Servage Magazine

Information about YOUR hosting company – where we give you a clear picture of what we think and do!

Wordfence: WordPress security two-factor login

Tuesday, October 29th, 2019 by Helge

wordfence-medallionYou have probably already heard of the term two-factor authentication, maybe you already use it today even with other services? However, what you may not know is that two-factor authentication has more uses than the web, for example, it can be applied to secure the login for your WordPress page. According to estimations, more then 75.000.000 websites are running WordPress. Unfortunately, its popularity has made the tool a target for people who want to use your website to send spam or spread malicious code. Therefore, any means of securing your website that does not affect its usability may be worth reviewing and may also be used.In this post, we particularly want to tip about two-factor authentication via the Wordfence extension.

Increase the security of your WordPress page with Wordfence

The most commonly used security feature for WordPress right now is Wordfence. It provides good protection right out of the box, so to speak, but it has an often overlooked feature that further tightens up the security of your WordPress page – namely two-factor authentication. You do not have to be a star encoder to activate it, it does not cost any money and it gives a good profit in security for several reasons.How to enable two-factor authentication through Wordfence. So what do you need to enable two-factor authentication (2FA)? Well, you need to be an administrator for the WordPress page, you (for this example) need to have Wordfence installed and you need an app that can handle Time-based One-Time Password (TOTP).

Guide: How to enable two-factor authentication for your WordPress page with the Authy app

In this example, we assume that your WordPress page is installed via the Servage application installer and that the Wordfence extension has already been added.  

1. Upon activation, the plugin will add a new menu item labeled Wordfence to your WordPress admin bar. Clicking on it will take you to the plugin’s settings dashboard.


Wf1

This page shows an overview of the plugin’s security settings on your website. You will also see security notifications and stats like recent IP blocking, failed login attempts, total attacks blocked, etc.Wordfence settings are divided into different sections. The default settings will work for most websites, but you still need to review and change them if needed.Let’s start by running a scan first. Head over to Wordfence » Scan page and then click on ‘Start a Wordfence Scan’ button.

wf2

The scan will look for changes in file sizes in the official WordPress core and plugin files.It will also look inside the files to check for suspicious code, backdoors, malicious URLs, and known patterns of infections.Typically these scans need a lot of server resources to run. Wordfence does an excellent job of running the scans as efficiently as possible. The time it takes to complete a scan will depend on how much data you have, and the server resources available.You will be able to see the progress of the scan in the yellow boxes on the scan page. Most of this information will be technical. However, you don’t need to worry about the technical stuff.Once the scan is finished, Wordfence will show you the results.It will notify you if it found any suspicious code, infections, malware, or corrupted files on your website. It will also recommend actions you can take to fix those issues.Free Wordfence plugin automatically runs full scans on your WordPress site once every 24 hours.

 

Setting up Wordfence Firewall: Wordfence comes with a website application firewall. This is a PHP based application level firewall.The Wordfence firewall offers two levels of protection. The basic level which is enabled by default allows the Wordfence firewall to run as a WordPress plugin.This means, that the firewall will load with rest of your WordPress plugins. This can protect you from several threats, but it will miss out on threats that are designed to trigger before WordPress themes and plugins are loaded.The second level of protection is called extended protection. It allows Wordfence to run before WordPress core, plugins, and themes. This offers a much better protection against more advanced security threats.Here is how you would set up the extended protection.Visit Wordfence » Firewall page and click on the Optimize Firewall button. Wordfence will now run some tests in the background to detect your server configuration. If you know that your server configuration is different from what Wordfence has selected, then you can select a different one.Click on the continue button.Next, Wordfence will ask you to download your current .htaccess file as a backup. Click on the ‘Download .htaccess’ button and after downloading the backup file click on the continue button.Wordfence will now update your .htaccess file which will allow it to run before WordPress. You will be redirected to the firewall page where you will now see your protection level as ‘Extended protection’.

Please also check the Advanced Settings and Tools in Wordfence. You will find a  lots of useful options which you may find useful. You can visit Wordfence » Options page to review them.To get a full overview of the tool and it’s options, please check this WEBSITE.

 

Wordfence: WordPress security two-factor login, 3.8 out of 5 based on 4 ratings
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

No comments yet (leave a comment)

You are welcome to initiate a conversation about this blog entry.

Leave a comment

You must be logged in to post a comment.