Two Step Authentication are must have these days, when you could see the increase in cyber crimes and hacks. And when it comes to your WordPress site, Brute Force attacks are very popular and much more.
So, how about protecting it?
Generally, you might already be using two-factor authentication(2FA) to protect the Gmail accounts, Social Profiles, bank logins with one-time passwords(OTP’s).
Then why not on a WordPress website, where the most of the hard work goes on. Don’t you think so?
Though there are definitely several ways to protect your website from brute force attacks. Plenty of plugins out there like Jetpack Brute Force Protection, WordFence, Sucuri security etc. which are capable enough and protects your account very well.
But how about adding one more extra layer of protection?
How about accessing your WordPress website by providing a code to your own phone. How? Not to worry.
The process is quite simple. So, let’s get started and see how to set up Google Authenticator for your WordPress site.
Setup WordPress Two Factor Authentication
Step 2. Now, navigate to Users – Your Profile. You would be able to see new section Google Authenticator Settings.
Step 3. Check the box Active. to activate the Google two-step authentication. Though the service won’t be active until the QRcode or secret key is not applied.
Let me explain few next settings below it before you apply those, and how exactly those works
Step 4. Click on Show/Hide QR Code button to see the QR code, which needs to be scanned from the mobile phone through the app.
Scan the QR code from Mobile Google Authenticator Mobile App
Step 5. Open the Google Authenticator app on your phone, and Tap on the + button. You will see two options.
- Scan a barcode – Choose this if you want to scan the QR code. Which is recommended.
- Enter a provided key – Choose this if you want to Enter the long Secret key provided on the WordPress site, It’s optional, but not Recommended.
Step 7. Tap on Scan a barcode and place in front of the QR code in your WordPress site. The phone will scan that QR Code.
As soon as your scan is complete, you would be able to see the same description in the App as well. Example for this post the description is WordPressBlog/
Now Logout from your WordPress website and see the changes to see in effect.
You will observe one more field got added in the WordPress login area as Google Authenticator code. This is the place where we need to provide the code generated by the Mobile App.
Step 8. Open the Google Authenticator Mobile App and you would find a six digit code there. That code needs to be entered into Google Authenticator code field in WordPress login area.
Note: this code in Google Authenticator app will be refreshed in every 30 seconds approx. Which is very good in security concers.
This will make you visit your WordPress dashboard back again. Isn’ it cool, you can control your site from your mobile phone.
Now, you might think what if, you could not access your mobile phone after setting up. Don’t worry you can deactivate plugin from CPanel as well. And that process is very simple as well, which is a big relief?
The Best part is the Google Authenticator App works offline as well, helpful in case the signal is down.
Go ahead and secure your WordPress website by adding one extra layer of protection. Every WordPress users must use the Two Factor Authentication for extended security.
Feel free to drop comments, if you are having any issues while setting up WordPress Two Factor Authentication. And consider sharing if it helped.