If you’re like me and work and IT, love web development, and want to start a WordPress blog…. You might be worried about the inherent security of PHP. You’re not alone.
I’m not going to harp on PHP too much here. GeeksForGeeks has already done that. It’s a well-supported language and has a ton of history and use in production. I just hate how vulnerable it is AND how vulnerable it makes a common WordPress user.
Based on these statistics from ColorLib, a WordPress site gets hacked every 9 minutes. (How accurate this is, I don’t know). If you’re like me, you want to protect your blog, your efforts, your work, as much as possible.
I’ll likely be writing about how to improve the overall security of your WordPress site after I’ve ensured my blog is secure (Right now, it’s still kind of new).
However, let’s dive in. Multi-factor authentication. What is it? And how can it help you secure your blog?
Multi-Factor Authentication – What is it?
Simply put, Multi-factor authentication is a way of preventing people who aren’t authorized to log in to a resource with just a password. Here’s a primer article from Microsoft on MFA.
To briefly expand, think about authentications as ‘things’:
Something you know – Password, PIN, Security Question
Something you have – A device, a hardware token
Something you are – Biometrics (Fingerprint, Iris)
(Those are the main ones, there are some extras such as:
Something you do – Like a signature
Somewhere you are – Geo-location
Now don’t get overwhelmed. MOST people end up using the first two options. Something that you know and have, like your password and your cell phone.
If you enter your password and you receive a notification via SMS/text that reads: ‘Your verification code is 123456’, then you’re using Multi-factor authentication!
Click here to skip to the WordPress MFA implementation.
(Don’t read too far into it (unless that’s you’re thing) – I know that a password and THEN a texted pin is still two things you know. However, you need the device to get that 2nd thing that you know. So it’s kind of transitive in this situation.)
Something you know + Something you have > Something you know = MFA
This also applies to authenticator based authentication with OTPs (Push notifications are different)
(The above method isn’t inherently secure or unbreakable, but it’s a lot better than JUST using your password).
Setting up MFA for Your WordPress Blog
If you use WordPress.com, use this article to guide you through setting up multi-factor authentication.
If you have a self-hosted WordPress blog, you’ll need to use a plugin. I used WP 2FA.
You can download the plugin here OR you can install it from the plugin marketplace for WordPress.
I would write my own guide here, but WPBeginner has an excellent article with FAQs and pictures. This resource should be more than enough to help you get set up.
If you have trouble or need some help feel free to reach out to me on social media channels like Twitter or LinkedIn!
