If you’re already using our security plugin Defender, you might’ve noticed a new feature we snuck in a few weeks ago. But let’s make it official: We’ve added two-factor authentication to Defender!
Many WPMU DEV members were at a loose end when Clef was sunsetted back in March. The service offered a simple security solution for two-factor authentication, along with a free plugin and app for WordPress. It was awesome. And then it just disappeared.
So we thought, why not add it to Defender? So we did.
We’ve added two-factor authentication to both the free and premium versions of Defender, so when you next update Defender for your site/s just enable this new feature to get started.
It’s free, it’s simple, and members who’ve stumbled across it are loving it so far:
“Thank you for bringing back a free and easy to use 2 Factor Authentication after Clef! The security features are also awesome! They help me to be more aware about security.”
What is Two-Factor Authentication?
If you’ve never used two-factor authentication before, here’s a quick rundown:
Two-factor authentication adds another layer of security to your site that requires not only a password and username when logging in, but also a passcode that you can only generate on your smartphone.
Using a username and password together with a piece of information that only you can access makes it harder for potential hackers to gain access to your website.
For more information on two-factor authentication, check out the entry in the WordPress Codex.
Setting Up Two Factor Authentication with Defender
If you already have Defender installed, start by updating the plugin to the latest version. If you aren’t using it yet, you can enable it in The Hub.
Or go to the WordPress Plugin Directory to download the free version there.
Go to Defender > Dashboard in the WordPress admin and scroll down to the bottom where you’ll see this new section:
Click Activate. The message will refresh to let you know two-factor authentication has been enabled for your site.
Defender requires all users on a site to enable two-factor authentication in their user profile, as well as sync their account with the Google Authenticator app.
To do this, click on Profile page to go to your user profile for your site.
You’ll be taken to your profile. Scroll to the bottom and click Enable.
You’ll then see this screen:
Follow the steps by downloading Google Authenticator for your phone, scanning the barcode, and entering the six digit passcode that the Authenticator app generates.
Click Verify and you’re all done!
Next time you log in to your site, after you enter your username and password, you’ll be asked to enter a passcode. Just fire up the Google Authenticator app on your phone and enter the passcode.
Defender includes some advanced features for two-factor authentication, including:
- User Roles – Enable two-factor authentication for certain user roles for your site.
- Lost Phone – If a user is unable to access their phone, you can enable an option to send a one-time password to their registered email.
- Active Users – Site admins can view a list of users who have the feature enabled.
- Deactivate – No longer require two-factor authentication for your site? Simply turn it off.
It’s Never Been Easier to Protect Your Site
I’ve been using Defender’s new two-factor authentication feature on my own personal sites for a couple of weeks now and it’s awesome. I don’t have to worry about brute force attacks, and logging in is super easy. I’m so used to it not that it’s almost like I’ve always had this feature on my site.
If you’re a member, update Defender today to get started using two-factor authentication.
If you’re not a member, try WPMU DEV free to 30 days to get access to Defender along with everything else we offer – performance and image optimization, cloud backups, automated site management, 24/7 support… there’s so much more we offer but it would take me all day to write it out, so sign up and see for yourself – it’s free after all 🙂