WordPress Security: Google Authenticator

Many of the readers here are also bloggers, and quite a few use WordPress.
If you host your own WordPress installation (as opposed to hosting with wordpress.com), you may be interested in the Google Authenticator plugin for two-factor authentication.
If you have an iOS (iPod Touch or iPhone), Android, or BlackBerry device that can run the Google Authenticator app, the Google Authenticator plugin can help significantly with your site’s security. Once you link the plugin and the device, your device generates a new time-dependent numeric code at regular intervals. To log into your WordPress blog’s account you’ll need your username, password, and the numeric code generated from the mobile device application.
This way, even if an attacker manages to acquire your username and password they are unable to log into your WordPress account because they don’t have the correct code. Now an attacker needs something you know (username and password) and something you have (the mobile device that generates the code).
Update: One can also configure a static password for applications that are not able to deal with one time passwords, like desktop or iPhone WordPress clients. Very cool.

Leave a Reply

Your email address will not be published. Required fields are marked *