Another great way to improve the overall security of your WordPress website, is by adding two-factor authentication to your WordPress security measures. It improves your security since it requires 2 seperate elements to be entered before a user will be granted access and is, by default, a better solution than just using a username and password combination to log in. Two-factor authentication usually requires you to enter both a pincode/token of some sort and validate another element before access is granted.
How this improves your WordPress security
Using 2-factor authentication helps to effectively protect your website against following attacks and vulnerabilities:
- Brute-forcing attacks
- Weak passwords set by the end-user
- Passwords that have be intercepted via man-in-the-middle attacks
But that’s enough theoretical chitchat already. Let’s go over the best options available today:
With over 300 000 installs, Clef is one of the more popular WordPress security solutions for implementing two-factor authentication. Clef allows logging in by scanning a graphic using your smartphone or tablet. The client software is available on iOS and Android. No Windows Phone or BlackBerry support just yet folks!
With over 3000 installations, Duo is the runner up when it comes to 2-factor authentication plugins for WordPress. Even though its usage isn’t as wide-spread as is the case with Clef, it does offer some serious advantages over Clef. You do not require an iOS or Android device to use Duo. Their validation app is also available on Windows Phone and BlackBerry 10. Further more, the use of Duo allows for a one-time passcode sent by SMS to any cell phone (does not need to be a smartphone). This makes Duo a very interesting plugin for companies with a bring your own device policy.
Need more information on how to secure your WordPress site against hackers? Then I’d suggest checking out WordPress Security 101 – How to secure your website against hackers.