August 05, 2016

Passwords are an unquestionable means of defense against hackers. A compromised WordPress site can damage your clients’ business reputation — the kind of harm that takes a long time to recover from. Yet no matter how complicated you make a password (adding numbers and symbols), it’s still not the strongest form of protection. Hackers can be brutish, so to speak, about breaking into websites and apps, and while it’s important to devise complicated passwords, hackers can still break that code. This blog post will look at the method that you should use to beef up your clients’ WordPress security: two-factor authentication.

Brute Force Tactics on Your Credentials

If your clients’ username and password are easy to remember, odds are it’s easy for a hacker to crack their digital assets. To make matters worse – or easier for hackers – many people continue to use the WordPress default “admin” username. Other users rely on usernames and passwords that are similar to their own names, again giving hackers an easy way in.

Sadly, no matter how complex your username and password are, hackers have time on their hands, not to mention effective hacking tools. They can simply bide their time until they can crack the code, or use brute force.

Brute force is a strong-arm tactic in which hackers try to overpower users’ defenses by using repetition. They use combinations of usernames and passwords with software that recombines English dictionary words with thousands of variations. They start with “a,” “aa,” “aaa” – and proceed to full words such as “apple,” “aardvark,” “attacks.” Brute force dictionaries work faster with the alphabet than a preschool teacher does; they can try a combination of 50 words per minute.

If your clients ever doubt that their WordPress site could be a target of brute force hackers, just take one look at the statistics from their site’s insights page. You’ll undoubtedly see visitors from countries (China, Turkey and Russia, for example) that are notorious for their vast numbers of hackers. If the WordPress-backed website for their fly fishing guide business reveals hot fishing spots in the rivers of New Hampshire, it’s highly unlikely readers in Turkey had a legitimate reason to visit their blog.

Two-factor Authentication Strengthens Logins

Two-factor authentication, as the name implies, makes it twice as hard to hack a WordPress username and password. WordPress started offering it in 2013. Essentially, it’s a process that requires a user to login with not only a username and password, but also a unique code for one-time use. This code is sent to a device, usually a smartphone via SMS, each time you login. You then enter the code in the WordPress credentials stage.

Google is a popular two-factor authentication offering for WordPress administrators, who can choose either Google Authenticator or Google Authenticator for WordPress. Both are easy to install and set up. For example, with Google Authenticator, go to “Users > Your profile” and select the “Active” checkbox to activate. That’s it! Similarly, activating Google Authenticator on a mobile device is also easy; just follow these instructions.

Authy has three layers of security with its two-factor offering: one-time passcodes delivered via SMS or text-to-speech phone calls; a new seven-digit code that’s generated every 20 seconds; and an authentication request requiring a “yes” or “no” answer. Duo also has a smattering of choices: SMS message, authentication via a push notification, or a simple phone call.

Two-step Authentication Trips up Hackers

Your clients’ WordPress defense should be as strong as possible. Once their site is compromised, their published work can be tainted and their online reputation will suffer – as will your agency’s. User security with two-factor authentication is a basic, uncomplicated defense measure against hackers. Why not make them work extra hard and protect your digital assets with two-step authentication?

Want WordPress without the hassle? Check out WordPress Without Limits, a managed WordPress solution, with one-click staging, one-click backup restoration, automatic updates, automatic backups, and free SSL.

Kerri Molitor
We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.