Security is always a big issue. With your login page open to the whole internet, who knows what or whom is trying to login to your site. The reason they are trying is that it is often just so easy to do. Many people still choose a password that is both easy to remember and easy to guess.
However, for those of us who already have a 15 character password with numbers, letters of both cases and punctuation, we still wonder what would happen if somebody, but some means, was able to know what that password was.
The way to protect is to add another level of checking. This is where we meet the concept of two-factor authentication. The first method was to enter your password, but how about a second?
If we accept that you always have a mobile phone with us, then we could have a code sent to the phone. If you have the phone and can then read that code, you can enter it to log into the site.
- Two-Factor App on my mobile device
- Email confirmation
- Backup Verification Codes
I am going to talk through how I setup the App using Google Authenticator to secure my login.
Firstly I need to install the app. In the WordPress Dashboard choose security and then settings. Scroll down to Two-Factor Authentication.
You then go to your user profile settings and in a section for 2-step security, you will see a QR bar code. On your phone you scan the bar code into the authenticator app to create the link between the two. When the authenticator is working it will show you are security number to enter when you login. This number expires are around half a minute and then another is set. So, anyone seeing the security code will not be able to use it in the future.