What is Two-Factor Authentication?

Security is a major concern for webmasters. Strong passwords are a good way to keep people out of your admin panels, but it isn’t enough. Passwords can be cracked or stolen. You need another layer, one that makes it much harder for the bad guys to get into your stuff. That’s where Two-Factor Authentication comes in.

Two-Factor Authentication Explained

Two-factor authentication may sound complicated but it’s actually very simple. I’ll explain it in two different scenarios.

Use your mobile device to provide an extra layer of security for your login forms.
Use your mobile device to provide an extra layer of security for your login forms.

Let’s say you want to log into your website dashboard. You pull up your login form, then enter your username and password. Hit enter and you get in. The trouble is that if anyone gets your login credentials, they can do the same thing.

If you are using two-factor authentication, you have an additional step to follow. Once you enter your login credentials, you must then perform another action to prove that you are actually the person who should be allowed access. One popular method is to have your site send a text message to your phone. The text message will contain a secret code that you must enter in a form on your site. If what you enter matches what was sent, you are allowed access.

The idea behind two-factor authentication is that while someone may get your login credentials, it’s less likely that they will have your login credentials and your authentication device (your phone in this case). If they can’t enter the authentication code, they can’t get in.

Two Factor Authentication for WordPress

Adding two-factor authentication to your WordPress installation is pretty easy. There are multiple plugins that offer a reliable two-factor authentication system. Let’s go over a few of our favorites.

Google Authenticator

Google Authenticator for WordPress

The Google Authenticator plugin for WordPress provides two-factor authentication for all of the users on your WordPress site. It works with the Google Authenticator app for Android and Apple mobile devices. The plugin asks for the code the Authenticator app provides, one which automatically generates and expires on its own. If you enter the correct code, you get in.

With the Google Authenticator plugin for WordPress, two-factor authentication can be enabled/disabled on an individual user basis. This is useful for sites that may members who don’t own an Android or Apple mobile device.


Duo Two-Factor Authentication for WordPress

Duo is a company that provides an advanced two-factor authentication system that can be used across almost any platform. It is capable of working with tons of applications to secure email systems, websites, or even server logins. And that is barely scratching the surface of what their system can secure.

Duo provides a plugin for WordPress that interacts with the Duo system. After you try to log into your dashboard, the mobile app provides a quick push button option to automatically accept your login attempt. No need to provide a code.

For those who can’t use an app, Duo can send a code via text message or call your phone. You will need to sign up for a free account on the Duo website to authenticate with.

With Duo for WordPress, you will also have to follow a setup process that is certainly a lot more involved than the other two-factor authentication plugins in this list. This may be the reason why the plugin has such a low user count, despite being such a great system.


Clef Two-Factor Authentication for WordPress

Clef is an amazing system that does two-factor authentication differently than its competitors. Unlike many systems that want you to enter a code, Clef provides a weird moving barcode that you must scan with your mobile device. The app uses this barcode to verify who you are. It also provides a timer to automatically log you out after a length of time you set each time you log in. This helps keep you secure by kicking out your session if you happen to forget to log yourself out.

Like Duo, Clef users will need to sign up for a free account in order to use the system. The app is incredibly easy to use (seriously, just open it and point the camera at the barcode). The Clef WordPress plugin currently lives on over 900,000 websites.


If you’re concerned about security (and you should be), I recommend that you take a look at using two-factor authentication. It can help protect your logins and keep out the bad guys.

Password protect a directory in CPanel

In this tutorial, we are going to show you how to Password Protect a directory using CPanel. CPanel makes this process very easy, with only four steps to complete. Once the directory is password protected, visitors to your website will only be able to access it or any directories beneath it by using a username and password combination that you create.

Password protecting a directory keeps it from showing up in a browser unless the visitor enters the right username and password. This is useful when you’ve made a part of your site that you don’t want everyone to see. For instance, if you’re working on a design for a client or you’re collaborating with a developer on a new section of your own site, you wouldn’t want everyone else to be able to see the unfinished work. Instead, you would put a password on that area so only the people who need to see it will be able to.

In this tutorial, we’re going to password protect the main directory of your website. This directory is called public_html, and applying a password here will lock every directory in your hosting space. If you only need to lock a specific directory, you can do so by choosing that directory in step 2.

Step 1: Selecting Password Protect Directories in CPanel


The first step to password protecting a directory is choosing the Password Protect Directories icon in CPanel, located under the Security section. Once you click it, you will choose the domain you want to work with. If you are using addon domains, you will have additional domains to choose from. If not, just hit the go button.

Step 2: Select the directory to password protect

Select the directory you would like to protect. To dig deeper into your directories, click the folder icon next to the parent directory. Do this until you find the directory you want to protect. Once you find the one you are looking for, click the name of it.

Step 3: Name your password protected directory


Once you’ve selected your directory, you are taken to the permissions page. Check the box that says “Password protect this directory”, enter a name for it and hit Save.

Step 4: Create a user to access the password protected directory


The last step is to create a user for this directory. Type a username into the Username field and a password into the Password field. If the password is not strong enough, CPanel will not accept it. You can use the Password Generator to have CPanel to create a password for you, but make sure to copy the password and put it in a safe place. When you are finished, hit the Add or Modify the Authorized User button.

Password Protected Directory Login Box
The username and password box will now appear for your password protected directory.

When each step is complete, your directory will be password protected. Since this is a recursive protection, every directory beneath will also be protected. For example, public_html will be protected, but so will public_html/images and public_html/clients.

When you’re ready to unlock the directory, take the checkmark out of the “Password protect this directory” box and hit Save.

That’s it! You’ve now learned how to quickly and easily password protect a directory using CPanel. For more tutorials on CPanel, WordPress, and other tools used by webmasters, visit us at Webmasternotebook.com and subscribe to our channel on Youtube.