Online security is a big issue. Thousands of websites, brands, and online accounts are attacked by hackers every day. With the use of WordPress being so widespread, it’s not immune to these attacks. Thousands of WordPress powered websites have been targeted successfully in the past.
在线安全是一个大问题。 每天都有成千上万的网站,品牌和在线帐户遭到黑客攻击。 随着WordPress的广泛使用,它无法幸免于这些攻击。 过去,成千上万的基于WordPress的网站已成功成为攻击目标。
The infamous default ‘admin’ username and a weak password are both big issues, since they’re easier to brute force. It’s highly recommended that you never use ‘admin’ as your primary username, and always use a strong password, rather than a common, easy to remember password.
臭名昭著的默认“ admin”用户名和弱密码都是大问题,因为它们更容易被暴力破解 。 强烈建议您不要使用“ admin”作为主要用户名,并且始终使用强密码,而不是普通的,易于记忆的密码。
Google的两步验证 (Google’s 2-Step Verification)
Normally, you need a username and password to log in to your WordPress dashboard. If you use a strong password, that’s a step in the right direction, but did you know that you can make your WordPress login even more secure with Google’s 2-Step Verification (also known as two-factor authentication)?
通常,您需要用户名和密码才能登录WordPress仪表板。 如果您使用强密码,这是朝正确方向迈出的一步,但是您是否知道您可以使用Google的两步验证(也称为两因素身份验证)来使WordPress登录更加安全?
There are numerous two-factor authentication plugins. In this article, I’m only focusing on Google Authenticator, which is already widely supported by many providers for two-factor authentication.
有许多两因素身份验证插件。 在本文中,我仅关注Google身份验证器,许多身份验证器提供商已广泛支持它。
With Google’s 2-Step Verification enabled, you’ll be prompted to enter a six-digit number after you provide your username and password. If you don’t provide this six-digit number, you won’t be able to log in, even if you have the correct username and password.
启用Google的两步验证后,在提供用户名和密码后,系统会提示您输入一个六位数的数字。 如果您没有提供此六位数的号码,即使您具有正确的用户名和密码,也将无法登录。
Google’s 2-Step Verification can make your WordPress website more secure and more hardened against brute force attacks; even if your username password becomes compromised, logging in to your website will not be possible without the six-digit code.
Google的两步验证可以使您的WordPress网站更加安全,并且可以更强壮地抵抗暴力攻击; 即使您的用户名密码遭到破坏,如果没有六位数代码,也无法登录到您的网站。
Google Authenticator WordPress插件 (Google Authenticator WordPress Plugins)
At the time of writing, there are two free plugins available to enable Google’s 2-Step Verification in WordPress. The first plugin is Google Authenticator by Henrik Schack, which has over 10,000 active installs. According to the Plugin Directory, this plugin is compatible up to version 3.8.3 of WordPress, however I’ve been using it with the latest version of WordPress (which is version 4.1) without any issues.
在撰写本文时,有两个免费插件可用于在WordPress中启用Google的两步验证。 第一个插件是Henrik Schack的 Google Authenticator ,该插件具有10,000多个有效安装。 根据插件目录,此插件兼容WordPress的3.8.3版本,但是我一直在将其与WordPress的最新版本(即4.1版)一起使用,没有任何问题。
The second free plugin is Google Authenticator for WordPress by Julien Liabeuf, which has over 2,000 active installs. This plugin is compatible up to version 4.1.1 of WordPress.
第二个免费插件是Julien Liabeuf的 WordPress的Google Authenticator ,它具有2,000多个有效安装。 该插件兼容WordPress的4.1.1版本。
如何在WordPress网站上安装Google Authenticator (How to Install Google Authenticator on Your WordPress Website)
For the purposes of this example, I am using Google Authenticator by Henrik Schack.
就本示例而言,我使用的是Henrik Schack的Google Authenticator 。
To begin, download and install the Google Authenticator plugin. After activating it, go to ‘Users > Your Profile’. Now select the ‘Active’ check box to activate Google’s 2-Step Verification in WordPress.
首先,下载并安装Google Authenticator插件。 激活后,转到“用户>您的个人资料”。 现在,选中“活动”复选框以在WordPress中激活Google的两步验证。
Next, you will need to modify the description, so that you will recognize the website entry on the Google Authenticator mobile app and show the QR code. In my case, I have added the name of my blog.
接下来,您将需要修改描述,以便在Google Authenticator移动应用程序上识别网站条目并显示QR码。 就我而言,我已经添加了博客的名称。
如何在移动设备上安装Google Authenticator (How to Install Google Authenticator on Your Mobile Device)
If you don’t have the Google Authenticator app on your mobile device, you’ll need to download and install this app. You can read step-by-step instructions on how to install Google Authenticator on an Android device, Blackberry, or iPhone at the 2 step verification support page.
如果您的移动设备上没有Google Authenticator应用,则需要下载并安装此应用。 您可以在两步验证支持页面上阅读有关如何在Android设备,Blackberry或iPhone上安装Google Authenticator的分步说明。
To start using the app, click the upper right pencil icon. Then, click the plus icon at the bottom to add a website. Choose to scan the barcode and point your camera at the QR code.
要开始使用该应用程序,请单击右上方的铅笔图标。 然后,单击底部的加号图标以添加网站。 选择扫描条形码并将相机对准QR码。
If there’s a problem scanning the QR code, try using the secret key. Select ‘Manually Add Account’ and enter the secret key shown on your computer screen into the box under the ‘Enter’ key. Make sure you’ve chosen to make the key time based and press ‘Save’.
如果扫描QR码有问题,请尝试使用密钥。 选择“手动添加帐户”,然后将计算机屏幕上显示的密钥输入到“输入”键下方的框中。 确保已选择以关键时间为基础 ,然后按“保存”。
Now log out of your WordPress site and visit the login page. You should now see the additional field for Google Authenticator on your login screen.
现在,退出您的WordPress网站并访问登录页面。 现在,您应该在登录屏幕上看到Google身份验证器的其他字段。
Enter your username, password and six-digit code. Launch your Google Authenticator mobile app to get the six-digit code to log in. Remember, the code is time sensitive and expires within a few seconds. If you need more time, then activate the ‘Relaxed’ mode in the Google Authenticator settings.
输入您的用户名,密码和六位数代码。 启动您的Google Authenticator移动应用,以获取六位数的代码进行登录。请记住,该代码具有时间敏感性,并且会在几秒钟后失效。 如果您需要更多时间,请在Google身份验证器设置中激活“轻松”模式。
如果Google Authenticator代码不起作用(Android),该怎么办? (What If the Google Authenticator Codes Aren’t Working (Android)?)
If you’re entering the correct password, username and code provided by Google Authenticator, but still can’t log in to your WordPress website, then you should try the time correction feature. The codes that the Google Authenticator app generates are dependent on the correct time on your device.
如果您输入的是由Google Authenticator提供的正确密码,用户名和代码,但仍无法登录WordPress网站,则应尝试使用时间更正功能。 Google Authenticator应用生成的代码取决于您设备上正确的时间。
To do this, in the Google Authenticator App, go into ‘Settings > Time Correction’, and select ‘Codes > Sync Now’.
为此,请在Google Authenticator App中进入“设置>时间校正”,然后选择“代码>立即同步”。
After tapping on ‘Sync Now’, you’ll see a confirmation message that indicates that the time has been synced. You should now be able to use your verification codes to sign in.
点击“立即同步”后,您会看到一条确认消息,指示时间已同步。 现在,您应该可以使用验证码登录了。
The sync will only affect the internal time of your Google Authenticator app and will not change your devices Date and Time settings.
同步只会影响您Google Authenticator应用的内部时间,不会更改设备的日期和时间设置。
You can read more about common issues with 2-Step Verification on the Common issues with 2-Step Verification support page.
您可以在“两步验证常见问题”支持页面上阅读有关两步验证常见问题的更多信息。
Also, make sure the time is correct on your mobile device and desktop. When there was a time difference between my Android phone and my PC, I wasn’t able to log in to my WordPress website.
另外,请确保您的移动设备和台式机上的时间正确。 当我的Android手机和PC之间存在时差时,我无法登录WordPress网站。
使用或不使用Google Authenticator (To Use or Not to Use Google Authenticator)
I have been using 2-Step Verification for my Gmail account for a long time and it has always worked well. I have been using Google Authenticator for WordPress for just a few weeks, and it’s working just as well.
很长时间以来,我一直在使用Gmail的两步验证,并且一直运行良好。 我已经将WordPress的Google Authenticator使用了仅几周了,它的运行情况也很好。
Yes, sometimes you might get an error and you won’t be able to log in to your website, but in my experience it is usually because the time on the Google Authenticator app is not synced correctly.
是的,有时您可能会遇到错误,并且无法登录到您的网站,但是根据我的经验,这通常是因为Google Authenticator应用程序上的时间未正确同步。
When synced correctly, Google Authenticator for WordPress will make your WordPress website more secure and safe. I highly recommend using a mechanism like this and strongly urge you to never compromise on the security of your website.
正确同步后,适用于WordPress的Google Authenticator将使您的WordPress网站更加安全。 我强烈建议您使用这种机制,并强烈敦促您不要损害网站的安全性。
Are you already using Google Authenticator for WordPress? If so, what has your experience been like? What other plugins or services are you using for WordPress security? Please share your comments below.
您已经在使用Google Authenticator for WordPress吗? 如果是这样,您的经历如何? 您还使用其他哪些插件或服务来实现WordPress安全? 请在下面分享你的评论。
翻译自: https://www.sitepoint.com/2-step-verification-wordpress-using-google-authenticator/
400
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
