I'm Salman Rahman

WordPress Site Security: What Can You Do About It?

0 0 Wednesday, January 11, 2017 Edit this post

Want WordPress Site Security? Enable Two-Factor Authentication on WordPress Site? How you are protecting your website from Hackers ? Securit...

WordPress Site Two-Factor Authentication
Want WordPress Site Security? Enable Two-Factor Authentication on WordPress Site?

How you are protecting your website from Hackers ? Security issues using WordPress!! Headache?? Don’t be nervous, here’s easy two-factor authentication to make your WordPress Website Safe & Secure.

More and more sites are using two-factor or multi-factor authentication to ramp up security. I mean, Google wants my cell phone number to confirm my identity before I can log into Gmail. And it’s a good idea. I mean, do you see how often hacking stories hit the mainstream news? Security (or the lack thereof) is a real problem and while you may not be able to prevent a big security breach like the one that happened at The Home Depot recently, you can do your part as an individual to protect your information and your site.

What is Two Factor Authentication?

As its name suggests, two factor authentication is a process that requires two sets of authentication before you’re logged into a site. Many big name sites currently make use of it in one way or another. I already mentioned Google, but sites like Twitter, Facebook, and Amazon use it, too.

What is  WordPress Two-Factor Authentication?

Passwords are the de-facto standard for logging in on the web, but they’re relatively easy to break. Even if you make good passwords and change them regularly, they need to be stored wherever you’re logging in, and a server breach can leak them. There are three ways to identify a person, things they are, things they have, and things they know.

Logging in with a password is single-step authentication. It relies only on something you know. Two-step authentication, by definition, is a system where you use two of the three possible factors to prove your identity, instead of just one. In practice, however, current two-step implementations still rely on a password you know, but use your Phone or another device to authenticate with something you have.

A WordPress user can increase their website’s security by installing a plugin, which gives them the two-factor authentication feature. There are several plugins widely available and can be found in the plugin tab on the WordPress Dashboard. On installing a plugin, a user needs to activate it and follow the instructions that are prompted. It’s an easy procedure offering a better chance at security.

However, there are several other kinds of two factor authentication on the market. For instance, you might be required to input a specific personal identification number (PIN) along with the username and password. Or you might need to confirm a specific visual pattern before being granted access. Many banks use this form of authentication.

A fob is another popular choice for confirming identity before sign-ons. The fob (that you can easily attach to your keychain) displays a random series of numbers that you are then required to input into a text field on the site before you’re allowed to login.

While two factor authentication might feel like a new thing, rest assured it’s not. When you pay with a credit card, you often have to show your ID to the person behind the checkout counter. Or you have to input your zip code. Or if shopping online, you need to input the security code from the back of your card. So you see, it’s nothing new. But the application to website logins is sort of a new thing and that’s why more and more people have started asking about it.

Why Do You Need Two-Factor Authentication?

As I mentioned in my opening paragraphs, two factor authentication adds another layer of security in a world where hacking has become commonplace. In short, you need it because you need to protect your personal information and your site from malicious people out there. And they are out there.

Brute force attacks occur constantly and unless you have your site secured properly, odds are good that a hacker will one day break through your defenses and steal your info, upload malware, or perform a whole host of other malicious acts.

Two factor authentication makes hacking your site harder. And unless you’re running a high-profile site, most hackers and bots are going to give up after a time when they can’t break in right away.

You want an even shorter answer, Right?

Anything you can do to make hacking your site harder is worth doing.

A lot of people are reluctant to jump on the two factor bandwagon, however. Because in the process of improving site security, it makes the login process more complicated and more time-consuming. Arguably, it doesn’t take that much longer but there is a definite time factor involved here. You can always opt for the “stay logged in” option to reduce the number of times you have to go through the double authentication process in a given week, too, if it’s a major concern for you.

How To Enable Two-Factor Authentication on WordPress Site?

You have several options for plugins that make setting up two factor authentication a snap. You can use DuoClefWordfenceOpenIDAuthyGoogle Authenticator & Many More. In this article we're going to tell you about Google Authenticator for your WordPress Site.

WordPress Two-Factor Authentication with Google Authenticator

To set up two step authentication via an authenticator application on your device, you’ll need to start in a desktop browser.

First, go to your Two-Step Authentication settings page at WordPress.com. Or, you can reach Settings by clicking on your Gravatar image from the WordPress.com home page:

Next, click the “Security” link in the navigation on the left-hand side of the screen:

Then, click on Two-Step Authentication and then Get Started.

Here you’ll be prompted to select your country and to provide your mobile phone number (without country code and spaces or dashes). After doing so, click Verify Via App.

Next, scan the QR code presented with your authenticator app. A six-digit number will appear in the authenticator app. Enter it in the blank provided and click Enable.

Lastly, you’ll be prompted to print backup codes. Don’t skip this step, as it’ll be your only way to log back into your account without staff assistance should your device go missing!

If your web browser is set to block pop-up windows, you may need to temporarily disable this feature as it will prevent the window with your backup codes from opening.

Click All Finished.

At this point, your site is enabled for two-step authentication. A follow-up step allows you to confirm that your backup codes work by entering one of the printed codes.

Setup with SMS Codes

If you’re unable to set up two step authentication using an authenticator app, you can also set it up to work via SMS messages. To do so, set up your phone number as described above, but then click Verify via SMS.

Within a few moments, you should receive a text message that includes a 7-digit number. Enter this number in the blank provided and click Enable. From this point forward, you can print and verify backup codes as documented above. Your account is now protected by two step authentication.

Logging In

The login process varies slightly from the usual process once you have two step authentication enabled. Regardless of whether you used the Google Authenticator method or the SMS method to enable two step authentication, you’ll start by logging in as usual with your username and password.

Next, you’ll be prompted to enter the verification code that was sent to your device.

If you’re using SMS for two step authentication, we’ll send you a text message with a six-digit number. If you set up two step authentication with the Google Authenticator app, open the Google Authenticator app on your device and provide the six-digit number listed for the account. Once you’ve entered the code, you’ll be logged in and ready to blog.

Backup Codes
We don’t want you to lose access to your WordPress.com account—you’ll still need to be able to log in if it’s is lost, stolen, you’re locked out for any reason, or your device needs to be wiped clean (which will delete Google Authenticator). To make sure you’re never locked out of your blog, you can generate a set of ten, one-time-use backup codes. We recommend that you print the backup codes out and keep them in a secure place like a wallet or document safe. (Don’t save them on your computer. They’d be accessible to anyone using your machine.) Generating backup codes is essential and must be done. If you ever need to use a backup code, just log in like you normally would, and when asked about the login code enter the backup code instead.

At the end of the setup process for Two Step Authorization, you’ll be given the option to generate backup codes:

Just click “Generate Backup Codes,” print the screen containing the codes—don’t save it—and then close the screen. If you lose your list of backups or it’s compromised, you can generate a new set of codes. For added security, this will disable any previously-generated codes.

Important: You can only generate the backup codes from a desktop browser. For example, Safari on iOS will not display the backup codes. Additionally, if your web browser is set to block pop-up windows, you will need to temporarily disable this feature as it will prevent the window with your backup codes from opening.

Application-Specific Passwords

There may be some apps that connect to your WordPress.com account that don’t yet fully support Two Step Authentication; the most common are the WordPress mobile apps or Jabber apps used to subscribe to WordPress.com blogs. For these apps, you can generate unique passwords for each application (e.g., you can have a different password on your phone and your tablet). You can then disable individual passwords and lock applications out of your account to prevent others from accessing your sites.

To generate application-specific passwords, head back to Two-Step Authentication and then down to “Application Passwords”:

Give the application a name—you’re the only one who will see this name, so call it whatever you’d like—and click “Generate Password.” WordPress.com will create a unique 16-character password that you can copy and paste the next time you log in to your account on that device. The application will remember this password, so you don’t need to.

Your Security page will maintain a list of all the applications for which you’ve generated passwords. If any of your devices are lost or stolen, or you simply wish to revoke access for a particular application, you can visit this page at any time and click “X” to disable the password and prevent the app from accessing your account:

Disabling Two Step Authentication

We don’t recommend disabling Two Step Authentication, as it’s much less secure, even if you believe your password is very strong. But if you insist, you can disable the feature by going to your Two-Step Authentication page.

The page will show that the feature is enabled, and you can click the Disable Two-Step Authentication button. This will prompt you to enter a code to confirm that you still have access to the device you originally used to set two step authentication up. If you’re using an authenticator app, open it and provide the code it lists. If you’re using SMS, you’ll be sent a code to use. (This code is different from the code you used to log in to your account. You can also use one of your backup codes for this step.)

Click Disable after entering the code and your account will no longer be protected by Two Step Authentication.

Moving to a New Device

If you are planning on switching to a new device, and you have enabled Two Step Authentication, you will want to take the following steps to avoid being accidentally locked out of your user account.

If you are using an authenticator app to generate verification codes:


  1. Print a set of backup codes for your user account by following the steps here. DO NOT SKIP THIS STEP.
  2. On your new device, install the authenticator app.
  3. Disable the Two Step Authentication link with your old device by following the steps here.
  4. Set up your user account to link to your new device by following the steps here.
  5. If you are prompted to enter your verification code, use a code from your list of backup codes. Backup codes are one-time use only.
  6. You can now uninstall the authenticator app from your old device.



If you are using the WordPress.com mobile app to manage and publish to your blog:


  • Create a new application-specific password by following the steps here.
  • Enter your new application password when using this app on your new device.


If you are using SMS to receive authentication codes, you will not need to update your settings unless you are also changing to a new phone number. In that case, you will want to set up a new recovery number prior to disconnecting your old SMS number by following the steps here.

If You Lose Your Device

If you lose your device, accidentally remove the authenticator app, or are otherwise locked out of your account, the only way to get back in to your account is by using a Backup Code.

To use a backup code, fill in your login details like you normally would. When asked about the login code enter the backup code instead. Remember: backup codes are only valid for one time each so be careful when using them.

Labels:

SHARE:

Twitter Facebook Google Pinterest

COMMENTS

BLOGGER
Name

12 months seo strategy,1,2018 elections,2,Aaron Rodgers,1,abortion,1,actors,1,Adam Liptak,1,adsense,7,adsense optimization,2,adsense tips,3,advertising,3,Affiliate Marketing,1,aging,2,airplanes,2,Al Franken,1,Alito,1,Althouse + Meade,1,analogies,4,Anderson Cooper,1,Andrew Dice Clay,1,Android,1,Annie Lowrey,1,Anthony Weiner,1,apologies,2,Apple,1,Apple News,1,Apple Watch,1,Ariana Grande,3,art,1,art and politics,1,avocado,1,backlinks,2,bad art,1,bad science,2,bananas,1,baseball,1,Basquiat,1,BEGINNER GUIDES,1,Beginner to blogging,14,beginner's guide,4,Beginners Guide,1,Ben Carson,1,Ben Sasse,2,Berkeley Breathed,1,biking,1,Bill Cosby,1,Bill Murray,1,Bing webmaster tools tutorials,2,birth control,1,blog commenting,1,Blog Design,59,blogger,6,blogger adsense,3,Blogger menus,10,blogger pages,4,blogger posts,11,Blogger Seo(Search Engine Optimization,19,Blogger Tips And Tricks,32,Blogger Widgets And Gadgets,30,Blogging,10,Bob Woodward,1,body parts,1,body-slamming,5,books,4,boredom,3,Boston bombing,1,brain,1,bras,1,breasts,2,Breivik,1,Bret Weinstein,1,BuzzFeed,1,campaign finance,1,camping,1,capitalism,1,careers,1,censorship,1,Chaplin,1,charity,1,Charles Murray,1,Cher,1,chess,1,children,2,China,3,Chris Cornell,2,Chris Cuomo,1,Christianity,1,Clarence Thomas,1,click bombing,1,Clint Eastwood,1,Cloud,5,Cloud Backup,5,Cloud Storage,5,coffee,1,coinages,1,comedy,4,Comey,12,comic juxtapositions,1,comics,1,Comments,9,commerce,2,communism,2,computers,2,conspiracies,1,Content Marketing,6,conversation,1,courage,1,crazy,1,crime,2,css,28,custom domain,2,dancing,3,dead,1,death,2,debates,1,Definitive Guide of Magento SEO,1,Democratic Party in Trumpland,2,diversity politics,1,dogs,3,Domains / Blogger,1,Down Syndrome,1,drugs,2,Drupal,1,Dylan,2,earn money blogging,16,eCommerce,1,eCommerce Trends,1,economics,1,EDH,1,education,2,Edward Albee,1,Egypt,1,el-Sisi,1,elephant,1,Elizabeth Taylor,1,Emma Stone,1,emotion,1,emotional politics,1,Entrepreneurship,1,ENTREPRENEURSHIP &STARTUP,1,environmentalism,1,Ethical Backlinking Methods,2,ethics,1,etiquette,1,evidence,1,evil,1,excrement,1,Expert Roundup,3,Face the Nation,1,Facebook,6,Facebook widgets in blogger,5,fake,3,fake news,2,fashion,5,fat,1,FBI,2,feminism,6,fingernails,1,fire,1,firebug,1,Firefox OS,1,fish,1,flowers,9,font awesome,1,Foucault,1,Fox News,2,France,1,Frank Lloyd Wright,1,free schedule social media posts,1,free speech,5,Freebies,1,freedom,2,Freelance Tips,5,furniture,1,gender difference,2,gender politics,1,genitalia,2,geology,1,George Carlin,1,Germany,2,gestures,3,ghost,1,Gianforte,2,global warming,1,God,1,Googe Doodle,1,Google,5,Google Ad Planner,1,Google AdWords,1,Google Algorithm,4,Google Announcements,2,Google Authorship Program,1,Google backlinks strategies,4,Google Dance,1,Google Maps,1,Google Optimize,1,Google PageRank,2,Google Panda Update,1,Google Places,2,google plus,5,Google Queen Doodle,1,Google rich snippets blogger,1,Google Search Engine Optimization,1,Google Webmaster tools,2,Google Webmaster Tools tutorials,9,Google's Penguin update,3,Google+ Custom URL,1,Google+ Events,1,Google+ Local,3,Google+ Places,1,Grace Kelly,1,Gretchen Carlson,1,hairstyles,1,Harvard,1,hats,1,headlines,3,health,2,hearsay,1,Hillary 2016,3,Hillary goes away,1,hipsters,2,history,1,Hitchcock,1,hombre,1,homepage,1,hot,1,how to,55,HTC,1,html,3,hypocrisy,2,I am making a new tag for this,1,I'm not making a tag for this,1,I'm skeptical,2,Image Effects,13,impeachment,2,India,2,Infographic,1,insanity,1,insects,2,instagram,3,Instapundit,3,insults,3,Internet Marketing,11,Internet.org,1,invalid clicks,1,Iran,1,irony,1,ISIS,3,Islam,2,Israel,3,iwatch,1,Jackie Kennedy,1,Jake Tapper,1,James Bond,1,James Hamblin,1,Japan,1,Jared Kushner,1,javascript,10,Jerusalem,1,Jesse Singal,1,Jesse Ventura,1,Jesus,1,Jia Tolentino,1,Jimmy Fallon,1,JK Rowling,1,Joe Scarborough,1,John Belushi,1,John Dickerson,2,John Glenn,1,Jonathan Turley,1,journalism,4,jQuery,16,Julian Assange,2,Karl Marx,3,Kellyanne Conway,1,Kerry,1,kissing,1,labels,2,labor,2,Lake Monona,1,language,4,law,18,lawyers,1,laziness,1,LePage,1,LG,1,Lieberman,1,Link schemes,1,litigiousness,1,Local Search Optimization,1,Local SEO,6,Loretta Lynch,1,lying,1,Madison,2,Magento,1,Magento SEO,1,Magento SEO Guide,1,Maine,1,Make Money Onile,1,MAKE MONEY ONLINE,6,Manafort,1,Marketing Strategies,4,marriage,1,masculine beauty,1,masculinity,2,Matt Taibbi,1,Matthew Sablan,1,Maurice Sendak,1,McMaster,1,Media Buying,1,Megyn Kelly,1,Melania,5,men in shorts,1,menstruation,2,menus,7,Meryl Streep,1,Meta Robots,1,Meta Tag,2,metaphor,2,Michael Flynn,1,Michelle O,1,Mika Brzezinski,1,Mike Pence,1,MisterBuddwing,1,Mitt Romney,1,Mobile,7,Mobile Blogging,13,Mobile Marketing,3,Mobile Search,1,Molly Ball,1,montana,1,morality,1,Motorola or Sony,1,movies,4,Mozilla,1,Mozilla Mobile,1,Mozilla OS,1,MSM reports what's in social media,1,Mueller,2,murder,3,music,4,names,1,Navigation,5,navigation menu,5,Nazis,2,nervous,2,News,2,Nixon,1,normal,3,North Carolina,1,nyt,2,Obama and foreign policy,1,oDesk Tips,1,OED,1,order and chaos,1,PageSpeed,1,Paglia,1,partisanship,1,pasta,1,Paul Anka,1,Paul Theroux,2,Paul Zrimsek,1,Peggy Noonan,1,perfume,1,Peter Pan,1,Phillippe Reines,1,philosophy,3,photography,10,photoshopping,2,PHYSICS,1,Pierre Bayard,1,plants,2,political correctness,2,polyamory,1,Pope,2,popular posts,5,posts,11,poverty,1,PPC,1,President Trump,8,Prince,1,propaganda,2,protest,2,psychology,5,Putin,1,race and education,1,race and law,1,race and pop culture,1,race consciousness,1,racial politics,1,Ramesh Ponnuru,1,rape,3,Rebecca Traister,1,recent comments,1,recent posts,3,Reddit,1,redistricting,1,Reince Priebus,1,rel=author,1,related posts,3,Related posts widget blogger,7,relationships,3,religion and government,4,religious garb,2,RFRA,1,rhetoric,1,Rich Snippets,1,Richard Spencer,1,Rick Lee,1,Ricky Gervais,1,Robert Heinlein,1,Robin Givhan,2,robots,2,Robots.txt,1,Roger Ailes,2,Roger Kimball,1,Rupert Murdoch,1,Russia,4,Ryan Gosling,1,Safe Browsing,1,Samsung,1,Sarah Huckabee Sanders,1,Sarah Vowell,1,Saudi Arabia,4,schedule social media posts,1,schedule social media posts app,1,schedule your social media posts,1,SCIENCE,2,science fiction,1,Scott Walker,1,sculpture,3,Sean Spicer,1,Search Engine Optimization tips,1,seen and unseen,1,Semantic Markup,1,SEO,43,SEO Backlinks,4,SEO Best Practices,1,SEO Contest 2012,1,SEO Olympics 2012,1,SEO Resources,1,SEO Services,2,SEO Specialist,2,seo tips,4,SEO Tool,1,Seth Rich,1,sexting,1,sexual harassment,1,signs,2,sitemap,2,slavery,1,slideshows,3,smiling,1,SMM,5,SNL,2,social buttons blogger,6,social media,10,social media plugins,4,spelling,1,Startups,1,statcounter,1,static pages,2,strange medical condition,1,stupid,2,suicide,1,sun,1,Supreme Court,1,surgery,1,survival,2,Talking Heads,1,technology,3,Templates,1,terrorism,7,Tesla,1,the Alt-Right,1,the Althouse comments community,1,The Future,1,The Lightning Seeds,1,the paradox of choice,1,The Simpsons,1,theater,1,these kids today,1,things,1,things are not what they seem,3,things not believed,1,things that won't work,1,Thomas Friedman,1,threaded comments,3,Tillerson,2,tiny house,1,Tips and Tricks,2,too many rules,1,tools,9,tools to schedule social media posts,1,travel,4,treason,1,trees,1,trolls,1,trucks,1,Trump and foreign policy,4,Trump and immigration,2,Trump and pop culture,4,Trump and religion,2,Trump and the law,1,Trump and the press,3,Trump derangement syndrome,5,Trump economics,2,Trump rhetoric,7,Trump scandals,2,Trump troubles,5,Trump's Congress,2,Trump's masculinity,1,Twitter,2,UK,1,unfair sentence,2,University of Wisconsin,1,unsaid things,1,urban planning,1,Vanessa Friedman,1,viral video,1,Volokh,1,WaPo,3,Wasserman Schultz,1,Web Programming,1,Website Design,2,Website Promotion,11,welfare,1,what Trump did to the GOP,2,whiteness,1,Widgets,48,wikileaks,2,Wikipedia,2,Wilbur Ross,1,Win iPhone 4S,1,Winston Churchill,1,Wisconsin,1,Witte,1,women's magazines,1,Woody Allen,1,WORDPRESS,6,WordPress Security,1,wrestling,1,writing,2,Yale,1,Yandex webmaster tools tutorials,1,Yelp,2,Young Althouse,1,
ltr
item
shoutdemy: WordPress Site Security: What Can You Do About It?
WordPress Site Security: What Can You Do About It?
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhetescgP-_36McXq0ToYFIU9dHYLWiQCbwPhuwKEa1-bnMqKmfNjWpi7Rpbttt87FQ98j72VlUX0Wd6opSdGM7WX6ML50AbI3XWMGyhsZgBuiQ19uCObgiA82gqCxSHacT3khe3iJAesA2/s640/wordpress-two-factor-authentication.jpg
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhetescgP-_36McXq0ToYFIU9dHYLWiQCbwPhuwKEa1-bnMqKmfNjWpi7Rpbttt87FQ98j72VlUX0Wd6opSdGM7WX6ML50AbI3XWMGyhsZgBuiQ19uCObgiA82gqCxSHacT3khe3iJAesA2/s72-c/wordpress-two-factor-authentication.jpg
shoutdemy
https://shoutdemy.blogspot.com/2017/01/wordpress-site-security-what-can-you-do.html
https://shoutdemy.blogspot.com/
https://shoutdemy.blogspot.com/
https://shoutdemy.blogspot.com/2017/01/wordpress-site-security-what-can-you-do.html
true
9098016970842013807
UTF-8
Loaded All Posts Not found any posts VIEW ALL READ MORE Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy