How to Enable 2 Factor Authentication on WordPress.
Imagine: you receive a call from one of your readers that your site has been hacked. And all the blog posts have been replaced with cat gifs. Sounds scary, doesn’t it!
Well, having a good username and password isn’t enough these days. You need more. As a second line of defense. And this is where the term two-factor authentication comes in.
So, this is how 2FA works: when you log into WordPress, you first enter your username and password (as usual) and then you will also need to enter a time-dependent OTP, which you can receive either via SMS or from the app.
So even if a hacker has access to your credentials, they still need the six-digit code that was sent to your smartphone or trusted device.
There are now several WordPress plugins that work with 2FA. For example: Google Authenticator, Authy, Rublon (email based), etc. However, in this tutorial, we’ll be using Authy. Why? Because it is a desktop application that works with both apps and SMS.
On the subject: Authy v / s Google Authenticator – which is better?
Use Authy with WordPress
Follow the steps-
# 1 Start by downloading the Authy app to your smartphone and verify your mobile number. If you’re new to Authy or 2FA concepts, check out this video tutorial.
# 2 Next, you need to install the Authy WordPress plugin. To do this, go to your WordPress dashboard Plugins Add search for Authy 2 Factor Authentication and click Install.
# 2 After installing the plugin, open its settings
# 3 Now, unlike other 2FA plugins. Authy needs some additional configuration. For example, you will need to enter Authy Production API Key . To get this API key, you need to create a new account on their website. And it can be a little confusing. so follow the instructions carefully
3.1 If you go to authy.com/signup, you will be redirected to the Twilio website (they currently own Authy). This means that you need to create a free Twilio account.
Fill out the registration form, indicating such details as name, email address, etc. For another question, you can simply choose any suitable option, it does not really matter
3.2. Next, you will need to verify your mobile number.
3.3. After confirming the number, you will see the welcome page, click Access Authentication Control Panel .
3.4 Once you go to the Authy dashboard, you will need to create a new application. To do this, look at the bottom left of the Authy dashboard new app give any suitable name create. You will find your new API key here, copy it to your clipboard.
Also take a look at the Authy app on your smartphone. You will notice that a new account is being created. And it has the same name as the one created on the desktop. This is what we will be using in the future to create code for WordPress.
3.5 Now go back to the Authy plugin settings page and paste this API key there. You can also configure other parameters that are self-explanatory. And once you’re done, click Save Changes.
# 4 Then you need to assign 2FA for each user. To do this, go to your user profile and scroll down until you see “Authy Two-Factor Authentication” click on the box next to it that says Enable disable Authy.
# 5 Confirm your mobile number and save the changes. This is it. Likewise, you can go to other users’ profiles on your site and enable 2FA by entering their mobile number. If they don’t have a smartphone, the one-time password will be sent via SMS.
Well this is it. Now if you log out of your WordPress and log in again; you will need to enter the time sensitive code generated by the Authy app. If you run into any issue, let me know in the comments below or ask on social media. What do you prefer.