How to setup WordPress Two-Factor Authentication

WordPress is an open source content management system (CMS) based on PHP and MySQL. WordPress is an online website creation tool written in PHP and it is the easiest and most powerful blogging and website content management system. The security is a major concern now a day because too many hackers try to compromise our website through Brute forcing attempts. The weaker password for WordPress Dashboard will make attackers easier to hack. Most of the non-technical and non-developer users are using WordPress to build their website, so typically they provide an easy password for their admin users to access the WordPress Dashboard such as DOB, full name, Website name, admin, etc. In this case, the security is weakened and hackers can compromise your website easily. In this tutorial, I’m going to implement Two-Factor Authentication for WordPress websites to improve the security of Admin Dashboard.

As you know, there are so many plugins on WordPress for the same purpose but the issue is most of them are not updated regularly, these type plugins may cause high issues on Web sites. Here, we are using “Google Authenticator” Plugins which is a good and frequently updated plugin and most secure one. Let’s begin the steps to enable Two-Factor Authentication for WordPress.

 

Install Google Authenticator Plugin:
Initially, we need to install Google Authenticator plugin for your website by login to WordPress Dashboard. Select Add New under Plugins and search for Google Authenticator. Install the plugin and Activate it.

 

Configure WordPress Google Authenticator Plugin:
We can configure Two-Factor Authentication for a particular user using this Plugin. For that, go to Users and select Edit under the username. Scroll down and you can see a portion as Google Authenticator Settings. Check the Active and Relaxed mode settings. Once done, click on Create New Secret button, this will create a new Secret key, save it in a safe place. Then Click on Show/Hide QR code button and scan the generated QR code with your phone’s Google Authenticator App.

For Android and iPhone users, there are many Authentication Applications available on Play Store and App Store. In which the best one should be Google Authenticator officially developed by Google.

 

Once everything is done, click on Update Profile button at the bottom for the changes to take effect.

 

Verify the Two-Factor Authentication

For testing, go to your WordPress Admin login URL at http://yourdomain.com/wp-admin and enter the Username, Password and Google Authenticator Code which can be found on your Phone’s Google Authentication App. You can use the generated code for 4 minutes once it is generated and after 4 minutes the generated code will be auto-expired.

 

If you need any further help please do reach our support department.