Your website has recently been hacked and the data is now compromised across the internet. You are clueless what to do next but somehow with the help of your server provider you manage the website backup. But the question is how do you avoid this happening again in the future?
Traditionally websites are logged in using a username & password and the problem lies there. These credentials are very easy to hack from any devices if you have ever accessed the website from an untrusted source like an open Wifi or a hotspot. Thus making it prone to hackers who can now log in to the website as you. The best you can do to avoid this is by adding a two-step login process.
Joomla is the first CMS to introduce the Two Step Authentication. The CMS is known to have a good hold on the security development of it’s websites. So if you are building a website with Joomla then there are less chances of getting hacked.
This article will explain to you one of the methods that Joomla offers to secure your website, that is the Two Step Authentication method via Google Authenticator.
Two Factor Authentication in Joomla
What is Two Factor Authentication and why should you have it?
Joomla 3.2 and above versions now come with an in-built Two-Factor Authentication system that allows you to securely login to your website with a single use secret code. This creates an extra layer of security over the website and protects it from spammers and hackers.
Let’s say, you are using a public Wifi or any public network and logging in to a website that has Single Step Authentication then there is a high risk that your data is not safe anymore. Hackers usually attack over such networks as it is easy to extract the content here.
So to avoid all this firstly make sure you don’t use any public networks and secondly with Joomla’s Two factor Authentication or 2FA should be enabled to keep your data safe. This method adds an extra security layer like a code or some unique combination of secret keys that changes each time. This way your data remains on the safer side.
Steps to enable Two- factor Authentication with Google Authenticator
Enabling the Two-factor authentication is very easy in Joomla, all you need to do is follow these simple steps. In this article I will take the example of a Google Authenticator and see how it helps in adding the extra level of security for the website.
Google Authenticator is basically an application for the desktops and smartphones created by Google, that allow you to generate a 6 digit security code that changes every 30 seconds. So every time you log in to the website you will be needing a username, password and a new security code.
Even if the hacker somehow manages to get your site credentials all it will now have are 30 seconds to hack the website, which is not practical ideally. So this way the 2FA will prevent your website from unauthorized access.
Given below are the steps you need to follow to enable the 2FA for your website, just make sure that you have installed the Google Authenticator on your device:-
Enable the Two Factor Authentication plugin
Go to Extensions > Plugins > Search Two-factor Authentication > Enable Two Factor Authentication- Google Authenticator plugin
Go User Settings
Once the plugin is enabled, navigate to Users and edit your profile. You will now see the Two factor Authentication tab, there choose the Authentication Method as Google Authenticator.
Set up the Google Authenticator
Download and install Google Authenticator, or a compatible application such as FreeOTP, on your smartphone or desktop.
After you have installed the application on your device you need to add the site details that you wish to secure.
You can either choose a QR Scanner or a Manual key. Just add your account details in the application, a Security Code will be generated that you need to add in your Joomla User backend at Step 3.
Save the user profile changes and it’s done.
NOTE:- After you have successfully saved all the information a set of 10 backup codes are generated as one-time emergency passwords, that are very useful in case you are not able to login to the website for some reason. So make sure you keep them noted safely somewhere.
This way you can now enable another layer of security for your website and prevent unauthorized access. The two factor authentication method is safe and will help you in keeping your content safe from hackers. This is especially recommended for those you have shopping or some transaction based websites because there the data security is of utmost importance. Let me know if this helped you in any way in the comments section below.