wordpress security1

How to Enhance WordPress security with two-factor plugins

With the development of WordPress the security issues also increasing, so first of all make sure that you’re running the most up-to-date and secure version, upgrade to the latest release as soon as you can. Outdated version  can support malicious attacks and can increase the vulnerability to hacker attempts. Most WordPress security failures occur when a user is running an outdated version of WordPress on his Web site.

With WordPress plugins you can add a second level of protection to you blog and can give additional protection to your WordPress sites with latest version. You can use these pluings while login from your mobile devices and via email or SMS.

I found these plugins  for securing your WordPress site, check out the following plugins: [Ref. Digging Into WordPress]

Second Factor

This plugin prevents logged in users from doing anything on your wordpress.org blog until they have verified their second factor of authentication. The process goes like this:

Second factor plugins

  1. A user logs into your blog.
    • Behind the scenes a bunch of cryptographic stuff happens and a key is generated and attached to that user. The key is overwritten with a new one every single time they log in. This key is emailed to that user (via the email address the user is registered under.)
  2. The user gets the email with the code.
  3. The user then enters the code at the page which is now presented to them when they are trying to access your blog
    • Behind the scenes the token is checked for validity, and a cookie is added to the users session. They are now allowed access to your blog. If the key changes (the user logs out, or is required to log in again) the cookie that they may have been using will no longer be valid and they will be asked to enter the new one that they get via email.


SimpleAuth : Very Simple Secure Login

SimpleAuth : Very Simple Secure Login System

SimpleAuth is a simple and secure multi-user PHP login system. No database required. No php knowledge needed to implement this login system. You can secure all kind of pages : customer area, administration interface, member page or any private page.

Live preview

Google Authenticator

The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry.

Google Authenticator


Duo Two-Factor Authentication

Duo Two-Factor Authentication

This plugin enables Duo Security’s two-factor authentication for WordPress logins.

Duo provides simple two-factor authentication as a service via:

  • Phone callback
  • SMS-delivered one-time passcodes
  • Duo mobile app to generate one-time passcodes
  • Duo mobile app for smartphone push authentication
  • Duo hardware token to generate one-time passcodes

This plugins allows a WordPress administrator to quickly add strong two-factor authentication to any WordPress instance without setting up user accounts, directory synchronization, servers, or hardware.


Vladimir Prelovac:

I expect plugins like this to rise in popularity soon or even become a part of the core. We are soon adding similar support to our ManageWP.com users as well.

Sabre (Simple Anti Bot Registration Engine)

SABRE is an acronym for Simple Anti Bot Registration Engine. It’s a set of counter measures against spam registration on your blog. Your visitors are granted permission to register freely on your blog and now you are plagued by fake users automatically created by spammers? Sabre is the solution to stop definitely these robotized visitors!

List of available features Visit plugin site.


CHAP Secure Login

Do not show password, during login, on an insecure channel (without SSL).

secure login diagram


Bad Behavior

Deny automated spambots access to your PHP-based Web site. Before downloading Bad Behavior, check the installation instructions for your platform, as some platforms require a separate download or have special installation procedures.


AskApache Password Protect

Advanced Security: Password Protection, Anti-Spam, Anti-Exploits.

.htaccess Plugin Blocks Spam, Hackers, and Password Protects Blog

Login LockDown

Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.


WP Security Scan

wp security scan

WP Security Scan checks your WordPress website/blog for security vulnerabilities and suggests corrective actions such as:

  1. Passwords
  2. File permissions
  3. Database security
  4. Version hiding
  5. WordPress admin protection/security
  6. Removes WP Generator META tag from core code


How to increase the safety of WordPress
WordPress Security Plugins and Tips & Tricks
How to secure WordPress site from hackers through Plugins


5 out of 5 stars based on 276 rating(s).
  • Nur

    I am a WordPress, Website Developer and Designer, creator @ WP Arena, Provide Free WordPress consultation and can help to install WordPress in a secure way to small businesses and bloggers.