D.K. Smith – WordPress Security Handbook: Facts & Fiction

Layer Three: Guard Your Network!

Two-factor authentication for increased security

Better than passwords alone, two-factor authentication adds another layer of access security. Admins or users can verify their identities via mobile phones, hardware tokens, or landline call backs.

Plugins make enabling two-factor authentication easy:

• Authy - two-factor authentication plugin
  • Get free Authy API key
• Google Authenticator - uses Google Authenticator app for Android, iPhone, Blackberry. Two-factor authentication can be enabled on a per-user basis. Protect admins but login as usual for low-level users.
• Duo offers a more advanced two-factor solution with multiple authentication methods using their Duo WordPress Plugin

Harden your browser...

• use HTTPS Everywhere - eff.org/https-everywhere
• NoScript Security add-on for Firefox and NotScripts for Chrome!