WordPress 2-layer security is rarely thought of but it’s the best security I know. WordPress has a lot of plugins to help you turn on WordPress 2-step verification, we just need to choose the right one to use. This Lucid Gen article will guide you to secure 2 layers of WordPress with SMS and Google Authenticator.
Consequences of WordPress ina security
- The web is infected with viruses, malicious code that steals user information into the web, or inserts backlinks.
- Got the word train when it appeared on Google.
- Google Chrome will prevent users from accessing your web.
- Losing control of the web, even destroying the hosting’s data.
Benefits of WordPress 2-layer security
Benefits you can’t expect when you turn on WordPress 2-layer security…
- The web is healthy and secure.
- Rest assured in your sleep.
- Full trust from customers.
- Steady to go to work.
Generally to enhance the security of your WordPress website and that of customers.
WordPress 2-layer security with Google Authenticator
Google Authenticator is a 2-step verification application that is very popular, many other platforms use Google quickly. Instead of waiting to receive messages, you’ll open the Google Authenticator app on your phone with a 2-step verification code. Especially you do not need to be online still get the code.
In the WordPress page admin interface, click Plugin on the menu and choose New settings. Then look for the Two-Factor plugin to install.
After installing and activating the Two-Factor plugin, you go to your Profile section. Scrolling down will see the Two-Factor Option, which you configure as I instructed.
- Turn on 2 buttons in the Password once based on time (Google Authenticator) section.
- Use your phone to open the Google Authenticator app, click the plus sign in the app, and choose to scan the code. Scan your computer screen and then enter the authentication code generated from the Google Authenticator app. Then click send.
You can also use Google Authenticator on your computer instead of your phone.
After you’ve saved the WordPress 2-step verification setting, you’ll see a 2-step verification request later. Then just open the application to get the code to enter it.
Very fast and simple, right? However, if you only prefer 2-layer WordPress security with SMS, see below.
2-layer WordPress security with Jetpack SMS
Currently, only WordPress.com support 2-layer login by SMS. We don’t build the web WordPress.com but we can use it through our Jetpack WordPress.com supported. Jetpack also helps fight brute attacks for you.
If you know WordPress.com, click wordpress.com/start/user and create you an account.
Sign in to your WordPress.com account, click Security on the left menu, select Confirm 2 steps on the right, and then click Let’s Get Started.
(You can open it quickly wordpress.com/me/security/two-step.)
Enter your phone number and click the SMS Verification box to receive the verification message. Note: put the number 0 in front of your number.
Enter the 2-step verification code received in your phone message, and then click Activate.
In the box I stored the backup code and Finished. The backup codes you can save in advance of the phone do not receive messages.
(But it’s okay, if your phone can’t get a message you just go to the plugin folder to delete Jetpack is normal login.)
Return to the admin look of your WordPress page, select Plugin on the menu and Install new. Find the Jetpack plugin to install and activate.
The first time you use Jetpack, you need to click on the Set up Jetpack button to start connecting to your WordPress.com.
We were logged in WordPress.com so now just click on the Accept button.
Then, let’s skip the price list, we scroll down below will see the Start with free button to use for free.
When moved to the admin page interface of WordPress.com. You click Manage on the menu on the left and select Settings. On the right side you turn on 2 options as in the picture is okay, and if you want the username to be email, turn on all 3.
I explain jetpack’s 2-layer WordPress security options as follows:
- Allow users to log in to this site using WordPress.com accounts: allow login of your website with a WordPress.com
- Match accounts using email addresses: only accept the username as email.
- Require accounts to use WordPress.com Two-Step Authentication: 2-step verification is required to log in.
Once you’re done turning it on, the system saves itself, just click admin page on the menu to go back to WordPress web administration.
Later if you want to change the option, you do not need to look inside WordPress.com, just go to Jetpack and choose Settings on the menu is decent. Like below.
You then insert this code into the interface functions.php file to remove the default sign-in cell, which will instead be logged in with your WordPress.com. You have 2 options as follows:
Delete only the default sign-in cell, leaving the sign-in button WordPress.com
/*Delete only the default sign-in cell*/ add_filter. jetpack_remove_login_form, '__return_true');
Move straight through WordPress.com to the sign-in page
/*Move straight through WordPress.com*/ add_filter. jetpack_sso_bypass_login_forward_wpcom, '__return_true'); add_filter. jetpack_sso_new_user_override, '__return_true'); add_filter. jetpack_sso_match_by_email, '__return_false'); add_filter. jetpack_remove_login_form, '__return_true'); add_filter, __return_true 'jetpack_sso_require_two_step');
This is the result when you visit the sign-in page, no longer the usual sign-in box. From now on, just click the Log in with WordPress.com button and sign in with WordPress.com account.
When you enter the correct password, you will immediately receive a message over the phone. Enter the WordPress 2-step verification code, and then click Continue to sign in.
Lucid Gen also uses Jetpack’s 2-step SMS login. I saw the message very quickly, very OK. But you should read more below to learn more about how to increase the security of your web.
A simple but effective way to secure Wodpress
It’s really simple, friends. It’s not a big deal, just remember the notes below and combine it with two-layer security so you can rest assured.
Remember 4 not to secure your website
- don’t install pirated Plugins.
- don’t install many strange chrome extensions.
- do not give sign-in to multiple people.
- do not watch the “cool” fim.
Increased security at the login stage
- Sign in to admin hosting and sign in to WordPress.
- Change the site login link to a different tail.
Does this article help increase the security of your website? Please leave your comment below to share your opinion. Check out more about WordPress on LucidGen.com maybe there’s something good about you.