WordPress and Two Factor Authentication (2FA)

WordPress/ 19th Sep 2018/Jamie Hoyles

Unfortunately we often see WordPress websites compromised due to weak or insecure passwords. A way to tighten security is to combine WordPress and Two Factor Authentication (2FA).

Two Factor Authentication adds an extra layer of protection to enhance the security of online accounts. Once enabled you will not only use your username and password to access an account but also a secondary identifier such as a security token or a biometric factor such as a fingerprint. The most common 2FA process is the security token method and this involves downloading an App such as Google Authenticator (Available on Google Play & the App Store). Once paired you will be prompted for a 6/8 digit security code when attempting to log in.

Here I will detail how to enable WordPress and Two Factor Authentication…

1) Log into your WordPress back office.

2) Navigate to Plugins > Add New.

3) Search for ‘Google Authenticator’ then install and activate the plugin titled ‘Google Authenticator – WordPress Two Factor Authentication (2FA)‘.

WordPress and Two Factor Authentication (2FA)

4) Once installed, navigate to the newly created option on the side menu – ‘miniOrange 2-Factor’.

miniOrange 2-Factor

5) You will be asked to select an authentication method. To use Google Authenticator you should download this app to a device that you will have with you when you wish to login to your WordPress back office in the future.

Once you have Google Authenticator set up you will need to select this option from the plugin admin page:

Google Authenticator and WordPress

6) The first step of configuration is to log in to Authenticator or to create a new account. Once logged in the set up page is displayed where you should select your device type. Instructions are provided on how to link your WordPress login with Google Authenticator. It involves scanning a QR Code and inputting a generated verification code:

Enabling 2 Factor Authentication

7) Once the code is provided and verified a new page will open and a confirmation message will display showing it was successful. You should now add a tick to the checkbox : Enable 2FA prompt on the WP Login Page:

Website Security 2FA

8) The next time you attempt to log-in you will notice an extra box to the wp-admin page:

2FA and WordPress

You should use the Google Authenticator app and input the code shown:

Authenticator

Finally, click Log In and provided the details are entered correctly you will gain access to your WordPress admin area.

As you can see, enabling WordPress and Two Factor Authentication is a great way to increase security for your website…

If you have an accounts query it is likely Jamie will be the one to help you resolve it…! Away from the office he is a supporter of Tony Mowbray’s blue and white army, enjoys watching and playing cricket and appreciates a good meal out.

We have a very strong team here at Clook and we build on everyone's strengths and weaknesses, you have to be able to make a good brew too!

Chris James

Customer Login

Forgot Password? Cancel