Welcome to Admin Junkies, Guest — join our community!

Register or log in to explore all our content and services for free on Admin Junkies.

Site Management Two-Factor Authentication on Your Blog

For discussions on the overall management and administration of websites and forums.
Joined
Jun 27, 2022
Messages
2,427
Credits
1,154
You can see two-factor authentication enabled on a lot of forums. This is the protect users account as well as administrative accounts. This is very important because you can stop hackers from breaking in. Strong password can secure your account but having 2FA will add an extra layer of security by asking for a special code when someone tries to log in from a new device or IP address, or after certain interval. What about adding 2FA in a blog? Do you think it is important? Have you added 2FA in your blog?

Well once I used 2FA on my Wordpress blog. I used a plugin called WP 2FA. Once installed and activated, you can go through a setup process where you can choose how you want to receive the code - whether by text message, email, or another method.
 
Advertisement Placeholder
2FA is OK.
Passkeys are where its at. I really like my YubiKey. I have several that are still unopened (USB-A and USB-C format) since I was able to purchase them for a very low cost on a CloudFlare special deal when they were encouraging their clients to use them.
Pretty much everywhere I log in at I have at the minimum 2FA enabled and if they offer passkey ability I choose that instead with a 2FA fall-back.
 
Note: I like 2-factor for the admin because I think forums need protection from hacking.
A note about hacking... it's really amazing how many threat vectors are utilized now.
I use CloudFlare and got to looking at the threat vectors it's blocked for my main site.

Screen Shot 2024-04-14 at 5.10.17 PM.png


The light blue is the chart since 03/14 until today. Notice 941 known vectors blocked. That doesn't even count the numerous script kiddies trying to get to WordPerfect and related areas as CF doesn't block them as some calls to them could be valid.

This is the WAF rules stats for the last 24 hours that have been engaged using URI path content, IP and ASN checking. I have so many in use that I had to fold some of them into others depending on whether I wanted total block or managed challenges in case they are valid access.

Screen Shot 2024-04-14 at 5.14.15 PM.png
 
A note about hacking... it's really amazing how many threat vectors are utilized now.
I use CloudFlare and got to looking at the threat vectors it's blocked for my main site.

View attachment 3754

The light blue is the chart since 03/14 until today. Notice 941 known vectors blocked. That doesn't even count the numerous script kiddies trying to get to WordPerfect and related areas as CF doesn't block them as some calls to them could be valid.

This is the WAF rules stats for the last 24 hours that have been engaged using URI path content, IP and ASN checking. I have so many in use that I had to fold some of them into others depending on whether I wanted total block or managed challenges in case they are valid access.

View attachment 3755
I'm not so fearful about people attacking. However, I do at least the minimum on my XF site to keep hacking out.
 
I'm not so fearful about people attacking. However, I do at least the minimum on my XF site to keep hacking out.
It's not "fear".. but bandwidth utilization. For some hosts, they may have a limit on the bandwidth that you have allocated to your site(s). Those type of "attacks" simply soak u p bandwidth (granted, not much) but in certain cases you server can get overloaded with the fluff of them. That's why it's better to block them at the level before they even connect with your server.
 
It's not "fear".. but bandwidth utilization. For some hosts, they may have a limit on the bandwidth that you have allocated to your site(s). Those type of "attacks" simply soak u p bandwidth (granted, not much) but in certain cases you server can get overloaded with the fluff of them. That's why it's better to block them at the level before they even connect with your server.
Yeah, that makes sense. I misunderstood the motive.
 

Log in or register to unlock full forum benefits!

Log in or register to unlock full forum benefits!

Register

Register on Admin Junkies completely free.

Register now
Log in

If you have an account, please log in

Log in
Who read this thread (Total readers: 0)
No registered users viewing this thread.

Would You Rather #9

  • Start a forum in a popular but highly competitive niche

    Votes: 9 27.3%
  • Initiate a forum within a limited-known niche with zero competition

    Votes: 24 72.7%
Win this space by entering the Website of The Month Contest

Theme editor

Theme customizations

Graphic Backgrounds

Granite Backgrounds