So why not take an extra step to control what we can? I’m talking about WP admin access. Perhaps you already have some security plugin. Good. How about adding something that would be almost impossible to bypass? A 2-factor authentication that can be implemented in minutes and can also protect your other important online accounts on top of your site admin?
I mean Google Authenticator. GA will provide you with a “token” (a 6-digit code) that expires every 30 seconds, required for access and only you have it, it’s on your phone or tablet. You can use Google Authenticator app but my preferred app is Authy (free) because it also works with other 2-factor systems so you can keep everything in one app. Here’s a list of only some accounts you can protect using Authy, the list is much longer but you get an idea of how important 2-factor is these days:
There is a number of plugins you can use to implement Google Authenticator on your site. I’m showing you what I use and I tried several. I’m sure others have evolved over time, pick your own.
I use Google Authenticator https://wordpress.org/plugins/google-authenticator/ and Google Authenticator – Per User Prompt https://wordpress.org/plugins/google-authenticator-per-user-prompt/
You will find Google Authenticator settings under Users > My Profile after installing.
The Per User Prompt plugin allows you to login using a password manager, it will ask you to use GA token from Authy on the next screen. It will also allow you to decide which users should be required to use 2-factor. This can be priceless if you have multiple admins and therefore risks of stolen access credentials are multiplied.
I hope this was helpful. Cheers!