Protect your WordPress blog with Duo two-factor

Today we’re excited to announce the integration of our two-factor authentication with the WordPress platform. Now your WordPress-powered website or blog can be protected with the same strong and user-friendly two-factor authentication that protects your traditional remote access with just a few clicks.

WordPress isn’t just for small personal blogs anymore: over 14% of the top million biggest websites are powered by WordPress. Its popularity has made it a juicy target for attackers, who often phish, sniff, or bruteforce WordPress account credentials in order to slip malicious exploits into popular websites to compromise the visitors of those sites.

By installing the Duo WordPress plugin, you can add a second line of defense to your WordPress login credentials - your mobile phone! You will be able to log in to WordPress with confidence that your account is secure.

Duo WordPress Walkthrough

Getting Duo’s two-factor authentication integrated with your WordPress blog is a snap and only takes a few minutes!

1. Sign up for a Duo account

If you don’t yet have a Duo account, head over to http://www.duosecurity.com and sign up for free!

2. Add a new integration

Log in to the Duo administrative interface and add a new Web SDK integration for your WordPress blog:

After adding the integration, make note of the integration key and the secret key as you will need these keys when configuring the Duo WordPress plugin. Also, select the “WordPress” visual style and click “Save Changes”.

3. Install and configure the Duo WordPress plugin

Log in to your WordPress blog as an administrator. Navigate to “Plugins > Add New”, search for “Duo Security”, and click “Install Now” to install the Duo WordPress plugin:

Next, click “Activate” to activate the plugin:

Lastly, click “Settings” to configure the plugin. Enter the integration key and secret key that you obtained from the Duo administrative interface and save the changes:

That’s it!

The first time a user logs in, they will be able to self-enroll their mobile phone to use as their second factor of authentication. Upon subsequent logins, they will be challenged to authenticate using their mobile phone:

Duo is the best-of-breed for strong two-factor authentication, supporting Duo Push, phone callback, or one-time passcodes generated via the Duo Mobile app or delivered via SMS. The best part is that Duo is completely free for under 10 users (or unlimited users for open source projects) and only $3/user/month beyond 10 users.

Beyond WordPress

If you’re a fan of our WordPress integration and want similar protection for your own web application, be sure to check out our web SDKs that make it simple to add Duo two-factor authentication to any Python, Ruby, PHP, Java, ASP.NET, or Classic ASP web application. The source code for the duo_wordpress plugin is also available in our GitHub repository and provides a great example of how easy it is to use the web SDK.

Keep an eye out for additional web integrations in the near future. If you have any particular web apps or frameworks you’d like to see Duo integrated with, just leave us a comment below!