WordPress two factor authentication (2FA)

Nowadays just about every critical service that we use requires dual authentication methods (2FA). This is more practically known as “the thing that sends you a code by text, email, or Authentication App to verify your identity, after logging in with password”.

Security and convenience are always at odds. Everybody dislikes 2FA, but it’s a necessary inconvenience. This technology has grown in popularity as reports of data leaks have been on the rise.

WordPress and WooCommerce store owners love the convenience of the platform, but may not realize their exposure when using passwords alone – especially for Shop Manager or Administrator access levels.

Here’s just a few things that a bad actor could do with Administrator access:

• Install malware
• Steal user information
• Delete anything on your site

Here’s some 2FA plugins to check out and consider adding one to your site to fix those password weaknesses:

• https://wordpress.org/plugins/wordfence/ WordFence does a whole lot more than 2FA. This is the one to use if you need a software firewall, site scanner, or already use it and just need to enable 2FA.
• https://wordpress.org/plugins/two-factor-authentication/ (open-source, specify roles)
• https://wordpress.org/plugins/two-factor/ (open-source, simplest)
• https://wordpress.org/plugins/wp-2fa/ (freemium)
• https://wordpress.org/plugins/miniorange-2-factor-authentication/ (freemium)