Imagine this — you get a wake-up call from one of your reader, saying your website is hacked. And all the blog posts are replaced by a cat gif. Sound scary, Isn’t it!
Well, having a good username and password is not sufficient these days. You need more. Like the second line of defense. And this where the term 2 Factor Authentication comes in.
So here is how 2FA works, when you log into WordPress, first, you enter your username and password (like you usually do) and then you’ll also have to enter a time-dependent OTP, which you can get either by SMS or from an App.
This way, even if the hacker has access to your login credentials, they will still need that 6 digit code which was sent to your smartphone or trusted device.
Now, there are a couple of WordPress plugins, that works with 2FA. Like — Google authenticator, Authy, Rublon (Email based) etc. However, in this tutorial, we’ll use Authy. Why? Well because it’s has a desktop app and works with both App and SMS.
Use Authy with WordPress
Follow the steps-
#2 Next you need to install Authy’s WordPress plugin. To to that, log in to your WordPress dashboard > Plugins > Add new > search for Authy 2 Factor Authentication and hit install.
#2 Once the plugin is installed, open its settings
#3 Now, unlike the other 2FA plugins. Authy needs a little more configuration. For instance, you’ll have to enter Authy Production API Key . To get this API key, you have to create a new account on their website. And this can little confusing. so follow the steps carefully
3.1 If you go to authy.com/signup, you will be redirected to Twilio’s website (they own Authy now). So this means you have to create a free account on Twilio
Fill up the sign-up form with details like name, email address etc. For other question, you can just select any relevant option, it doesn’t really matter
3.2 Next you’ll have to verify your mobile number
3.3 After the number is verified, you’ll see a welcome page, click on Access Authy dashboard
3.4 Once you are in the Authy dashboard, you have to create a new application. To do that, look at the bottom-left side of Authy dashboard > new application > give any relevant name > create. Here, you’ll find your new API key, copy it to the clipboard.
Also, take a look at the Authy app on your smartphone. You will notice a new account is created. And it has the same name, as the one you created on your desktop. This is what we’ll use in future to generate code for WordPress.
3.5 Now go back to the setting page of Authy plugin and paste that API key there. You can also configure other settings, which are self-explanatory. And once you are done, click on save changes
#4 Next, you have to assign 2FA for each user. To do that, go to your user’s profile and scroll down till you see ‘Authy Two-Factor Authentication’ > click on the box near it which says Enable disable Authy.
#5 Verify your mobile number and save changes. That’s it. Similarly, you can go to the profile of other users on your site and enable 2FA by entering their mobile number. If they don’t have a smartphone, the OTP will be sent in SMS.
Well, this it. Now, if you log out of your WordPress and log in again; you would have to enter the time sensitive code generated from Authy app. If you face any problem, let me know in the comments below or ask in the social media. Whatever you prefer.