Two Factor Authentication using DUO

Two-Factor Authentication

A brute-force attack is the most common hacking attempt on WordPress sites. In this type of attack hackers try to guess your username and password using many (often hundreds or even thousands) of computers, referred to as a botnet. The best defense against a brute-force attack is to use a unique and complicated password and have 2FA enabled.

Two-Factor Authentication (2FA) is an additional login security measure that prompts for a second login credential after you enter your correct username and password. For an attacker to login to a site with 2FA enabled they must have both the password and the user’s One Time Password (OTP).

DUO offers multiple ways to complete the 2FA. It can send you a push message to the DUO app, send a code in a text message, use an OTP app, and will also work with hardware tokens. DUO is a leader in 2FA and owned by Cisco. Basic service for up to 10 users is free. Ten or more users is $3/user/month. Additional features are available on larger plans.  Contact us if you are interested in using DUO with other applications such as Google GSuite or Microsoft Office365 or using your GSuite or Office365 login with WordPress.

2FA Setup

1. You will need a computer and your mobile device.
2. On your computer, open your web browser and login to the WP Admin at https://your-website-here/wp-admin
3. Login if prompted
4. Follow the on-screen instructions, select your device, and install the DUO app on your phone.  If you wish to only receive text messages and not install the app, select “other” when asked for the type of phone.
5. Send a push to your phone or use the six digit code from the DUO screen or text message to complete the login.