Instructions for Installing Layer 2 Security for Your WordPress Site
What is Layer 2 Security for WordPress Sites? Before the development of information technology, the security of user information received more and more attention. Currently, WordPress also provides a 2-tier security tool for WordPress sites to keep you safe. Now, let’s learn about 2-factor security for WordPress sites and how to install it!
Among many applications, the plugin supports 2-factor security verification for WordPress sites. In today’s article, I’ll guide you through using a really cool plugin to use 2-tier security for your WordPress site: Wordfence Security – Firewall & Malware Scan. Wordfence is known to be one of the most trusted and free security plugins used by many (over 3 million activations).
The reason why it is so widely used is because it has many very good security features, which can limit many common forms of attack, such as Local Hack, XSS, SQL Injection, automatically scan hosts for malicious code, and has 2 layers of security features for We are interested in wordpress sites.
Instructions for Installing Layer 2 Security for Your WordPress Site
2-factor security (2FA/2-factor authentication) is to increase the security of user accounts by adding 1 step on the basis of normal login activities. In addition to the security password layer, login must enter the code automatically generated on the mobile device to log in . This security method is very effective because it makes your account more secure, since to log into your account you must have your mobile device. Currently, this method is widely used, such as Google, Facebook, large e-commerce sites or banking sites.
Install the Wordfence Security Plugin
Before you can use the 2-factor security app for your WordPress site, you need to first install and activate the Wordfence Security plugin by uploading the zip file or searching in the plugins section of your WordPress admin page.
Install the Twilio Authy Authenticator app (red)
On your phone (smartphone), find and install the Authy app (red) from the app store
not google authorizer
Why you have to install Twilio Authy Authenticator (red) it will update data and install another one, it will be considered bad when you delete app or lose device
Once set up, accessing your WordPress account using the app will require you to obtain a 6-digit security code that is automatically generated every 30 seconds on the phone where the app is installed.
Configure Two-Factor Security Authentication (2FA) on the Wordfence Plugin
After successfully installing Wordfence, go to Login Security (1), then Settings (2).
In this interface, we can choose the user level that requires two-step verification when logging in (Admin is selected by default) (3).
(4) Require 2-factor security for all administrators: If checked, all administrator accounts will be required to enable two-factor authentication.
(5) Remember access: When enabled, users who enable 2-fold security for their WordPress sites only need to enter the code once every 30 days per device.
The rest can be skipped, if you want to know more, you can see the documentation of the WordFence Plugin developer.
Enable 2-tier security (2FA) for established users
The next step is to enter two-factor authentication, scan the QR code in item (1) using the authy app installed on your phone in step 2.
After scanning, the app on the phone will automatically generate a 2-layer security code every 30 seconds. We use this code pasted into item (2) and finally into Active (3) to enable 2FA for the user.
You can also download the backup code in item (4) and enter the two-step verification box when you visit.
Below is the image after successfully activating 2FA, you will have a deactivate button (deactivate 2-step verification).
The above is the code that the Authy app automatically generates every 30 seconds.
Check How Layer 2 Security Is Working For Your WordPress Site
After completing the installation process of the Wordfence plugin, test the operation of layer 2 security of your WordPress website. You proceed to log into your website; after passing the usual user and password checks, you’ll be asked for a verification code.
Keep an eye on your phone as verification codes are now sent via the Google Authenticator app on your phone, or you can use pre-downloaded backup codes. You will not be able to access until the correct verification code is entered.
NOTE: This code is only valid for a short time (30 seconds) and on phones where you have activated 2-layer security via a QR code.
The above is how to enable 2 layers of security on your WordPress website to enhance the security of your website and protect user information and passwords from Internet attacks.
