December 27, 2019
June 30, 2020
Website Security, WordPress
Internet security is everything these days. If it sounds like I’m repeating myself, well, it’s because it’s worth remembering a lot.
One of the easiest ways bad actors can enter into your website and wreck it is simply by logging in as you. These brute force style attacks can happen often, especially if your website is kind of big and/or uses WordPress, which is a prime target for hackers.
But there is a way for you to close off the entrance at the login, and that’s with the help of two-factor authentication.
And getting it up on your website is easier than you might think.
What is two-factor authentication?
Two-factor authentication, or TFA, is an extra safeguard that you can add when logging into your website.
Normally when you log in, you just have to enter in your username or email and your password, and that’s it. And that makes it vulnerable to bad actors who can use programs to try and guess your password repeatedly.
But adding in TFA adds an additional step. When you log in, you’ll be taken to another step where you have to enter in a one-time passcode in order to complete the log in. And this code is only sent to a device or email you enter during the setup process. Otherwise, you won’t be able to get in.
In effect, it adds another lock on the door to your website’s back end.
Let’s Keep Your Story Online
Creating a new website can be a challenge. But keep it up and running efficiently can be a challenge. You have to make sure things are updated and running smoothly because if your site is down, no one can find or read your story. But I can help make sure that’s never a problem for your business.Let’s Come Up With A Plan to Maintain Your Site
How does TFA help your website?
So, how exactly does TFA help your website. Well, it blocks one weak point of entry into your website. There is always the possibility of someone managing to brute force their way into your website by using a program to guess passwords.
But TFA adds that second layer of protection. No longer can a bad actor just need to guess a password. They need that second code to get in. And only you have that code (or at least you should be the only one with that code).
Plus, depending on how the TFA system you use works, you might get a notification via email or text that someone is to force their way into your website simply by the code you’re being sent to “log in”. And then you can quickly take action to make sure nothing malicious is happening.
Now for a quick disclaimer: this won’t completely protect your website from being hacked. I still recommend getting a plugin like Wordfence or iThemes Security to add an additional layer. But it does close off one vulnerable point of entry.
Get Insights on How to do a Small Business Website Right!
Are you looking to get some help with your small business’ website, but aren’t quite in a spot to take that next step? No worries! I’ve got you covered with a small business newsletter. This weekly newsletter will talk about a different subject related to websites and small businesses each week, as well as highlight blog posts that can help you out. This will help you optimize your business’ site as much as you can while you get yourself into a position to take the next step for your website.
How to get TFA on your website?
So, you how can you get TFA on your WordPress website? Well the good news is that there are a lot of options.
I personally use the Two Factor Authentication plugin, and I’ve found that it does the job very well. It uses Google Authenticator to give me the code I need to log in. Personally, I find that a bit better than having to rely on a text or email message.
But you really only need to do a simple “two-factor authentication” search in the WordPress plugin directory to find one that works for you. There aren’t many bad choices to go with.
At the end of the day, going with TFA on your website adds a layer of security that can help you keep bad actors out. And that makes it more than worth the effort to add it to your website.
Two-factor authentication in WordPress