Under the GDPR legislation your are required to employee all available best practice to secure the Confidentiality, Availability and Integrity of your systems which contain PII (Personally Identifiable Information) which includes email addresses, names and addresses which are frequently stored in website databases.
I recommend the installation of Wordfence to secure WordPress. Installing and enabling 2FA on your website greatly improves the security of your website, providing an effective defence against stolen or guessed passwords.
Once Wordfence is installed each WordPress user needs to enable 2FA using their mobile phone.
- You will need to go to the App Store on your phone and search for the Google Authenticate application which can be downloaded and installed on your phone free of charge.
- You can use this app to generate time limited passwords for any websites using this form of secure 2FA.
- Once installed open the Google Authenticate App and press the + (plus button) at the top of the screen to add the new site. You should then select Scan barcode. This will activate the camera on your phone.
- Now in WordPress select Wordfence > Login Security. You will then see a square barcode (see image below) which you can now scan by pointing your phones camera at the screen.
- You will then see your site added to the Authenticate app along with a 6 digit number which changes every 30 seconds.
- Click the download button to save the recovery codes to your computer and keep these safe and secure. If you lose your phone you will need these codes to gain access to your site again.
- To validate that the code generated is valid you need to enter the code into the box on the bottom of the lefthand of the screen and then click Activate.
8. From now on when you login to WordPress in addition to your user id and password you will be asked to enter the latest 6 digit code generated by the Authenticate app. As above this changes every 30 seconds so you need to enter it quickly and accurately.