Important update: After using the Duo Two-Factor Authentication method described below for a few weeks I started experiencing several serious issues with it.
I was unable to get all of those issues resolved so I removed it from my blogs and stopped recommending it.
I now use and recommend the super-secure Google Authenticator plugin.
Original post continues below…
One of the most effective ways to prevent any online account from being hacked is to enable two-factor authentication on it.
In case you’re unfamiliar with how two-factor authentication works, it basically adds an additional layer of security to the login process by sending a special code to your mobile phone that you must enter in order to complete the login process.
Once two-factor authentication has been enabled, if a person doesn’t have access to your phone, he/she won’t be able to log into your account even if they have your username and password. It’s really that simple.
I have already posted instructions for enabling two-factor authentication on several of the most popular online services, and in this post I’m going to explain the easiest way to enable it on your WordPress blog(s).
As of today, standard WordPress installations do not have a built-in option for enabling two-factor authentication, but an awesome service called Duo Two-Factor Authentication makes it very easy to add it to your blog(s) by opening a free account, then installing their plug-in and mobile app.
The Duo Two-Factor Authentication service is absolutely free for personal use (defined by the folks at Duo as 10 users or less) for those who plan to log in using the free mobile app instead of SMS text messages. Organizations with 11 or more users can also use the service for a low monthly fee.
Installing and using Duo to protect your WordPress blog is easy, and it only take about five minutes. Here’s how:
1 – Visit www.duosecurity.com and sign up for a free account.
2 – Log in to your Duo account and create a new Integration for your WordPress blog. Once you have created a new Integration, you will be provided with an Integration Key, a Secret Key and an API Hostname. You will need to copy and paste these items into the Duo plugin on your blog in step 5 below so I recommend leaving this page open for now.
3 – Open a new browser window and log into your WordPress Dashboard, then click Plugins>Add New.
4 – Search for Duo Two-Factor Authentication and the Duo plugin should come right up in the search results. Install and activate the plugin.
5 – Click Plugins, then scroll down until you see Duo Two-Factor Authentication. Click Settings, then copy and paste the Integration Key, Secret Key and API Hostname that you created in step 2 above into the boxes provided.
6 – If you have an Android Phone, search for the Duo Mobile app in the Google Play Store. Install the app and follow the instructions for adding your blog to the app. If you have an iPhone, you’ll find the Duo Mobile app in iTunes.
That’s all there is to getting Two-Factor Authentication up and running on your WordPress blog. Once activated, no one will be able to log in to your blog’s WordPress Dashboard without having physical access to your smart phone!
Like this post? If so, I hope you’ll consider sharing it with your friends.
And by the way, you can get even more tips in my weekly RicksDailyTips Email Newsletter. Sign up for free at the bottom of this page!