How to Set Free Two-Factor Authentication on Your MainWP Dashboard

I noticed another WordPress Management solution charges almost a $100 a year to use their two-factor authentication add-on however since MainWP is a WordPress Plugin you can add two-factor authentication to your MainWP Dashboard for free.

In case you haven’t heard of it before, two-factor authentication is a security process in which the user provides two means of identification from separate categories of credentials.

This post will go over two separate plugins that integrate WordPress and their two-factor authentication systems. You can try them both and go with the one that works best for you.

1. WP Clef

Update 3/6/17: Removed directions for WP Clef due the company discontinuing support.

2. Duo Two-Factor Authentication

Duo’s WordPress plugin enables two-factor authentication for WordPress logins, complete with inline self-service enrollment and authentication prompt. The code is open-source and available on GitHub.

First Steps

Before starting:

1. Sign up for a Duo account
2. Log in to the Duo Admin Panel and create a new WordPress application to get an integration key, secret key, and API hostname. (See Getting Started for help).

Install and Configure the Plugin

1. Log in to your WordPress blog as an administrator. Navigate to Plugins – Add New in the left navigation bar. Then search for “Duo Security” and click Install Now for the Duo Two-Factor Authentication plugin:

To install the Duo two-factor plugin without using the WordPress Plugin directory, first download the Duo plugin as a zipped package from WordPress.

In the WordPress console go to Plugins – Add New and click the Upload Plugin button.

Click Choose File and select the duo_wordpress.zip package you downloaded. Click Install Now to upload Duo’s plugin to your WordPress site.

2. Click Activate Plugin after installing the Duo plugin:

3. After activation, click Settings to configure the plugin:

4. Copy and paste your integration key, secret key, and API hostname from the Duo WordPress application you created earlier. You may select which WordPress user roles need to authenticate using Duo. For example, you may only require those users with the “Administrator” role to use two-factor authentication, or require all roles to use two-factor.

To fully secure your WordPress site Duo recommends that you disable XML-RPC. However, this will prevent use of offline Weblog clients and the WordPress mobile app.

Click Save Changes to complete configuration.