How to Enable Two-factor Authentication in WordPress
Providing two-factor authentication means that your WordPress login screen will be reinforced by another layer of security on top of your username/password combination. In typical two-factor situations, a mobile phone or hardware token is used as the extra layer. In this article, we'll learn how to enable two-factor authentication for WordPress.
Using the Duo Security mobile app and WordPress plugin will send a push notification to your phone when a WordPress user attempts to log in. If the login is valid, you can accept and the user will be logged in. You can use this authentication approach for yourself or a whole team if necessary.
How to add two-factor authentication for WordPress
There are three phases involved in adding two-factor authentication for WordPress with Duo Security. First, you will need to set up an account on the Duo website. You will also need to install the Duo mobile app on your chosen device. Then, we will add the plugin for WordPress and configure it.
Creating your Duo Account
Follow along with the steps below to create an account and configure a WordPress protection on the Duo Security website.
- Create a Duo account
- Once logged in, click Applications
- Click the Protect an Application button
- Find the WordPress logo and click Protect this Application
- Under the Details, click to view your Secret Key (leave this window open in case you need to copy and paste these codes again)
Install the Duo Mobile app
Now is a good time to grab your favorite handheld device, like a smartphone or tablet, and install the Duo Mobile app.
Setting up the WordPress plugin
Now we are going to download and install the Duo Security WordPress plugin.
- In WordPress, click Plugins Add New
- Search for the Duo Security Plugin
- Install the plugin
- Activate the plugin
- After being redirected to the plugin menu, choose Settings under the new Duo Security plugin
- Fill in the keys and API Hostname from the Duo Security website
- Click Save Changes
You will be redirected to set up your device for two-factor authentication. If you choose to use your mobile phone (which is recommended), you will be prompted to insert your phone number.
When you get to the My Settings & Devices page, you see the When I log in: option. You have a few options. You can choose your authentication method in the moment or choose to have Duo always send a Push or a Call. If you are unsure which one you prefer, you can leave the option set to Ask me to choose an authentication method.
You will be redirected to test the login. After you have successfully authenticated your login in two ways, you will be logged into WordPress, and you have completed this tutorial.