Posted by WordPress is often criticized for its security problems, but it’s an easily accessible tool for creating a website. In this article we will see an essential element, the protection of access to the administration panel thanks to the two-factor authentication.
I have tested several plugins and for the moment the one that has given me the greatest satisfaction is: Two-Factor: Two-Factor
Its advantages are:
– Availability of several options to authenticate
– Flexibility in activating options
– Support for several U2F keys
Set up
In the plugins management interface search for Two-Factor and install it. Access your profile and you will be able to activate one or several options to secure your access after entering your password
Email: an email sent you to validate the access. This is the same as that used by the account, so it is a fairly insecure option
Code OTP: a fairly easy to use option but of medium security
FIDO U2F: very safe, but quite restrictive. Provide an emergency key or combine with the single-use code
Single use Code: very difficult to use, can only be used as a backup method
Securing
After entering your password, your second factor will be requested. If your password is stolen, the intruder will not be able to connect.
The change to 2FA may also be used to detect possible re-appropriation of accounts by a third party.
Security is not an absolute science and no system is perfect. It is a question of stacking the layers and making the task as difficult as possible for the attacker while keeping a certain comfort of use.