App to Add 2FA on WordPress

by Rian

Surprisingly, WordPress supports neither 2FA (two-factor authentication) nor passkeys. Considering the prevalence of both and how readily available they have become, it’s still hard for me to believe WordPress does not have native solutions. Websites, of any kind, due its nature, are bound to be exposed. No wonder why WordPress is being preyed on.

From my experience, Mad Tea Party alone has huge influx of bot attacks — I believe them to be automated. They target authors’ and administrators’ login credentials, possibly either brute-forcing the password or guessing it from the dictionary. These kind of prolonged attacks tend to have different attack strategy than the ones that people are accustomed to. These are the horror stories usually IT in your organization would share and prepare for.

Not so surprisingly, there is a freemium plugin, WP 2FA, available for WordPress which adds OTP or other methods of 2FA. The paid premium version is a subscription-based starting at $79 per year, but for the majority of use cases I believe free version will suffice. The setup wizard is concise and straight to the point as well. However, I do want to emphasize 2FA does not replace strong passwords; it is best when they are used together.

It is, indeed, one of those plugins that should be native to the WordPress platform. I under the need to stay close bare metal as possible, but in the long run, I would guess WordPress would need a solution that is tried and tested. But for the time being, thanks to the work of the developers and the community, we have a stay of execution, of sorts.

note: Featured image is from Melapress