Passwords can be cracked. Two-factor authentication is one way to avoid this. Its use implies that users will have to confirm their identity using a code that will be sent to a mobile phone or any other device.
Therefore, even if the password was stolen, the hacker will not be able to access your site without a special code. It can be sent to the phone number specified during registration, email, to the application, etc.
Methods for obtaining the Two-factor code used for verification
The verification code can be obtained in one of the following ways:
- Codes, generated by the application: the Google Authenticator will automatically generate a new one-time code with a very short duration.
- USB tokens: this method does not work with mobile devices since the token must be connected to the USB port.
In this article, we will provide the best WordPress plugins for two-factor authentication.
A two-factor authentication plugin for WordPress that is easy to configure and use. It has a convenient user interface, supports various authentication methods, TOTP + HOTP support, protection against brute force, IP address blocking, support for several plugins for creating forms, compatibility with GDPR and many other useful functions.
The Two-Factor plugin supports four authentication methods. You can send codes to an e-mail address, use a one-time password based on time (TOTP), universal two-factor FIDO (U2F) and backup confirmation codes.
The plugin is easy to configure and use. If you encounter problems in his work, the developer is ready to help you through the WordPress.org support forums.
The WordPress 2-Step Verification plugin comes with many features: support for multiple sites, sending a code to email, via SMS and backup codes.
In case of loss of a mobile phone or verification code, you can use a simple recovery via FTP. At the time of writing, the plugin did not support the new block editor Gutenberg.
The Rublon Two-Factor Authentication plugin is easy to use. You only need to install the plugin and connect it to the Rublon API using the system token and security key.
After that, you will receive a confirmation link by email. Then it remains only to configure just a few parameters.
Rublon supports several two-factor authentication methods: email, SMS, QR code, push notifications and TOTP. In addition, you can whitelist trusted devices, eliminating the need for two-factor authentication during subsequent logins.
This plugin supports five languages. And security experts speak very well of him.
This is a complete engine that allows you to send SMS directly from the WordPress admin panel. The plugin comes with a free and easy to use two-factor authentication feature.
- Ability to add user data in SMS.
- Import a list of recipients from a CSV file.
- The implementation of mass mailing.
- Segmentation and grouping of recipients.
- Reauthorization every time you log in or remember devices for 30 days.
6. 5sec Google Authenticator
This plugin is available on Codecanyon for $ 19. After installing it on the site, upon entering the system, a one-time password is generated, which is sent to the user's mobile phone. Access to the site is provided only after entering the code, which is valid only for a strictly defined period of time.
This plugin will protect you from brute force attacks. And even if you forget to log out, 5sec Google Authenticator will automatically log out.
And in case of loss of a smartphone, a unique website URL can be used to enter the system using a username and password.
7. Duo Two Factor Authentication
To use this plugin, you need to install it, activate and subscribe to the service. Upon registration, you will be given access to security keys. Then you can specify user roles for which you need to enable two-factor authentication.
Users will be able to authenticate in several different ways. And also use one-time codes delivered by messaging services to mobile phones generated by a hardware token or Duo mobile application.
Also worth mentioning are few WordPress security plugins
- Shield Security.
- Wordfence is a universal security plugin that also supports 2FA through any TOTP-based application or service.
- ManageWP – built-in two-factor authentication in combination with useful tools for better management of WordPress sites.
- iThemes Security Pro is another security plugin that offers 2FA through applications (Google Authenticator, Authy, FreeOTP and Toopher), email.
These were some of the best two-factor authentication plugins for WordPress. We hope you find the most suitable for you. But we recommend the Google Authenticator plugin from miniOrange.