

Protect your WordPress site from attackers in 2 minutes with Authy - danielpal
http://blog.authy.com/wordpress

======
msumpter
Took me a moment to realize this was another two factor provider similar to
Google Authenticator but only commercial in nature:
<https://www.authy.com/pricing>

They have a free level for 500 authentications a month which might work for a
single user but I could see that used up with a few active contributors
posting often.

There is already a nice Wordpress plugin that adds Google Authenticator:
<http://henrik.schack.dk/google-authenticator-for-wordpress/>

------
dave1010uk
We currently use a WordPress plugin [0] that makes it save passwords using
bcrypt. It looks like there's plans to make this the default in a future
version of WordPress [1].

[0] <https://github.com/dxw/wp_bcrypt>

[1] <http://core.trac.wordpress.org/ticket/21022>

------
kennu
The most common way a WordPress site gets hacked seems to be through security
vulnerabilities present in the WordPress code or some of the installed
plugins. I assume this in no way provides protection from them.

~~~
msumpter
> I assume this in no way provides protection from them.

No it does not appear so.

But recently we've seen a huge uptick of brute force password attacks against
our WP installs. These are trying common username and password combinations.
To combat these attacks we've started deploying a brute force detection and
blocking plugin across our entire platform. But we've also looked at adding
two factor authentication as well.

