With data breaches as rampant as they are I’ve decided to get more serious about security and implement two factor authentication. Authy is a great way to add this to WordPress, and it’s free (or at least most of its features are.) This information comes from their blog.
- Install the Authy plugin from here
- Create an account at https://dashboard.authy.com
- Add an application for your blog to the Authy dashboard and copy the API key given to you
- Activate the Authy wordpress plugin, go into settings and paste in the API key
- Activate two factor authentication for your user by mousing over the top right corner and selcting “Edit my profile”, scroll down to the bottom, and click “Enable/Disable Authy”
When I did this I had forgotten that I had a different login plugin running – Login Lockdown. With both these enabled I could no longer log in! There was some sort of conflict between the two plugins. I had to disable both plugins by following this guide.
- Navigate to your wordpress directory and go to wp-content/plugins
- Rename the offending plugin directory to something like pluginname-disabled
- Log into WordPress and go to your plugins page, it will generate an error
- Now that you’re logged in, you can rename those folders back to their original name to either re-activate or delete those plugins.
Now you are much more secure. Even if someone has your password they will not be able to log in unless they also have your phone.