What is Two-Factor Authentication?

Security is a major concern for webmasters. Strong passwords are a good way to keep people out of your admin panels, but it isn’t enough. Passwords can be cracked or stolen. You need another layer, one that makes it much harder for the bad guys to get into your stuff. That’s where Two-Factor Authentication comes in.

Two-Factor Authentication Explained

Two-factor authentication may sound complicated but it’s actually very simple. I’ll explain it in two different scenarios.

Use your mobile device to provide an extra layer of security for your login forms.
Use your mobile device to provide an extra layer of security for your login forms.

Let’s say you want to log into your website dashboard. You pull up your login form, then enter your username and password. Hit enter and you get in. The trouble is that if anyone gets your login credentials, they can do the same thing.

If you are using two-factor authentication, you have an additional step to follow. Once you enter your login credentials, you must then perform another action to prove that you are actually the person who should be allowed access. One popular method is to have your site send a text message to your phone. The text message will contain a secret code that you must enter in a form on your site. If what you enter matches what was sent, you are allowed access.

The idea behind two-factor authentication is that while someone may get your login credentials, it’s less likely that they will have your login credentials and your authentication device (your phone in this case). If they can’t enter the authentication code, they can’t get in.

Two Factor Authentication for WordPress

Adding two-factor authentication to your WordPress installation is pretty easy. There are multiple plugins that offer a reliable two-factor authentication system. Let’s go over a few of our favorites.

Google Authenticator

Google Authenticator for WordPress

The Google Authenticator plugin for WordPress provides two-factor authentication for all of the users on your WordPress site. It works with the Google Authenticator app for Android and Apple mobile devices. The plugin asks for the code the Authenticator app provides, one which automatically generates and expires on its own. If you enter the correct code, you get in.

With the Google Authenticator plugin for WordPress, two-factor authentication can be enabled/disabled on an individual user basis. This is useful for sites that may members who don’t own an Android or Apple mobile device.

Duo

Duo Two-Factor Authentication for WordPress

Duo is a company that provides an advanced two-factor authentication system that can be used across almost any platform. It is capable of working with tons of applications to secure email systems, websites, or even server logins. And that is barely scratching the surface of what their system can secure.

Duo provides a plugin for WordPress that interacts with the Duo system. After you try to log into your dashboard, the mobile app provides a quick push button option to automatically accept your login attempt. No need to provide a code.

For those who can’t use an app, Duo can send a code via text message or call your phone. You will need to sign up for a free account on the Duo website to authenticate with.

With Duo for WordPress, you will also have to follow a setup process that is certainly a lot more involved than the other two-factor authentication plugins in this list. This may be the reason why the plugin has such a low user count, despite being such a great system.

Clef

Clef Two-Factor Authentication for WordPress

Clef is an amazing system that does two-factor authentication differently than its competitors. Unlike many systems that want you to enter a code, Clef provides a weird moving barcode that you must scan with your mobile device. The app uses this barcode to verify who you are. It also provides a timer to automatically log you out after a length of time you set each time you log in. This helps keep you secure by kicking out your session if you happen to forget to log yourself out.

Like Duo, Clef users will need to sign up for a free account in order to use the system. The app is incredibly easy to use (seriously, just open it and point the camera at the barcode). The Clef WordPress plugin currently lives on over 900,000 websites.

 

If you’re concerned about security (and you should be), I recommend that you take a look at using two-factor authentication. It can help protect your logins and keep out the bad guys.

Getting Started with Building a Website

If you’re about to build your first web site, you may not know what to use. With so many ways to build a site, the possibilities may seem endless. This can be very overwhelming for some. Fortunately, there are several tools available for free to use.

Let’s assume you’ve already found a web host. If you are not sure what that is, take a look at this article first. It explains what a web host is and why you need one. We also cover the pros and cons of Free vs Paid web hosting.

We will also assume that you know what you want on your site, or at least have a good idea of what it will have. If not, start planning out what you’d like on your site. You don’t need to have the complete blueprints for the site, but a rough idea will help.

Get an Editor

To start with, get a code editor. There are plenty of free code editors around to provide an environment for you to write code in. Most of them offer many of the the same features, so you’ll want to find one that works best for you. Below is a short list of many free code editors available.

A code editor will allow you to write and edit popular web code, such as HTML, CSS, JavaScript, PHP, JAVA and more. Many will have the ability to upload files directly to the server through FTP.

Get an FTP Client

Though your code editor may have an FTP client built into it, it’s a good idea to have a stand alone FTP client as well. An FTP client allows you to upload, download, rename, and delete files and directories. It also allows you to change file and directory permissions, something not commonly found in the built in FTP feature of code editors. Below is a short list of free FTP clients:

Using a stand alone FTP client makes it easy to upload, download and delete files in bulk. It’s a great tool to have.

Use a Content Management System

For those who are less code savvy or do not want to spend the time it takes to learn to write web code, using a content management system is the way to go. A content management system (CMS) provides a lightning fast method to have a website up and running in a matter of minutes. Typical features of a CMS include:

  • User Registration and Management
  • Pages and blog posts created in an administration dashboard
  • Plugins and modules to extend your website functions and features
  • High availability of Themes and Templates to change the look of your website immediately
  • Developer friendly with a large community of users

There are several content management systems to choose from. Below is a short list of some of the most popular free systems available today:

The choice is yours, depending on your website needs. The biggest three in the list are WordPress, Joomla, and Drupal. Each one has a massive community behind them, but the others in the list are certainly worth the time it takes to look into them.

Sell Things Online

If your aim is to sell items or services online, there are several tools available to do so. If you are using a content management system, you may be able to find an ecommerce tool for your particular system. WooCommerce and MarketPress dominate in WordPress, while Virtuemart is often the tool of choice for Joomla webmasters who want to add ecommerce to their website.

In many cases, a stand alone ecommerce tool is best. Below is a list of very popular free ways to sell online:

Each shopping cart system offers many of the same key features, but what I’ve found most useful is how well the cart operates. Prestashop and Magento can quickly grow heavy for shared hosting, but both are highly useful and powerful systems. They also have large communities to back you up when you need help, so it’s easy to see why they come out on top for most online sellers.

Softaculous

If you would like to get a website online in less time than it took to read this article, Softaculous is the tool for you. It doesn’t let you build websites, but it contains a massive library of tools that make it possible. Many of the content management and ecommerce systems I mentioned above are found in Softaculous. Each one can be installed in less than a minute (two minutes if the network or server is slow). That means that with very little effort, you can rapidly get a website up and running.

Most web hosts that use CPanel will offer Softaculous for free (or very cheap if using a Managed VPS or Managed Dedicated Server). It is a tool that makes it easy to get your site up so you can focus on the content, management of the site and your business.
If you’ve had success with any of the tools listed above, or any that aren’t listed, let us know in the comments section below.

5 Great WordPress Plugins to Improve Your Website

If you’re running a website that uses WordPress, you should be taking advantage of the Plugins feature. It provides a huge universe of additional functionality that you can add to your website easily, usually without needing to do anything outside of the admin panel.

Plugins can help improve your website in many ways. What I’m going to do is go over 5 fantastic plugins that you should add to your WordPress website to make it even better.

WordPress SEO

If you’re concerned about search engine optimization (and you should be), using WordPress SEO should be on the top of your to-do list. It’s a highly powerful tool that gives you a lot of advanced features to make your site more attractive to search engines.

Akismet

Everyone hates spam. Something you’ll notice on your WordPress website is that your comment section can often become a breeding ground for fake purses, medications, and other strange comments that usually don’t relate to your content.

One of the best ways to fight comment spam is by using the Akismet plugin. It can punch back the junk and keep your blog posts free of spam. It does require a subscription to use, but it’s free to sign up for. We highly recommend it.

WP Super Cache

Your WordPress website is powered by a database. Because of that, things are a little more intense for the server you’re hosted on. This usually isn’t a problem until your site gets really popular.

To help your site stay quick and keep your web host from complaining, we recommend using WP Super Cache. This plugin can take your content and build static files to provide for visitors instead of pulling from the database. They won’t notice any difference other than a possible speed increase.

Wordfence Security

Security is always a concern. To help take the pressure off, the Wordfence Security plugin is there to help prevent unauthorized logins, alert you to out of date plugins and bad URLs, find changes in files and locate malware. It can do a lot more than this list shows and is highly recommended to use.

Jetpack

An official WordPress plugin, using Jetpack is like throwing an entire toolbox at your website. It comes with a large number of features for your website. From social sharing and contact forms to visitor stats and proofreading, Jetpack can give you a lot.

This is by no means a comprehensive list of the plugins you should be using, but instead, a few of the most important ones we feel will help improve your website.

[cite]Photo Credit: PicJumbo[/cite]