How To Setup WordPress Two Factor Authentication for Security

Two Step Authentication are must have these days, when you could see the increase in cyber crimes and hacks. And when it comes to your WordPress site, Brute Force attacks are very popular and much more.

So, how about protecting it?

Generally, you might already be using two-factor authentication(2FA) to protect the Gmail accounts, Social Profiles, bank logins with one-time passwords(OTP’s).

Are you?

Then why not on a WordPress website, where the most of the hard work goes on. Don’t you think so?

Though there are definitely several ways to protect your website from brute force attacks. Plenty of plugins out there like Jetpack Brute Force Protection, WordFence, Sucuri security etc. which are capable enough and protects your account very well.

But how about adding one more extra layer of protection?

How about accessing your WordPress website by providing a code to your own phone. How? Not to worry.

Google Authenticator WordPress plugin make it happen. This works along with the Google Authenticator Mobile Android App and IOS.

The process is quite simple. So, let’s get started and see how to set up Google Authenticator for your WordPress site.

Setup WordPress Two Factor Authentication

  • Step 2. Now, navigate to Users – Your Profile. You would be able to see new section Google Authenticator Settings.

Google Authenticator

  • Step 3. Check the box Active. to activate the Google two-step authentication. Though the service won’t be active until the QRcode or secret key is not applied.

Let me explain few next settings below it before you apply those, and how exactly those works

Relax Mode
 Generally, the Google Authenticator code keeps on refreshing on every 30 seconds approx. If that time is not enough for you to enter six digit code, then check the Relaxed Mode box will extend the code refreshing time to 4 mins. Check the box, only if you feel 30 seconds won’t be enough. I am pretty much sure that’s enough for most of the users.

 What every text you mention in this box, will be visible in your Google Authenticator App as well. This function ease identification, if you are using Google Authenticator for multiple accounts and sites.

 You would be able to see a 16 digit code. To login t0 your website which is being hidden for this post(new secret key can be generated anytime). This long key is not easier to remember, that’s the reason most of the people use the QR Code. In fact, it’s recommended for extended security.

  • Step 4. Click on Show/Hide QR Code button to see the QR code, which needs to be scanned from the mobile phone through the app.

Scan the QR code from Mobile Google Authenticator Mobile App

  • Step 5. Open the Google Authenticator app on your phone, and Tap on the + button. You will see two options.
  1. Scan a barcode – Choose this if you want to scan the QR code. Which is recommended.
  2. Enter a provided key – Choose this if you want to Enter the long Secret key provided on the WordPress site, It’s optional, but not Recommended.
  • Step 7. Tap on Scan a barcode and place in front of the QR code on your WordPress site. The phone will scan that QR Code.

As soon as your scan is complete, you would be able to see the same description in the App as well. Example for this post the description is WordPressBlog/

Now Logout from your WordPress website and see the changes to see in effect.

Google Authenticator

You will observe one more field got added in the WordPress login area as Google Authenticator code. This is the place where we need to provide the code generated by the Mobile App.

Step 8. Open the Google Authenticator Mobile App and you would find a six digit code there. That code needs to be entered into Google Authenticator code field in WordPress login area.


Google Authenticator

Note: this code in Google Authenticator app will be refreshed in every 30 seconds approx. Which is very good in security concers.

This will make you visit your WordPress dashboard back again. Isn’ it cool, you can control your site from your mobile phone.

Now, you might think what if, you could not access your mobile phone after setting up. Don’t worry you can deactivate plugin from CPanel as well. And that process is very simple as well, which is a big relief?

The Best part is the Google Authenticator App works offline as well, helpful in case the signal is down.

Go ahead and secure your WordPress website by adding one extra layer of protection. Every WordPress users must use the Two Factor Authentication for extended security.

Feel free to drop comments, if you are having any issues while setting up WordPress Two Factor Authentication. And consider sharing if it helped.

3 thoughts on “How To Setup WordPress Two Factor Authentication for Security”

Leave a Comment


Subscribe To QuestionCage

Glad to see your Visit at QuestionCage!

One more step to connect ahead "Subscribe to Us" and get the updates to your inbox directly.

You have Successfully Subscribed to QuestionCage!

QuestionCage Logo Main

Better Security for your WordPress Blog

Get rid of all the Malware injections and stay away from vulnerabilities. Spend a few minutes and sleep tight. 

You have Successfully Subscribed!