Your WordPress website can be an easy target for hackers and malicious users. Do not rely on a password alone to protect your business website.

Just as banks and applications that store sensitive information do, using two step authentication means adding an extra step to the login process. This could be a phone call or text, or using a private key or authentication app on your smartphone.

On your WordPress website, we suggest using DUO. It is simple to install and is owned by technology giant Cisco.

The application allows authentication by the following ways:

  1. One-tap authentication using Duo’s mobile app
  2. One-time passcodes generated by Duo’s mobile app
  3. One-time passcodes delivered to any SMS-enabled phone
  4. Phone callback to any phone
  5. One-time passcodes generated by an OATH-compliant hardware token

Better yet, if you have under 10 users, you can use the application for FREE! Paid plans for over 10 users start from $1. Pretty good considering the security it adds to your WordPress login.

Duo’s WordPress plugin adds strong two-factor authentication to any WordPress login.

Your users will log in as usual with their primary credentials (their WordPress username and password). Then they’ll be challenged to complete secondary authentication via Duo Push, phone callback, or one-time passcodes generated via the Duo Mobile app or delivered via SMS.

Security 101: Two Step Authentication Setup for your WordPress Website 1

The process is fast and users will get used to it quickly. In your Duo admin portal, you can also monitor logins and access to your website. This can be very useful when having third party contractors or agencies access your website for advertising, content or updates.

Installing Duo

To get started with Duo, create a free account at

Once you have created this, verify your email, setup your details and go to applications and search for WordPress.

Once you have found the WordPress application, you will see details including an integration key, a secret key and an API hostname.

Keep this open and ready to copy and paste.

On your WordPress website, log in and install the Duo Two-Factor Authentication plugin by Duo Security.

Once installed and activated, this will run you through the setup process and you will be asked to enter the keys and API details from your Duo account.

You can then save the settings on your WordPress website as well as on the application setup in your Duo account.

We recommend using the Duo mobile app on your phone. This allows push notifications every time you login, and its an easy tick or cross to allow or block access.

Security 101: Two Step Authentication Setup for your WordPress Website 2

It works on Android and iPhone.

You can have two step authentication active for all users or select just admins, editors, authors, contributors, or subscribers.

This is just another way to secure your website along side locking down your web server, updating your PHP settings, using SSL certificates and ensuring you use strong passwords and monitor activity on your website and server.

We hope this helps you lockdown your WordPress website login with Duo security.

Happy WordPress’ing!

Pin It on Pinterest

Share This