Does Your WordPress Site Need Two-Factor Authentication?
Whether it’s at WordCamps or in articles published online, security continues to be one of the hottest topics in the WordPress community. We’re delighted to see the conversation taking place as security should always be in the forefront of any website owner’s mind.
Two-factor authentication has been making its way into security discussions for many years now and you likely already use this in your day to day life – online banking was one of the first areas where two-factor authentication was insisted on, but now it’s so widespread that soon it’s likely to become the norm.
Describing it simply, two-factor authentication adds an additional layer to the log in process, so you aren’t solely relying on a password to access your account. As well as a password, you’ll need to verify your login via another device – usually through a text to your personal phone but sometimes with a phone call or a code sent to your email.
The security benefits are obvious: a hacker can no longer gain access to your account if they manage to obtain your password, as they would also need live access to the device linked to your account. Bearing this in mind, it’s easy to see why two-factor authentication is so attractive to users looking for that extra layer of security…which brings us onto your WordPress site.
Do you need two-factor authentication? You might not need it but we strongly recommend you consider it for all users on all WordPress sites. The main reason we hear for users not implementing two-factor authentication is that they don’t have time to set it up. However, the process only takes a couple of minutes and barely lengthens the login process, infinitely less time than if your site was to be hacked.
The main thing to bear in mind before setting up two-factor authentication is that you won’t be able to make use of shared accounts. As each set of login details will be tied to a specific personal device, it’s no longer feasible for a team to share a single login. This can also work as a positive though, as team members should each have their own login for both security and practical purposes.
What are your options with WordPress? As you might expect, there are many plugins to choose from. There’s a great two-factor authentication guide on WordPress.org that should be recommended reading for all site owners. As part of the guide they recommend some of the most popular 2FA plugins, so this is a great starting point for those looking to add this additional security layer to their log in process: