Authy helps you increase security for your user accounts in your WordPress site by using strong Two-Factor authentication. The plugin can be installed and configured in a matter of minutes.
Two-Factor Authentication protects you from password re-use, phishing and keylogger attacks. The Authy WordPress plugin was designed so that anyone can install it, configure it and use it. Security shouldn’t be painful!
If you are running an older version of the WordPress plugin (i.e. 2.5.5 and below) and you are running a version of WordPress 4.5 and above, please upgrade your Authy plugin to 3.0 and above to remediate a problem where 2FA can be bypassed in certain circumstances.
How it Works
Usually you use only a username and a password to login to your blog. If your password is stolen or guessed, someone else can now login to your blog. Therefore with two-factor authentication, you use an additional step to login and one that uses something you have in your possession that is harder to steal.
Authy uses your phone number as the extra piece of security and there are a few ways it is used.
- Get a security token via SMS or a phone call. This code is then used to login with your username and password.
- Generate the same token using Authy, our mobile application.
- Get a push notification via Authy, out mobile application. This is a lot more secure and easier way to login.
Authy plugin takes five minutes to install and requires no security knowledge.
Two-Factor Authentication is used by the largest organizations in the world because it works. With Authy you get benefits without the hassle of managing it yourself.
You can allow your users to opt-in on WordPress two-factor authentication or Admins can force two-factor authentication on users.
You can control which users require two-factor authentication based on their WordPress role.
Plugin is open source and can be found at https://github.com/authy/authy-wordpress/
- Create an account, and get your Authy API Key at www.authy.com/signup.
- Install the plugin either via your site’s dashboard or by downloading the plugin from WordPress.org and uploading the files to your server.
- Activate the plugin through the WordPress Plugins menu.
- Navigate to Settings -> Authy to enter your Authy API key.
- How can an user enable two-factor authentication?
The user should go to his or her WordPress profile page and add his or her mobile number and country code.
- How can a user disable Authy after enabling it?
The user should return to his or her WordPress profile screen and disable Authy at the bottom.
- Can an Admin can select specific user roles that should authenticate with Authy two-factor authentication?
Yes, as an admin you can go to the settings page of the plugin, select the user roles in the list, and click “Save Changes” to save the configuration.
- How can the admin an admin force Authy two-factor authentication on a specific user?
As an admin, you can go to the users page. Then, select the user in the list, and click edit. Go to the bottom, enter the user’s mobile number and country code, and click “Update user.”
Do a better job!
Having a plugin appear as 10 months out of date is not a good thing.
Waste of time.
This plugin is awesome! Besides being very practical and intuitive set up in WordPress. Recommended! 🙂
Still, does not work.
Shit app, doesn’t work
I’ve just compared few 2FA plugins. Authy is one of my favorite.
Their mobile app is amazing too!
There is small inconvenience after you install their app, because first you need to register it, but after that it’s really, really amazing!
Contributors & Developers
“Authy Two Factor Authentication” is open source software. The following people have contributed to this plugin.Contributors
Interested in development?
- Fixed error in some filenames.
- Add support for Authy OneTouch.
- Resolved a WordPress 4.5 security issue where 2FA config was being ignored in some circumstances.
- Updated to support WordPress 4.5
- Resolved issue where incomplete 2FA configurations could be returned to and completed.
- Customize the user agent for the request to the Authy API
- Validate the format of the user id and tokens.
- Fixed the login styles for WordPress 3.9.
- Fix the login url action when the hidden backend option is enabled in a security plugin.
- Fixed the include of color-fresh.css file, the file was renamed to colors.css on WordPress 3.8
- Added translations for Spanish language.
- Encode the values on query before to sending to Authy API
- Improved settings for disable/enable XML-RPC requests.
- Fix error message: Missing credentials, only display when the user tries to verify an authy token without signature.
- Improved the remember me option in the user authentication.
- Use manage_option capability for display the plugin settings page.
- Use the remember me option when authenticate the user.
- Hide the authy settings page for other users except for super admin (multisite)
- Hide some digits of the cellphone.
- Added missing images.
- Refactor code
- The admin can now force a user to enable Authy on next login.
- Display API errors when try to register a user.
- Fix update user profile and verify SSL certificates.
- Fix reported issues and refactor code.
- Initial public release.