Free Two-Factor Authentication Plugins For WordPress
If you manage a WordPress site or even several for clients, beefing up the overall security of a site is a no-brainer. Most users know how to strengthen passwords, but a tougher way to crack down on phishing and brute force is two-step authentication.
Two-factor authentication for logging into WordPress means that you don’t have to fumble trying to remember all your passwords. It also helps to protect you against phishing and brute force attacks since a hacker can’t just guess or enter your password to gain access to your site. They would also need access to your smartphone.
Here are some excellent and free two-factor authentication plugins that you can install on your WordPress site and start using today:
Defender is a one-stop-shop for securing your WordPress website. Not only does it have a ton of features such as security tweaks, file scans and full reporting, but it also has two-factor authentication.
It installs like most other plugins in the WordPress.org repository and in minutes, your whole site can be secured from top to bottom, inside and out.
Once you enable two-step authentication as the site or super admin in a couple clicks, you can choose which user roles are required to enable and use this security measure.
When that’s all done, users can visit their profile editing page in the admin dashboard to turn on this feature and get a QR code. From there, they can scan it using the Google Authenticator app on their mobile device and complete the setup. It takes about a minute.
The plugin also blends seamlessly into your site’s login page. When a user enters their login credentials, a similarly styled form loads where they can enter the secret security key provided by the Google Authenticator app.
More details: Defender
Google Two-Factor Authentication
Google Two-Factor Authentication plugin also doesn’t require the use of a password and works with the MiniOrange app so it’s a suitable alternative to Clef, though, it’s free for only one user. When you log in, you have the option to do so by using your username, password and Google two-factor authentication or your username and Google two-factor authentication.
If you’re migrating from Clef, there are six quick setup steps to get a comparable two-factor authentication service to Clef:
- Install the plugin like you would most others in the WordPress repository
- Verify your email
- Select the QR Code Authentication method
- Install the MiniOrange Authenticator app on your smartphone
- Scan the QR Code from the plugin page to the miniOrange app
- Configure the plugin to your specific needs
If you decide you want to upgrade to premium, there are many other types of two-factor authentication you can choose from including SMS, phone, email and push notifications.
More details: Google Two-Factor Authentication
This plugin is by far the most popular for Google Authentication. Like Clef, it offers two-factor authentication, but it’s different because it utilizes the Google Authenticator app. If you have two-factor authentication enabled for your Google, Amazon and Dropbox accounts, for example, you already have this app installed so it’s a convenient option in this case.
Once the plugin is installed and set up, you can scan the given QR code with your smartphone and follow the instructions for creating a profile in the Google Authenticator app. When you need to log in, you can go to the Google Authenticator app and copy the code into the extra field on the login form to sign in.
If you don’t have a smartphone or you don’t have access to WiFi or data on it, you can log in with the web-based version of the app.
It’s a solid plugin that’s updated consistently. When you’re setting it up, be sure to check that your web host can provide accurate time information. Otherwise, you would get locked out of your site. However, you can remove the plugin by deleting its folder in the /wp-content/ directory via FTP or SSH to regain access to your admin dashboard.
More details: Google Authenticator
With traditional two-factor authentication solutions, users enter a one-time password each time they want to login. With the Rublon plugin installed and activated on your site, you simply confirm your identity during the first login by clicking on a link or using one of selected of authentication methods via the Rublon mobile app. After this, your next login from the same device will only require your WordPress password.
Installing the Rublon plugin provides additional security authentication methods, like scanning a code to confirm your identity.
The Rublon plugin is simple and easy to use. Just install and activate the plugin and you’re done. After activation, your administrator account will be instantly protected with email-based two-factor authentication. Users don’t need to install or configure anything and require no training or one-time codes. Once they confirm their identity on a device, they can log in to all web services by only entering their WordPress password.
The free plugin protects 1 account per website (i.e. the administrator account). To protect additional website users requires upgrading to a paid subscription.
More details: Rublon
There’s no need to worry about what you’re going to do now that Clef is no longer an option. In fact, you have four suitable and solid alternatives to Clef for two-factor authentication on your WordPress login forms.
No matter which two-factor authentication plugin you use on your WordPress login forms, you can rest easy knowing your sites and your clients’ sites will be that much safer from phishing and brute force attacks.
For more details on beefing up WordPress security, check out some of our favorite security posts:
- WordPress Security: The Ultimate Guide
- A Comprehensive Guide to Editing .htaccess for WordPress Security
- WordPress Security: The Ultimate 32-Step Checklist
- WordPress Security: Tried and True Tips to Secure WordPress
- 12 Ways to Secure Your WordPress Site You’ve Probably Overlooked