(TFA) or “Two Factor Authorization for WordPress” is a security plugin that makes your WordPress safer. There are several different 2 step options in this plugin and they are very easy to set up. You can also access the Two Factor GitHub page here.
Two Factor Run Down *
Two Factor Authorization creates another step for users that try to log into your WordPress. Why does this make your WordPress safer? Because someone needs more than just your username and password to hack their way into your website. This does create another step for you the website master but only one time per device. When preforming any of the following options you will have to log out and try to log back in before you can see it.
In order to get to the settings you must click on “Users” in your dashboard. You will then be able to see the options that we will discuss below.
Two Factor Options *
There are 5 different Two Factor options. Lets talk about them.
TFA Email Option *
If you enable this option you will be emailed a code that you use during the login process. You will have to wait for your email to come.
This is very easy to do. Just click the settings and you are ready to go.
- You better hope that your server is not out of SMPT relays. If it is you will never get the email with the code.
- It may take several minutes before you get the code using this method.
- It is not secure because someone can intercept an email if it is not secure.
Time Based One-Time Password (Google Authenticator) *
You need to download Google Authenticator in order to use this.
Its very secure.
- You have to download an app on your phone or tablet.
- Is a little bit harder to set up.
FIDO Universal 2nd Factor (U2F) *
Do not try this unless you have a HTTPS or SSL on your website. You have to register a new key to begin this process.
It is very secure.
You need a SSL or HTTPS to set it up.
Backup Verification Codes (Single Use) *
This is my favorite. You click a button to generate verification codes then download them. Save them to a safe place & use them in consecutive order.
Very easy & secure.
- Do not lose the codes or you will be blocked out.
- You have to use the codes in consecutive order.
- You cannot use the same code twice.
Dummy Method *
This is by far the easiest option but they call it dummy option for a reason.
Very easy to implement.
It does not make your wordpress any safer.