{"id":3088,"date":"2022-04-16T12:59:08","date_gmt":"2022-04-16T10:59:08","guid":{"rendered":"https:\/\/davidperezgar.com\/?p=3088"},"modified":"2024-08-03T13:22:01","modified_gmt":"2024-08-03T11:22:01","slug":"double-factor-authentication-wordpress","status":"publish","type":"post","link":"https:\/\/davidperezgar.com\/en\/blog\/web-development\/double-factor-authentication-wordpress\/","title":{"rendered":"Easy two-factor authentication in WordPress"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Two-factor authentication is being implemented in more and more online services such as social networks to improve security and prevent impersonation.\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Tabla de contenidos<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-69ea3ae6b65a3\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-69ea3ae6b65a3\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/davidperezgar.com\/en\/blog\/web-development\/double-factor-authentication-wordpress\/#Dual_authentication_to_increase_security_in_WordPress\" >Dual authentication to increase security in WordPress<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/davidperezgar.com\/en\/blog\/web-development\/double-factor-authentication-wordpress\/#Does-that-mean-Im-safe-with-two-step-verification\" >Does-that-mean-I&#8217;m-safe-with-two-step-verification?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/davidperezgar.com\/en\/blog\/web-development\/double-factor-authentication-wordpress\/#Something_I_have\" >Something I have<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/davidperezgar.com\/en\/blog\/web-development\/double-factor-authentication-wordpress\/#Something_I_know\" >Something I know<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/davidperezgar.com\/en\/blog\/web-development\/double-factor-authentication-wordpress\/#Something_I_am\" >Something I am<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/davidperezgar.com\/en\/blog\/web-development\/double-factor-authentication-wordpress\/#Option_2FA_from_1Password_and_WordPress\" >Option 2FA from 1Password and WordPress<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/davidperezgar.com\/en\/blog\/web-development\/double-factor-authentication-wordpress\/#What_method_do_you_use\" >What method do you use<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Dual_authentication_to_increase_security_in_WordPress\"><\/span>Dual authentication to increase security in WordPress<span class=\"ez-toc-section-end\"><\/span><\/h2>.\n\n\n\n<p class=\"wp-block-paragraph\">The <strong>benefits of using two-factor authentication<\/strong>, are manifold:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Layer of security.<\/strong> It provides a layer of security against possible password attacks. It performs double authentication, so it verifies the user in a more definitive way.<br><\/li><li><li><strong>Increases productivity and flexibility<\/strong>. As it allows users to use corporate applications thanks to the increased security it offers.<br><\/li><li><li><strong>Reduces fraud and creates secure online connections.<\/strong><\/li><\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"that-means-I'm-safe\"><span class=\"ez-toc-section\" id=\"Does-that-mean-Im-safe-with-two-step-verification\"><\/span>Does-that-mean-I&#8217;m-safe-with-two-step-verification?<span class=\"ez-toc-section-end\"><\/span><\/h3>.\n\n\n\n<p class=\"wp-block-paragraph\">No. By definition,&nbsp;<strong>no network-connected system is 100% secure<\/strong>. However, it has&nbsp;<strong>reduced the risk of data theft<\/strong>&nbsp;by adding an additional level of security.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Multi-factor authentication is based on the identification of the user based on three principles:<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-columns is-layout-flow wp-block-column-is-layout-flow\"> &#8211;>\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Something_I_have\"><\/span>Something I have<span class=\"ez-toc-section-end\"><\/span><\/h3>.\n\n\n\n<p class=\"wp-block-paragraph\">Mobile, FIDO device<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\"> &#8211;>\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Something_I_know\"><\/span>Something I know<span class=\"ez-toc-section-end\"><\/span><\/h3>.\n\n\n\n<p class=\"wp-block-paragraph\">Password<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Something_I_am\"><\/span>Something I am<span class=\"ez-toc-section-end\"><\/span><\/h3>.\n\n\n\n<p class=\"wp-block-paragraph\">Fingerprinting, facial recognition, etc<\/p>\n<\/div>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Therefore, this security layer is also highly recommended to use it in <a href=\"https:\/\/close.marketing\/diseno-paginas-web\/\" target=\"_blank\" rel=\"noopener\">our websites made in WordPress<\/a>. Thinking that we manage web networks, websites with user information and sales in online stores. This recommendation is made a lot by <a href=\"https:\/\/www.wpsysadmin.com\/\" target=\"_blank\" rel=\"noopener\">Javier Casares<\/a>, and hence I set about securing our logins.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To do this, you need to use this plugin:<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embeded is-provider-plugin-directory wp-block-embed-plugin-directory\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"q3FMtSwJir\"><a href=\"https:\/\/wordpress.org\/plugins\/two-factor\/\" target=\"_blank\" rel=\"noopener\">Two-Factor<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;Two-Factor&#8221; &#8212; Plugin Directory\" src=\"https:\/\/wordpress.org\/plugins\/two-factor\/embed\/#?secret=nNEEo8BNCO#?secret=q3FMtSwJir\" data-secret=\"q3FMtSwJir\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">That allows you to perform double authentication with the following methods based on <strong><em>Something I have<\/em><\/strong>:<\/p>.\n\n\n\n<ul class=\"wp-block-list\"><li>Email.<\/li><li>Time-based one-time password (TOTP).<\/li><li>FIDO U2F security keys.<\/li><li>Backup verification codes.<\/li><\/ul> <\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The simplest is the <strong>email<\/strong> one, but it is tedious, which makes you check your email every time you want to log in.<\/p> <p>.\n\n\n\n<p class=\"wp-block-paragraph\">The one I <strong>recommend would be the time-based TOTP<\/strong>, and you can use different applications like:<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-8f761849 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\"> &#8211;>\n<ul class=\"wp-block-list\"><li>Google Authenticator<\/li><li><li>Microsoft Authenticator<\/li><li>LastPass<\/li><li><li>1Password<\/li><\/ul>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\"><div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/davidperezgar.com\/wp-content\/uploads\/microsoft-authenticator-edited.webp\" alt=\"microsoft authenticator\" class=\"wp-image-3095\" width=\"371\" height=\"659\" title=\"\" srcset=\"https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/microsoft-authenticator-edited.webp 742w, https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/microsoft-authenticator-edited-281x500.webp 281w, https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/microsoft-authenticator-edited-609x1082.webp 609w\" sizes=\"auto, (max-width: 371px) 100vw, 371px\" \/><\/figure>\n<\/div><\/div>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Until now I was using the Google option, but it also caused me to have to go to my mobile and look up the codes and enter them by hand.\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Option_2FA_from_1Password_and_WordPress\"><\/span>Option 2FA from 1Password and WordPress<span class=\"ez-toc-section-end\"><\/span><\/h2>.\n\n\n\n<p class=\"wp-block-paragraph\">This is my option that I&#8217;ve managed to make fast and secure.<\/p> <p>We&#8217;ve got this option for you.\n\n\n\n<p class=\"wp-block-paragraph\">Once we have installed the <a href=\"https:\/\/es.wordpress.org\/plugins\/two-factor\/\" target=\"_blank\" rel=\"noopener\">Two Factor<\/a> plugin, we will need to go to edit the user profile to activate the different 2FA options. In this case, I use the second one which is the one-time password.<\/p> <p>.\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"2048\" height=\"785\" src=\"https:\/\/davidperezgar.com\/wp-content\/uploads\/opciones-two-factor-usuario.png\" alt=\"options two factor user\" class=\"wp-image-3096\" title=\"\" srcset=\"https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/opciones-two-factor-usuario.png 2048w, https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/opciones-two-factor-usuario-596x228.png 596w, https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/opciones-two-factor-usuario-768x294.png 768w, https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/opciones-two-factor-usuario-1082x415.png 1082w, https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/opciones-two-factor-usuario-1536x589.png 1536w\" sizes=\"auto, (max-width: 2048px) 100vw, 2048px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">The QR is used for our App password generator, can link to our website (calm that the QR I have on my website is not that &#8230; hehe). <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If we use <a href=\"https:\/\/davidperezgar.com\/go\/1password\/\">1Password<\/a>, in addition to the normal password, we can add the one-time password, as seen below in add more in the password edit.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"962\" height=\"1176\" src=\"https:\/\/davidperezgar.com\/wp-content\/uploads\/edicion-1password.png\" alt=\"edit 1password\" class=\"wp-image-3097\" title=\"\" srcset=\"https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/edicion-1password.png 962w, https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/edicion-1password-409x500.png 409w, https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/edicion-1password-768x939.png 768w, https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/edicion-1password-885x1082.png 885w\" sizes=\"auto, (max-width: 962px) 100vw, 962px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Then, we scan the QR code from 1Password:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"956\" height=\"1150\" src=\"https:\/\/davidperezgar.com\/wp-content\/uploads\/escaner-qr-1password.png\" alt=\"qr scanner 1password\" class=\"wp-image-3098\" title=\"\" srcset=\"https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/escaner-qr-1password.png 956w, https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/escaner-qr-1password-416x500.png 416w, https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/escaner-qr-1password-768x924.png 768w, https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/escaner-qr-1password-899x1082.png 899w\" sizes=\"auto, (max-width: 956px) 100vw, 956px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Once we save the one-time password option, we already have the password generator option:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"928\" height=\"634\" src=\"https:\/\/davidperezgar.com\/wp-content\/uploads\/contrasena-1-solo-uso.png\" alt=\"password 1 use only\" class=\"wp-image-3099\" title=\"\" srcset=\"https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/contrasena-1-solo-uso.png 928w, https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/contrasena-1-solo-uso-596x407.png 596w, https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/contrasena-1-solo-uso-768x525.png 768w\" sizes=\"auto, (max-width: 928px) 100vw, 928px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">And we are left with a very simple configuration, which is why I decided on this system. We log in to the Web page:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"732\" height=\"804\" src=\"https:\/\/davidperezgar.com\/wp-content\/uploads\/inicio-sesion-wordpress.png\" alt=\"wordpress login\" class=\"wp-image-3100\" title=\"\" srcset=\"https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/inicio-sesion-wordpress.png 732w, https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/inicio-sesion-wordpress-455x500.png 455w\" sizes=\"auto, (max-width: 732px) 100vw, 732px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">And in the next step, 1Password enters the generated password, making it very easy and fast. You no longer have to go to a different device and you keep the two-factor authentication.\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"760\" height=\"792\" src=\"https:\/\/davidperezgar.com\/wp-content\/uploads\/inicio-sesion-wordpress-contrasena-1-solo-uso.png\" alt=\"wordpress login password 1-time use only\" class=\"wp-image-3101\" title=\"\" srcset=\"https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/inicio-sesion-wordpress-contrasena-1-solo-uso.png 760w, https:\/\/davidperezgar.com\/en\/wp-content\/uploads\/sites\/4\/inicio-sesion-wordpress-contrasena-1-solo-uso-480x500.png 480w\" sizes=\"auto, (max-width: 760px) 100vw, 760px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>This system is the one I have implemented from now on<\/strong>. If we think about it, it would also be a triple counting on the fact that 1Password even unlocks it using fingerprint.<\/p> <p><\/p> <p><\/p> <p><strong>I have a very good idea.\n\n\n\n<p class=\"wp-block-paragraph\">From now on, you should take this into account especially in online stores, and websites with a lot of traffic. Think if they would enter your site in <em>administrator<\/em> mode, what they could do&#8230; like changing the payment method, etc&#8230;<\/p> <p>.\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_method_do_you_use\"><\/span>What method do you use<span class=\"ez-toc-section-end\"><\/span><\/h2>?\n","protected":false},"excerpt":{"rendered":"<p>Two-factor authentication is being implemented in more and more online services such as social networks to improve security and prevent identity theft. Two-factor authentication to increase security in WordPress The benefits of using two-factor authentication are multiple: Layer of security. It offers a layer of security against possible password attacks. It performs a double authentication, so it verifies the user in a more definitive way. Increases productivity and flexibility. It allows users to use corporate applications thanks to the increased security it offers. Reduces fraud and creates secure online connections. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4132,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","inline_featured_image":false,"_ayudawp_aiss_exclude":false,"webmentions_disabled_pings":false,"webmentions_disabled":false,"editor_notices":[],"footnotes":""},"categories":[168],"tags":[],"class_list":["post-3088","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-web-development","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50"],"_links":{"self":[{"href":"https:\/\/davidperezgar.com\/en\/wp-json\/wp\/v2\/posts\/3088","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/davidperezgar.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/davidperezgar.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/davidperezgar.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/davidperezgar.com\/en\/wp-json\/wp\/v2\/comments?post=3088"}],"version-history":[{"count":0,"href":"https:\/\/davidperezgar.com\/en\/wp-json\/wp\/v2\/posts\/3088\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/davidperezgar.com\/en\/wp-json\/wp\/v2\/media\/4132"}],"wp:attachment":[{"href":"https:\/\/davidperezgar.com\/en\/wp-json\/wp\/v2\/media?parent=3088"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/davidperezgar.com\/en\/wp-json\/wp\/v2\/categories?post=3088"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/davidperezgar.com\/en\/wp-json\/wp\/v2\/tags?post=3088"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}