WordPress and Two Factor Authentication (2FA)
Unfortunately we often see WordPress websites compromised due to weak or insecure passwords. A way to tighten security is to combine WordPress and Two Factor Authentication (2FA).
Two Factor Authentication adds an extra layer of protection to enhance the security of online accounts. Once enabled you will not only use your username and password to access an account but also a secondary identifier such as a security token or a biometric factor such as a fingerprint. The most common 2FA process is the security token method and this involves downloading an App such as Google Authenticator (Available on Google Play & the App Store). Once paired you will be prompted for a 6/8 digit security code when attempting to log in.
Here I will detail how to enable WordPress and Two Factor Authentication…
Log into your WordPress back office.
Navigate to Plugins > Add New.
Search for ‘Google Authenticator’ then install and activate the plugin titled ‘Google Authenticator – WordPress Two Factor Authentication (2FA)‘.
Once installed, navigate to the newly created option on the side menu – ‘miniOrange 2-Factor’.
You will be asked to select an authentication method. To use Google Authenticator you should download this app to a device that you will have with you when you wish to login to your WordPress back office in the future.
Once you have Google Authenticator set up you will need to select this option from the plugin admin page:
The first step of configuration is to log in to Authenticator or to create a new account. Once logged in the set up page is displayed where you should select your device type. Instructions are provided on how to link your WordPress login with Google Authenticator. It involves scanning a QR Code and inputting a generated verification code:
Once the code is provided and verified a new page will open and a confirmation message will display showing it was successful. You should now add a tick to the checkbox : Enable 2FA prompt on the WP Login Page:
The next time you attempt to log-in you will notice an extra box to the wp-admin page:
You should use the Google Authenticator app and input the code shown:
Finally, click Log In and provided the details are entered correctly you will gain access to your WordPress admin area.
As you can see, enabling WordPress and Two Factor Authentication is a great way to increase security for your website…