How to add two-factor authentication to your WordPress site

miniorangehero.jpg

Image: Jack Wallen

WordPress is one of the most-used blogging tools in the world. As we have witnessed with Windows, along with that popularity comes security risks. And since WordPress can be used for much more than blogging, your company might be deploying such sites for various purposes. With that in mind, you should take security seriously with your site…lest you lose company or client data.

To that end, you should not think twice about employing two-factor authentication on your WordPress site. Fortunately, this addition comes by way of a simple-to-install plugin called miniOrange. I’ll walk you through the process of installing and using this security-focused addition to your WordPress site.

SEE: Governments and nation states are now officially training for cyberwarfare: An inside look (PDF download) (TechRepublic)

Installing the miniOrange WordPress plugin

I assume your WordPress site is up and running, and that it’s updated to the latest release. The miniOrange plugin requires a minimum of WordPress 3.0.1 all the way up to the latest release. Due to considerable security improvements with WordPress, I highly recommend updating regularly.

I also assume that you use WordPress either via a locally-hosted server or on a third-party host that allows you to install whatever you need. With that said, let’s install miniOrange.

  1. Log in to your WordPress Admin Dashboard.
  2. Click Plugins | Add New.
  3. Search for miniorange.
  4. Locate Google Authenticator – Two Factor Authentication in the listing and click Install Now.
  5. Once the installation completes, click Activate.

You’re ready to set up two-factor authentication.

Configuring miniOrange for two-factor authentication

Once installed, click miniOrange 2-Factor in the left navigation. Now you must register with miniOrange (Figure A).

Figure A

Figure AFigure A

You must register for a miniOrange account.

Registration is free; in fact, the basic service is free. With that free service, you get:

  • One user forever
  • Limited authentication methods
  • Remember device
  • Two-factor for WooCommerce front-end login

You can purchase a Do It Yourself or a Premium package that will add more options and features to the service. To find out more about these options, click the Licensing Plans tab within the miniOrange page on your site.

After registration is complete, click the Setup Two-Factor tab. In this page (Figure B), you will configure the method you want to use for two-factor authentication.

Figure B

Figure BFigure B

Configuring the type of authentication you want to employ.

The setup will vary depending upon the type of authentication you choose. I prefer using the Google Authenticator method; this will require you to install the Google Authenticator app on either your Android or iOS device.

If you opt for the Google Authenticator option, select it, choose the platform you’ll be using (Android, iOS, or BlackBerry/Windows), and then, when prompted, scan the QR code with the Google Authenticator app on your device. To do this, open the Authenticator app, tap the + button, and then scan the code. You will be immediately prompted from the miniOrange plugin on your WordPress site to enter a six-digit code, which you’ll get in the Google Authenticator app on your mobile device. Enter that code and then click Verify and Save.

You will be prompted for a six-digit code from the Google Authenticator in order to log in to your WordPress site. Enjoy the added security.

Security made simple

You’d be hard-pressed to find a simpler method of adding an extra layer of authentication security for your WordPress site. Be sure to check out the other WordPress-centric services and features offered by miniOrange, including SAML Single Sign On, Social Login, Email Verification, and more.

Also see

Source: Security on TechRepublic @ February 24, 2017 at 08:34AM

0
Share