Search for blog posts, documentation, or pages

Today we’re excited to announce the integration of our two-factor authentication with the WordPress platform. Now your WordPress-powered website or blog can be protected with the same strong and user-friendly two-factor authentication that protects your traditional remote access with just a few clicks.

WordPress isn’t just for small personal blogs anymore: over 14% of the top million biggest websites are powered by WordPress. Its popularity has made it a juicy target for attackers, who often phish, sniff, or bruteforce WordPress account credentials in order to slip malicious exploits into popular websites to compromise the visitors of those sites.

By installing the Duo WordPress plugin, you can add a second line of defense to your WordPress login credentials - your mobile phone! You will be able to log in to WordPress with confidence that your account is secure.

Duo WordPress Walkthrough

Getting Duo’s two-factor authentication integrated with your WordPress blog is a snap and only takes a few minutes!

1. Sign up for a Duo account

If you don’t yet have a Duo account, head over to and sign up for free!

2. Add a new integration

Log in to the Duo administrative interface and add a new Web SDK integration for your WordPress blog:

After adding the integration, make note of the integration key and the secret key as you will need these keys when configuring the Duo WordPress plugin. Also, select the “WordPress” visual style and click “Save Changes”.

3. Install and configure the Duo WordPress plugin

Log in to your WordPress blog as an administrator. Navigate to “Plugins > Add New”, search for “Duo Security”, and click “Install Now” to install the Duo WordPress plugin:

Next, click “Activate” to activate the plugin:

Lastly, click “Settings” to configure the plugin. Enter the integration key and secret key that you obtained from the Duo administrative interface and save the changes:

That’s it!

The first time a user logs in, they will be able to self-enroll their mobile phone to use as their second factor of authentication. Upon subsequent logins, they will be challenged to authenticate using their mobile phone:

Duo is the best-of-breed for strong two-factor authentication, supporting Duo Push, phone callback, or one-time passcodes generated via the Duo Mobile app or delivered via SMS. The best part is that Duo is completely free for under 10 users (or unlimited users for open source projects) and only $3/user/month beyond 10 users.

Beyond WordPress

If you’re a fan of our WordPress integration and want similar protection for your own web application, be sure to check out our web SDKs that make it simple to add Duo two-factor authentication to any Python, Ruby, PHP, Java, ASP.NET, or Classic ASP web application. The source code for the duo_wordpress plugin is also available in our GitHub repository and provides a great example of how easy it is to use the web SDK.

Keep an eye out for additional web integrations in the near future. If you have any particular web apps or frameworks you’d like to see Duo integrated with, just leave us a comment below!


Free Guide

Security for an Age of Zero Trust

Think your organization is ready for the cloud and decentralized security? Download this white paper to learn why you may not be.


phishing (20)  two-factor-authentication (18)  security news (17)  healthcare security (16)  passwords (15)  weekly ink (13)  cloud security (11)  mobile security (10)  federal cybersecurity (10)  malware (10)  infosec-evolution (9)  duo mobile (8)  retail data breaches (8)  rsac2015 (8)  banking security (8)  financial data breach (7)  stolen-passwords (7)  data breaches (7)  2fa (6)  pci dss (6)  stolen credentials (6)  financial institutions (6)  ooba (6)  webinar (5)  remote access security (5)  transaction-level 2fa (5)  atms (5)  encryption (5)  healthcare cybersecurity (5)  healthit (5)  platform edition (5)  ios security (5)  defcon-23 (4)  remote access attacks (4)  bank security (4)  data breach notification (4)  pos malware (4)  higher education (4)  blackhat 2015 (4)  google (4)  financial data security (4)  vulnerability (4)  medical identity theft (4)  rig exploit kit (4)  retail data security (4)  hipaa (4)  endpoint security (4)  third-party security (4)  retail (4)  2-factor-authentication (4)  security threats (4)  uk security (4)  defense in depth (3)  media security (3)  ffiec (3)  payment card breach (3)  health it (3)  out of band authentication (3)  law firm security (3)  ios (3)  retail data risks (3)  e-prescriptions (3)  otp bypass (3)  ssl (3)  car security (3)  security research (3)  critical infrastructure security (3)  dyre trojan (3)  end-user authentication (3)  strong-authentication (3)  iot security (3)  ehr (3)  target (3)  social engineering (3)  anthem (3)  defcon (3)  byod (3)  retail ebook (3)  manufacturing security (3)  home depot (3)  healthcare data breach (3)  duo-security-summit (3)  two-factor (3)  twitter (3)  hipaa security rule (3) 

Duo is hiring!

View our open positions

Subscribe to our Newsletter

Get product updates, interesting content, and invitations to online and live events.