Search for blog posts, documentation, or pages

Today we’re excited to announce the integration of our two-factor authentication with the WordPress platform. Now your WordPress-powered website or blog can be protected with the same strong and user-friendly two-factor authentication that protects your traditional remote access with just a few clicks.

WordPress isn’t just for small personal blogs anymore: over 14% of the top million biggest websites are powered by WordPress. Its popularity has made it a juicy target for attackers, who often phish, sniff, or bruteforce WordPress account credentials in order to slip malicious exploits into popular websites to compromise the visitors of those sites.

By installing the Duo WordPress plugin, you can add a second line of defense to your WordPress login credentials - your mobile phone! You will be able to log in to WordPress with confidence that your account is secure.

Duo WordPress Walkthrough

Getting Duo’s two-factor authentication integrated with your WordPress blog is a snap and only takes a few minutes!

1. Sign up for a Duo account

If you don’t yet have a Duo account, head over to and sign up for free!

2. Add a new integration

Log in to the Duo administrative interface and add a new Web SDK integration for your WordPress blog:

After adding the integration, make note of the integration key and the secret key as you will need these keys when configuring the Duo WordPress plugin. Also, select the “WordPress” visual style and click “Save Changes”.

3. Install and configure the Duo WordPress plugin

Log in to your WordPress blog as an administrator. Navigate to “Plugins > Add New”, search for “Duo Security”, and click “Install Now” to install the Duo WordPress plugin:

Next, click “Activate” to activate the plugin:

Lastly, click “Settings” to configure the plugin. Enter the integration key and secret key that you obtained from the Duo administrative interface and save the changes:

That’s it!

The first time a user logs in, they will be able to self-enroll their mobile phone to use as their second factor of authentication. Upon subsequent logins, they will be challenged to authenticate using their mobile phone:

Duo is the best-of-breed for strong two-factor authentication, supporting Duo Push, phone callback, or one-time passcodes generated via the Duo Mobile app or delivered via SMS. The best part is that Duo is completely free for under 10 users (or unlimited users for open source projects) and only $3/user/month beyond 10 users.

Beyond WordPress

If you’re a fan of our WordPress integration and want similar protection for your own web application, be sure to check out our web SDKs that make it simple to add Duo two-factor authentication to any Python, Ruby, PHP, Java, ASP.NET, or Classic ASP web application. The source code for the duo_wordpress plugin is also available in our GitHub repository and provides a great example of how easy it is to use the web SDK.

Keep an eye out for additional web integrations in the near future. If you have any particular web apps or frameworks you’d like to see Duo integrated with, just leave us a comment below!


Free Guide

Ebook: A Modern Guide to Retail Data Risks

Avoiding Catastrophic Data Breaches in the Retail Industry


phishing (20)  two-factor-authentication (18)  security news (17)  healthcare security (17)  passwords (15)  weekly ink (13)  cloud security (12)  mobile security (11)  federal cybersecurity (10)  malware (10)  infosec-evolution (9)  duo mobile (8)  rsac2015 (8)  retail data breaches (8)  banking security (8)  data breaches (7)  stolen credentials (7)  financial data breach (7)  stolen-passwords (7)  pci dss (6)  ios security (6)  remote access attacks (6)  2fa (6)  encryption (6)  ooba (6)  financial institutions (6)  remote access security (6)  healthit (5)  healthcare cybersecurity (5)  uk security (5)  platform edition (5)  higher education (5)  media security (5)  webinar (5)  atms (5)  transaction-level 2fa (5)  pos malware (5)  retail (4)  2-factor-authentication (4)  security research (4)  third-party security (4)  vulnerability (4)  data breach notification (4)  security threats (4)  financial data security (4)  rig exploit kit (4)  endpoint security (4)  medical identity theft (4)  google (4)  retail data security (4)  healthcare data breach (4)  ios (4)  bank security (4)  defcon-23 (4)  hipaa (4)  blackhat 2015 (4)  law firm security (3)  health it (3)  cisco vpn (3)  duo-security-summit (3)  car security (3)  payment card breach (3)  ffiec (3)  ssl (3)  retail data risks (3)  stock market (3)  aws security (3)  retail ebook (3)  hipaa security rule (3)  windows security (3)  strong-authentication (3)  two-factor (3)  manufacturing security (3)  critical infrastructure security (3)  out of band authentication (3)  flash vulnerabilities (3)  ios vulnerabilities (3)  flash security (3)  otp bypass (3)  dyre trojan (3)  social engineering (3)  byod (3)  twitter (3)  home depot (3)  defense in depth (3)  e-prescriptions (3)  defcon (3)  end-user authentication (3)  target (3)  anthem (3)  ehr (3)  iot security (3)  outlook-web-app (3) 

Duo is hiring!

View our open positions

Subscribe to our Newsletter

Get product updates, interesting content, and invitations to online and live events.