Read the full episode transcript below:
00:28 David Blackmon: Hey everybody. Welcome to another episode of wp the podcast i’m David Blackmon
00:35 Tim Strifler: And I’m Tim Strifler.
00:38 David Blackmon: Today we’re going to talk about, how to add two-factor authentication to your WordPress website. And we’re focusing mainly on free but we’re going to give you a paid, and a free version as well. U it just depends on where you’re at in your website journey. So before we get started we like to kind of cover and define things what we’re going to talk about today. And one thing you may be asking what the hell is two-factor authentication Tim? Why don’t you tell them.
01:04 Tim Strifler: Yeah absolutely. So two-factor authentication is a additional layer of authenticating. Uh that you are the user who’s trying to log in in addition to the username and password, so if you think of a username and password logging into any type of website or account that’s one factor authentication. Right because all you need is the username and password, and that’s it. However as you know data breaches happen and username and password uh combinations are are leaked, and then spammers bots scammers whoever are gonna go and they’re gonna test those username and password combinations across millions of sites to see where people use the same username and password. And so if you only have one factor authentication to log into your WordPress website, well if you’ve ever used that same combination then you’re screwed when a data breach happens, or a brute force attack. When they’re guessing the same username or a bunch of different username and passwords on the same site over and over again. And so adding an additional layer of protection with the two-factor authentication you’re going to protect yourself from the most common types of hacks. Which is what i just talked about brute force and data breaches stuff like that. And so a two-factor authentication is the one factor is something you know which is a password and then the second layer is typically something that you have right so uh using your cell phone to authenticate. And so whether that’s through your mobile phone, or through google authenticator it’s very very powerful. The mobile phone is when you you basically they send you a code to your number um which is very secure. However that’s still not as secure as using google authenticator, because google authenticator it can’t be uh your mobile phone can be routed to different places and with imessage and if they have access to one of your devices, and you know they can get in that way. But google authenticator is to one device and there’s no way around it like you can’t like if you get a new phone and you don’t download your google authenticator like records, um you’re kind of screwed and you have to like start over basically and go through jump through a bunch of hoops to reset the passwords that that you have set up. So that is the downside to using google authenticator is is um it’s very secure.
03:26 David Blackmon: Yeah and it’s and it’s rotating i think you have like a 60 or 30 second window to where it’s constantly updating and changing those codes to get you in. And if you don’t have that exact code at that exact time frame it’s not letting me in. So uh it it’s pretty complex I agree it’s. I use it for some and i gotta i’ll be honest i want to be like, i want to throw the thing against the wall sometimes, because it’s kind of a pain to have to go through that. But the value of it is so great. I mean if this is your business and your website is generating money you absolutely 100 percent want to have two factor authentication on there and even if it’s as painful as using the google authenticator app, and having to go log into it download see the codes go back catch it in the right window, it’s still well worth it when you think about it in a big scheme of things so. Plus you don’t want your site hacked. So um yeah the first one we’re going to talk about is through the security plug-in aspect. Tim’s going to give you an amazing free version here in a second but what i wanted to talk about a lot of a lot of websites typically will have some layer of security so whether you’re using a plug-in or like I-theme Security or Word Fence a lot of these plugins have two-factor authentication built into them. So if you’re already paying for those plugins and stuff, you might as well use those plugins for your two-factor authentication. We use it we use I-themes Security, we have it set up with the google authenticator app, and it’s on our login page. We do not want people logging in to our website especially as administrators, unless they’re the administrator. Because you know that’s our our livelihood and our business and stuff. So pretty easy to set up pretty straightforward. But now Tim’s going to give you an equally awesome way and it’s free.
05:35 Tim Strifler: Absolutely, and the it looks like the free version of Word Fence has two-factor authentication okay built-in. So you can use that for free. Um but if if you have security handled the different way you want to add in two-factor authentication, then you can do that. There’s a plug-in called Wp-2fa Two-factor Authentication for WordPress, and it will add just that that feature. That two-factor authentication without having to add all the other security features and stuff. And so you can you can do that with the free plug-in and they have a premium version too, which is going to add some more features to it. Alongside um uh adding trusted devices being able to white label the two factor authentication pages those types of things. But there’s the free version in most cases it’s going to be more than enough . Um so yeah and one thing i i last thing i want to add that David mentioned having multiple admins logging in . If you’re one user on your site you’re the only admin and you have really good um password habits i guess where you you don’t reuse passwords you use one password per site that sort of thing um then chances are you’ll be fine. We think you should still add two-factor authentication it’s not gonna hurt anything, um but when you have multiple admins or a bunch of users editors stuff like that you can’t trust that everyone’s gonna have good password. They don’t they and they don’t so it’s like the more people the more they’re lazy you know. So using um something like this is going to protect everyone. Everyone that’s using the site as well as your business so.
07:26 David Blackmon: Perfect. All right tomorrow we’ve got another great topic, if you have any questions or leave us a comment below. If you’re using it or if you have some alternatives something that we didn’t cover, when we do like plug-in highlights or topics and stuff Give us your feedback we’d love to hear from you and stuff, what we would love to have from you. If you don’t mind if you’re enjoying the podcast and you’re glad that Tim and i are finally back after our year and a half hiatus give us a review you know. Reviews really help us with the algorithm if you’re watching this on Youtube, do us a favor hit subscribe hit the like button, because that helps us out greatly with youtube’s algorithm, and it lets more WordPress people find our content. Because the more people that engage with it the more people that youtube’s algorithm and google’s algorithms think that we have engaging really good content and stuff. So it’s not rocket science if you like it and enjoy it, click the like button hit the subscribe button, even if you don’t hit the like button “I love you David will be your bff your best friend forever”. So that’s our little shameless plug and Tim until tomorrow we’ll see you then
08:33 Tim Strifler: Take care bye-bye
Did you Enjoy this Episode?
- Will you consider sharing it online? Just click one of the share buttons below!
- Will you leave us a review? 🙂
- Have a question, or a topic request? Let us know in the comments below!