If you have not done anything to protect your WordPress site, most probably you are not safe. By default, WordPress only comes with a single login mechanism. Anyone that has your username and password can easily login to your site and wreak havoc. The only way to prevent it is to tighten the security of your site so other people won’t be able to crack into your site easily.
1. Google Authenticator
The Google Authenticator plugin makes use of the Google Authenticator mobile app to provide a two-factor authentication login to your WordPress site.
Note: Before activating Google Authenticator, make sure that you have enabled two-factor authentication in your Google account and installed the Google Authenticator app in your Android, iPhone or Blackberry phone.
Once you have installed and activated the plugin, go to the “Users -> Your Profile” section and you should see the Google Authenticator settings.
Check the box beside “Active” and save the changes. Next time you login, it will prompt you to enter the secret key. If you failed to enter the correct code, you will not be able to login.
2. One Time Password
One Time Password allows you to login to your WordPress without using your real password. It generates a list of passwords that you can use to login to your site. These passwords are valid only for a single session, so even when the password is stolen, others won’t be able to login to your site. This is particularly useful if you are travelling but need to login to your site in a cybercafe.
Once installed and activated, go to the One Time Password section to generate your password list. Enter a passphrase and click the “Generate” button.
Print out the generated password list and bring it with you wherever you go.
When you need to login, it will show a sequence number. You just have to match the sequence number with your password list and enter the password accordingly.
This excerpt is shared with permission from maketecheasier.com.