New Plugin: Wordpress 2 Factor Authentication
You can’t have escaped the news that Wordpress installs have been the target of a brute force attack by hackers, and that experts are predicting worse is still to come.
So I’m pleased to introduce our latest Clockwork Plugin, 2 Factor SMS Authentication for Wordpress.
Internally we’ve often discussed the discord between the security of wordpress (a simple username and password) and how many businesses and people’s livelihoods are reliant on the platform, it doesn’t seem right.
The way our 2 factor SMS plugin works is by creating an additional layer of security, the ‘something you have’ to go with the ‘something you know’.
How it Works
Obviously download and activate the plugin first, then;
- On your Wordpress login screen input username and password,
- At this point a unique code is sent to your mobile phone via SMS,
- Enter that code into the on-screen form and you’re in.
There’s no need to download or open a phone app, you don’t need the latest smartphone, just a bog standard phone that can receive an SMS. Which I’m led to believe is bang on trend.
The following screen shots show the process perfectly:
The plugin has options that allow you to configure which user profiles should use SMS 2 factor authentication. You can also configure what the plugin does if you run out of credit i.e. lock you out until you top up, or the less secure option of disabling two factor authentication.
Existing Clockwork/ Wordpress Users
For those of you already using a Clockwork/Wordpress plugin it’s a simple case of downloading and activating the 2 Factor Auth plugin as you would any Wordpress plugin. We don’t charge for the installation itself just the SMS Authentication Codes, and it uses the API key already stored in your Clockwork settings page.
New Clockwork/ Wordpress Users
As well as downloading the plugin you’ll need to signup to Clockwork and grab yourself an API key for the settings page. Signup is free and you’ll get a couple of credits to test with.