Introducing WordPress Two-Factor Authentication (2FA) in WP Remote
Spending hours maintaining client sites?
WP Remote will streamline your WordPress maintenance process and save you at least 4 hours per site every week.
The problem with login security is not the site; it is the users.
Picture this: despite your best advice, your website users will reuse their passwords across multiple sites. If even one of those sites is breached, your WordPress site too becomes vulnerable to brute-force attacks.
Or, one of your users logs in from a shared or public computer and forgets to log out.
This is why we are introducing the WordPress two-factor authentication (2FA) feature for all WP Remote users.
Double your site’s login security
2FA or two-factor authentication is an additional layer of login security. When a user logs into a site, they plug in their username, password, and a time-based, unique token sent to them at that instant. Only then can they access their dashboard.
Unlike a password, the token is generated specifically for that login, and cannot be used more than once. So even if a hacker knows a user’s password, they can’t log in without the code.
Behind the scene technicalities
WP Remote’s 2FA feature uses TOTP (Time-Based One-Time Password)-based authentication.
TOTP uses the current time as an input to an algorithm and generates unique codes. Users can generate a unique code using an authenticator app like Google Authenticator or Authy. This code is valid only for a short period, usually 30 seconds. It does not require internet access.
Why is WP Remote’s 2FA essential for your site?
WP Remote’s 2FA is designed to protect user accounts even if their passwords are compromised. Here’s how it secures your site:
- Negates password reuse risks: Many users reuse passwords across different sites. If one site is breached, attackers can access other sites where the same credentials are used. 2FA prevents this by requiring a unique, one-time code.
- Blocks brute force attacks: Attackers use automated software to guess passwords. 2FA stops them because the code changes every 30 seconds.
- Prevents credential stuffing: When attackers use stolen login details from one site to access accounts on another, 2FA blocks their efforts. Without the code, they can’t log in.
- Complicates phishing attempts: Even if users are tricked into revealing their passwords, attackers still can’t log in without the code.
How do you set up WP Remote’s 2FA?
Securing your WordPress admin dashboard with the new 2FA feature is straightforward. Here’s how you can do it:
- From your WP Remote dashboard, go to the Sites page and then to the site for which you want to configure 2FA security.
- Scroll down to see the Users section and click on Manage.
- Select the user/s for which you want to configure 2FA. If you want to configure 2FA for all users, simply check the topmost box.
- Next, click on the ‘key’ icon that says Manage 2FA.
- Choose from the options: Enable, Disable, or Reset. Use them to either enable 2FA, disable it, or reset it completely for all users.
- If you want to send an email notification to the users for whom you are configuring 2FA, check the Send notification email option.
- Click on Confirm and you are done.
The user/s will receive an email that will guide them through the 2FA setup process.
At WP Remote, we are committed to providing robust security features to safeguard your WordPress sites. We’re pleased to share that this 2FA feature is now available to all WP Remote users at no additional cost. By implementing 2FA, you ensure an extra layer of security that significantly raises the bar against unauthorized access and various types of cyber-attacks.
Tags:
Share it:
You may also like
Introducing Customizable WP Remote Notifications: Stay Informed, Not Overwhelmed
Managing website notifications can be a headache. How do you stay on top of things without drowning in emails or Slack notifications? Equally, you don’t want to miss the forest…
WP Remote’s New APIs: Make Data Access Effortless
APIs are a great way of aggregating data from multiple sources into custom dashboards. We’ve created GET APIs for WP Remote, so you can integrate insights from your premier site…
How a Theme Update Gave Our Custom CSS a Nervous Breakdown
One of the more dreaded notifications we get on our WordPress sites is the one to update the page builder or theme. It is not a question of if an…
How do you manage your websites?
Managing multiple WordPress websites can be time consuming and error-prone. WP Remote will save you hours every day while providing you complete peace of mind.
Managing everything yourself
But it’s too time-consuming, complicated and stops you from achieving your full potential. You don’t want to put your clients’ sites at risk with inefficient management.
Putting together multiple tools
But these tools don’t work together seamlessly and end up costing you a lot more time and money.