Site Management Two-Factor Authentication on Your Blog

[Nomad]

You can see two-factor authentication enabled on a lot of forums. This is the protect users account as well as administrative accounts. This is very important because you can stop hackers from breaking in. Strong password can secure your account but having 2FA will add an extra layer of security by asking for a special code when someone tries to log in from a new device or IP address, or after certain interval. What about adding 2FA in a blog? Do you think it is important? Have you added 2FA in your blog?

Well once I used 2FA on my Wordpress blog. I used a plugin called WP 2FA. Once installed and activated, you can go through a setup process where you can choose how you want to receive the code - whether by text message, email, or another method.

 

[Ravenfreak]

I've never set this up on my blog, but it wouldn't hurt! It's another level of protection, which is never a bad thing online.

 

[Tracy]

2FA is OK.
Passkeys are where its at. I really like my YubiKey. I have several that are still unopened (USB-A and USB-C format) since I was able to purchase them for a very low cost on a CloudFlare special deal when they were encouraging their clients to use them.
Pretty much everywhere I log in at I have at the minimum 2FA enabled and if they offer passkey ability I choose that instead with a 2FA fall-back.

 

[Jason]

I use 2-factor on my drumming forum. My other forums don't have it, so I'm taking a security risk before probably I will upgrade them to XenForo. Well, I don't know if SMF has 2-factor. Is that true?

Note: I like 2-factor for the admin because I think forums need protection from hacking.

 

[Tracy]

Note: I like 2-factor for the admin because I think forums need protection from hacking.

A note about hacking... it's really amazing how many threat vectors are utilized now.
I use CloudFlare and got to looking at the threat vectors it's blocked for my main site.



The light blue is the chart since 03/14 until today. Notice 941 known vectors blocked. That doesn't even count the numerous script kiddies trying to get to WordPerfect and related areas as CF doesn't block them as some calls to them could be valid.

This is the WAF rules stats for the last 24 hours that have been engaged using URI path content, IP and ASN checking. I have so many in use that I had to fold some of them into others depending on whether I wanted total block or managed challenges in case they are valid access.

 

[Jason]

A note about hacking... it's really amazing how many threat vectors are utilized now.
I use CloudFlare and got to looking at the threat vectors it's blocked for my main site.

View attachment 3754

The light blue is the chart since 03/14 until today. Notice 941 known vectors blocked. That doesn't even count the numerous script kiddies trying to get to WordPerfect and related areas as CF doesn't block them as some calls to them could be valid.

This is the WAF rules stats for the last 24 hours that have been engaged using URI path content, IP and ASN checking. I have so many in use that I had to fold some of them into others depending on whether I wanted total block or managed challenges in case they are valid access.

View attachment 3755

I'm not so fearful about people attacking. However, I do at least the minimum on my XF site to keep hacking out.

 

[Tracy]

I'm not so fearful about people attacking. However, I do at least the minimum on my XF site to keep hacking out.

It's not "fear".. but bandwidth utilization. For some hosts, they may have a limit on the bandwidth that you have allocated to your site(s). Those type of "attacks" simply soak u p bandwidth (granted, not much) but in certain cases you server can get overloaded with the fluff of them. That's why it's better to block them at the level before they even connect with your server.

 

[Jason]

It's not "fear".. but bandwidth utilization. For some hosts, they may have a limit on the bandwidth that you have allocated to your site(s). Those type of "attacks" simply soak u p bandwidth (granted, not much) but in certain cases you server can get overloaded with the fluff of them. That's why it's better to block them at the level before they even connect with your server.

Yeah, that makes sense. I misunderstood the motive.