting up two-factor authentication, get in touch! I’ll be glad to help you gain that extra peace of mind through a more secure website.