WordPress blogs are one of many targets for hackers, and with so many people making simple mistakes, it becomes clear why. There are many ways of protecting your blog, and weโve outlined five mistakes you might be making.ย While using a stronger password or keeping your plugins and theme updated tend to be common advice, you can take additional measures. In fact, you can ensure that absolutely no one, even if they were to get your password, will ever be able to access your blog.
Two-factor authentication is a wonderful thing, and was first used in the workplace to protect sensitive data. Nowadays, companies like Google or Microsoft offer the functionality, and all thatโs required is a mobile phone.ย How it works is when you go to login someplace, and have two-factor authentication enabled, you are required to enter a special pin. For example, Google has its โAuthenticatorโ app which you fire up to see the special pin, or you can opt to receive a text message or phone call instead.ย A special pin isnโt always required, and Twitter recently implemented its own solution which involves approving a trusted device.
Thanks to the help of Duo Security, you can bring this same functionalityย to your WordPress blog.ย With Duo, you can approve or deny logins with the tap of a button, or use a special pin delivered through the app or via SMS. Once youโve installed and activated the plugin, click on its โSettingsโ from the plugin page.ย Before you can start benefiting from Duo Security, you have to setup an account on the appropriate website which is listed on the settings page.
While Duo does offer a free trial on its paid plans, it has a free โPersonalโ plan which supports up to 10 users, plenty for the average WordPress user.ย Once youโve signed up, make sure you activate your account via email. From there, youโll create a password, and add your phone number. Duo Security verifies your identity via phone either by calling or sending you a text message with a special pin. Now that your identity is verified, itโs time to setup your blog.
After verifying your identity, you should have been redirected to a page that says โNew Integration.โ Where it says โIntegration type,โ click on the box and scroll down to the bottom to select โWordPress.โ Next to โIntegration name,โ add whatever name youโd like, and then hit โCreate Integration.โ
This is where you receive the integration key, secret key and API hostname that needs entered on the pluginโs settings page via your blog. Simply copy and paste over the appropriate details, and then click โSave Changes.โ Once youโve saved changes, switch back over to the Duo Security website, and under โIntegrationsโ on the left hand side, select โUsersโ.
On the top right, click the green button that says โNew user,โ and once youโve created a username, click โAdd user.โ Scroll down to where it says โAdd phone,โ and add your phone number. Next to โTypeโ select โMobile,โ and next to โPlatformโ select your appropriate mobile operating system. Once youโre finished, click โSave Changesโ and under your phone number in large text, you should now see a link that says โActivate Duo Mobile.โ
Click the activation link, select the button that says โGenerate Duo Mobile Activation Code,โ and then โSend Instructions by SMS.โ The installation instructions will help you to download and install the appropriate app while the activation instructions are what you use to successfully add your account to the app. Duo Security works on all major mobile operating systems such as Android, iOS, BlackBerry and Windows Phone.
Once your account has been added to the app by clicking the link in the activation SMS, your blog is ready to benefit from two-factor authentication! To test it, log out of WordPress, and sign in as you normally would. Now, youโre met with the Duo Security prompt.
I recommend logging in by way of โDuo Push.โย With Duo Push selected, click the blue login button. Your phone will then get an alert about a login request, and all you have to do to accept is click the Duo Push button within the mobile app, and then click the green โApproveโ button. In a matter of seconds, youโll automatically be logged into your blog.
With just 5 to 10 minutes of setup time, Duo Security adds an extra level of security to your Wordpress blog that really canโt be beat.
Photo credit: Davide Del Vecchio
Feeling stuck in self-doubt?
Stop trying to fix yourself and start embracing who you are. Join the free 7-day self-discovery challenge and learn how to transform negative emotions into personal growth.