Two-factor Authentication for WordPress that both works and does not cost an arm and a leg
In this post I’ll go over five plugins that provide two-factor authentication for WordPress and are free.
But first things first.
If you are not sure what two-factor authentication is and how you can benefit from it, watch this excellent Matt Cutt’s video.
Matt puts it beautifully: Nowadays not using two-factor authentication is like being naked on the internet Click To Tweet
Google Authenticator plugin
If you already use Google Authenticator then you can simply extend it to your WordPress website.
If not, you can install it on your smartphone and use it for two-factor authentication for WordPress, Gmail, Amazon, and Dropbox.
Quite handy to protect so many services with one app.
Here is how it works:
Install Google Authenticator app on your smartphone.
Install the Google Authentication plugin on your WordPress site.
The next time you login into WordPress, you will have to enter Google Authenticator code generated by your phone.
The plugin is completely free.
You can turn it on for all accounts on your WordPress site or only some selected accounts.
Here is a great video how to configure the plugin to get the maximum value out of it.
Jetpack WordPress.com plugin
If you already use Jetpack WodPress.com plugin then go no further.
Enable the Single Sign On module in Jetpack and take advantage of two-factor authentication through WordPress.com.
WordPress.com Single Sign On allows to sign in to your self-hosted WordPress.org site using the same log-in you use for WordPress.com.
All you have to do is install the Google Authenticator App on your smartphone.
Google Authenticator generates a new code every 30 seconds, making it virtually impossible to guess.
Now, every time you login to WordPress, open the app on your phone, and type in the number it’s showing into the login window.
That’s how simple it is.
You can even force all users on your blog to log in via WordPress.com by adding the following filter to your functions.php:
Jetpack works beautifully, and you can’t beat free.
The only disadvantage I see with Jetpack is that it consumes a lot of resources on your server and slows down your site.
So, if you don’t already use Jetpack’s other modules, I wouldn’t recommend using it solely for two-factor authentication.
Rublon two-factor authentication for WordPress
Rublon is an interesting plugin because you need to verify a device that you use to login to WordPress only once.
After you have verified the device, you can log in to WordPress by simply entering your WordPress password.
No need for one-time passwords or codes you have to enter if you use Google Authenticator plugin.
Here is how Rublon works:
Install Rublon app on your smartphone.
Install and activate Rublon plugin on your WordPress website.
When you login the first time from a device a QR code will be displayed.
Scan it with your smartphone.
That’s it. You are done.
If you don’t want to install the smartphone app, you can verify a device via email.
Here is a quick video tutorial how to install and use Rublon on your WordPress website.
The only limitation I see with Rublon is that it lets you protect only one account per website.
If you need to protect more, you will have to sign up for the paid plan.
Duo Two-Factor Authentication plugin
Duo two-factor authentication plugin is similar to Google Authenticator plugin.
It lets you authenticate via a mobile app or a text message.
Install the Duo two-factor Authentication plugin on your WordPress site.
Create an account at duosecurity.com.
Get you integration key and secret key at duosecurity.com and save them on your WordPress site.
Install the Duo mobile app on your smartphone.
The next time you log in to your WordPress dashboard you will have to approve the login on your mobile app.
You can enable the Duo two-factor authentication for different user roles on your WordPress site.
Here is a quick video tutorial how to use the Due two-factor WordPress authentication.
The Duo two-factor authentication is a great plugin.
It is user friendly.
It is easier than Google Authenticator because you don’t need to enter any additional codes into the login window.
However, there are two small things I don’t like about this plugin:
The plugin is free only for up to ten accounts and only for personal use.
You have to create an account at duosecurity.com to be able to use the plugin.
Clef WordPress two-factor authentication plugin
With Clef you don’t need to use any passwords or codes.
Not even your regular WordPress dashboard password.
All you need is a smartphone with the Clef app installed and running.
Here is how you can start using Clef:
Install Clef plugin on your WordPress website.
Install the mobile app.
Sync your mobile app with your WordPress Clef plugin.
The next time you log in to WordPress dashboard, bring your mobile’s camera to the login screen, sync the waves and you are done.
Here is a quick tutorial how to set up Clef.
After you have the Clef mobile app and WordPress plugin installed and enabled, don’t forget to set the override URL.
The override URL helps you to login to WordPress if you don’t have your smartphone, the app is not working or something else has happened.
Here is a good video guide how to configure Clef’s WordPress settings and set up the override URL.
Warning: if there is no internet connection, the regular Clef waves login won’t work .
However, you still can login to WordPress using QR codes.
Here is a quick video how to login to WordPress if you have Clef enabled, but don’t have internet connection.
Wordfence two-factor authentication for WordPress
If you already use a premium version of Wordfence Security plugin then you can enable its two-factor authentication feature.
Wordfence two-factor authentication for WordPress works via sms.
The set up is very straightforward.
Go to Wordfence > Cellphone Sign-in.
Enter your username and cellphone number using the international format.
Click on the Enable Cellphone Sign-in button.
The next time you login to WordPress, you’ll get a code via sms that you will need to enter into the login window.
Here is a short tutorial how to set up the two-factor authentication with Wordfence.
Over to you
If you use a plugin that I didn’t mention or if you have an experience to share, please, leave a comment.
If you need help with two-factor authentication for WordPress or have some other issue or question, go here.