How To Setup WordPress Two Factor Authentication

Two-Step Authentication is must-have these days when you could see the increase in cybercrimes and hacks. And when it comes to your WordPress site, Brute Force attacks are very popular and much more.

Why Two Factor Authentication is Crucial?

There are several attacks kept ongoing by the hackers on the WordPress website. This is a flow chart of what attackers do with your WordPress website.

what attackers do to wordpress sites

So, how about protecting it?

Generally, you might already be using two-factor authentication(2FA) to protect the Gmail accounts, Social Profiles, bank logins with one-time passwords(OTP’s).

Aren’t you?

Then why not on a WordPress website, where most of the hard work goes on. Don’t you think so?

Though there are definitely several ways to protect your website from brute force attacks. Plenty of plugins out there like,

These are capable enough and protects your account very well.

But how about adding one more extra layer of protection? How about adding WordPress 2FA for your site.

How about accessing your WordPress website by providing a code to your own phone. How? Not to worry. Google Authenticator WordPress plugin makes it happen.

This works along with the Google Authenticator Mobile Android App and IOS.

The process is quite simple. So, let’s get started and see how to set up Google Authenticator for your WordPress site.

Setup WordPress Two Factor Authentication

  • Step 1. Install and Activate the Google Authenticator WordPress Plugin.
  • Step 2. Now, navigate to Users – Your Profile. You would be able to see the new section Google Authenticator Settings.
Google Authenticator settings
  • Step 3. Check the box Active. to activate the Google two-step authentication. Though the service won’t be active until the QRcode or secret key is not applied.

Let me explain few next settings below it before you apply those, and how exactly those works

Deep dive of Google Authenticator Settings

Relax Mode – Generally, the Google Authenticator code keeps on refreshing every 30 seconds approx. If that time is not enough for you to enter a six-digit code, then check the Relaxed Mode box will extend the code refreshing time to 4 mins. Check the box, only if you feel 30 seconds won’t be enough. I am pretty much sure that’s enough for most of the users.

Description – Every text you mention in this box, will be visible in your Google Authenticator App as well. This function ease identification, if you are using Google Authenticator for multiple accounts and sites.

Secret – You would be able to see a 16 digit code. To login t0 your website which is being hidden for this post (a new secret key can be generated anytime). This long key is not easier to remember, that’s the reason most people use the QR Code. In fact, it’s recommended for extended security.

  • Step 4. Click on Show/Hide QR Code button to see the QR code, which needs to be scanned from the mobile phone through the app.

Scan the QR code from Mobile Google Authenticator Mobile App

  • Step 5. Open the Google Authenticator app on your phone, and Tap on the + button. You will see two options.
  1. Scan a barcode – Choose this if you want to scan the QR code. Which is recommended.
  2. Enter a provided key – Choose this if you want to Enter the long Secret key provided on the WordPress site, It’s optional, but not Recommended.
  • Step 7. Tap on Scan a barcode and place it in front of the QR code on your WordPress site. The phone will scan that QR Code.

As soon as your scan is complete, you would be able to see the same description in the App as well. For example, in this post, the description is WordPressBlog/

Check Enabled WordPress Two-Factor Authentication

Now Logout from your WordPress website and see the changes to see in effect.

Google Authenticator

You will observe one more field got added in the WordPress login area as Google Authenticator code. This is the place where we need to provide the code generated by the Mobile App.

Step 8. Open the Google Authenticator Mobile App and you would find a six-digit code there. That code needs to be entered into the Google Authenticator code field in the WordPress login area.

Google Authenticator mobile

Note: this code in Google Authenticator app will be refreshed in every 30 seconds approx. Which is very good in security concerns.

This will make you visit your WordPress dashboard back again. Isn’t it cool, you can control your site from your mobile phone.

Now, you might think about what if, you could not access your mobile phone after setting up. Don’t worry you can deactivate the plugin from CPanel as well. And that process is very simple as well, which is a big relief?

The Best part is the Google Authenticator App works offline as well, helpful in case the signal is down.

Go ahead and secure your WordPress website by adding one extra layer of protection. WordPress users must use the Two Factor Authentication for extended security.

Feel free to drop comments, if you are having any issues while setting up the WordPress Two Factor Authentication setup. Build a shield WordPress security

What others are reading!
Authored by Navin Rao

A blogger and with a go-getter attitude Navin is a web geek and loves to write about WordPress. Able to guide even a non-techie to maintain a WordPress website through his walkthrough tutorials on WordPress.

Enough right? Let's join hands on Facebook and Twitter

3 thoughts on “How To Setup WordPress Two Factor Authentication”

Leave a Comment