Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

PluginDescriptionReview
Google Authenticator

The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry.

If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on your Gmail or Google Apps account.

The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.

If You need to maintain your blog using an Android/iPhone app, or any other software using the XMLRPC interface, you can enable the App password feature in this plugin, but please note that enabling the App password feature will make your blog less secure.

Very good plugin.

Tricky part is making sure time is synced with same time servers across the phone and server. For example, my iphone was off by 2 minutes because it was set manually to Toronto.

Best thing to do is turn on the 4 minute drift allowance.

Duo Two-Factor Authentication

This plugin enables Duo Security's two-factor authentication for WordPress logins.

Duo provides simple two-factor authentication as a service via:

  • Phone callback
  • SMS-delivered one-time passcodes
  • Duo mobile app to generate one-time passcodes
  • Duo mobile app for smartphone push authentication
  • Duo hardware token to generate one-time passcodes

This plugins allows a WordPress administrator to quickly add strong two-factor authentication to any WordPress instance without setting up user accounts, directory synchronization, servers, or hardware.

Free signup but it looks like only 1000 transactions for the life of the account.

Looks very professional.

BAW More Secure LoginGrid Cards 
Limit Login AttemptsBlocks Security SolutionMost useful feature I find when used with Google Authenticator is that it blocks user for x number of minute is more useful feature. Also tries to block minutes progressively more as more attempts are tried. Also blocks by cookie and ip. 

Should have link to how to ssh in to disable plugins if they misbehave.

...