Two-Factor Authentication in WordPress with Google Authenticator

What is two-factor authentication?

Two-factor authentication is a process involving two stages to verify the identity of an entity trying to access services in a computer or in a network.

Why should I use two-factor authentication?

To further enhance the security of your WordPress website.

What is Google Authenticator?

Google Authenticator is a free mobile app for Android & iOS created by Google that allows you to generate unique login codes every 30 seconds, which you can utilize for two-factor authentication.

How do I setup two-factor authentication in WordPress with Google Authenticator?

  1. First create a backup admin login user for your WordPress website, just in case you accidentally lock yourself out.
  2. Install the Google Authenticator mobile app on your smartphone or tablet by selecting your operating system below:

    Android iOS

  3. Install & active the Google Authenticator WordPress Plugin on your WordPress website.
  4. In your WordPress Dashboard (while logged into your regular admin user account), go to Users >  Your Profile and scroll to the Google Authenticator Settings section.
  5. Check the Active & Relaxed mode checkboxes, add a description for your blog and click the “Show/Hide HQ code” button, like in the following screenshot:

    Google Authenticator User Setup in My Profile in WordPress
  6. Open up the Google Authenticator mobile app you just installed on your smartphone or tablet, click on Setup and then scan the bar code or manually enter the Secret key as shown above. Once this is set you will see a screen similar to the following (a screenshot of Google Authenticator on my Android smartphone), which contains a verification code that changes every 30 seconds, which you will need to use in order to login to your WordPress website going forward.

    Google Authenticator Verification Code Android App
  7. Click “Update Profile” to save your changes.
  8. Logout and go to your WordPress login page, it should now ask for a “Google Authenticator Code” like in the following screenshot:

    Google Authenticator Code WordPress Login
  9. Get the current Google Authenticator code from the Google Authenticator mobile app and login.
  10. Delete the backup admin login user you created once you have verified that you can login successfully with your regular admin user, using two-factor authentication. If you can’t login for any reason, use your backup admin login user to login and fix things.
  11. Enable two-factor authentication for all of your WordPress admin users to ensure better security for all of them.
  12. Enjoy having the peace of mind knowing that your website is now more secure with two-factor authentication.

LEAVE A REPLY

Please enter your comment!
Please enter your name here