WordPress is one of the biggest tool and CMS (content managing system) to make a website or start a blog. Also it is open source, so many people prefer to use it. But now, many wordpress websites/blogs are falling prey to attacks by hackers. Attacks include brute-forcing, stealing password by hacking pc and many more. So bloggers have to take some protective measures to prevent these attacks. We can enable 2 factor authentication on wordpress website and protect our websites/blogs.
What is 2 Factor Authentication??
2FA or 2 step verification is a system in which, 2 factors are used to authenticate particular account. That means you will need something more than username and password to login to your wordpress account. You will need a code, which is generated randomly after 30 seconds and can be used only 1 time.
Many famous website like Gmail, Facebook, Twitter, and many internet banking sites have this 2 step verification already. This increases your security.
For wordpress we will generate the code using a app named Google Authenticator. For wordpress blog, there is a option to get codes via sms i.e. similar to Gmail verification.
Download Google Authenticator:
INSTALL the application on your mobile and configure it. If you need any support, then visit this LINK. After installing the app you can move to the next step.
How to enable 2 factor authentication on wordpress??
A person can have a WordPress Blog, or a Self-Hosted WordPress Website. There are different method to add 2FA (2 factor authentication) to both. We will see for both one by one. We will first see for blog, and then for self hosted wordpress website.
For WordPress Blog
WordPress blog means the one which is hosted on wordpress. For example www.blogname.wordpress.com
- Go to wordpress.com and sign with your username and password.
- Go to this LINK. Select your smartphone.
- If you have already downloaded the app, then click ‘next step’ or download the application (Google authenticator).
- Launch the app. Go to options-> set up account -> Scan a barcode. Then scan the barcode you see on the screen.
- Now your app will start generating codes. Enter the code you see to verify. After that click Finish.
- From now onwards whenever you sign in to wordpress account or your blog, you will be asked the code that your app generates along with normal Username and password.
Note: If you don’t have a android,iphone or windows phone you can use verification via SMS.
Via SMS
- SIgn in to wordpress account and goto this LINK. Now click use two step verification via sms. (Refer image below).
- Now enter country code, your mobile number, and then click on send sms. You will receive code via sms. Enter it and click verify.
- Now you are done with 2-step verification via sms.
You can generate Back-Up Codes in case your phone gets lost. Print the backup codes and keep it safe.
For Self-Hosted WordPress Website
Self-hosted wordpress sites are those which are hosted by us on some
- First download the google authenticator app for your mobile. (As stated at the beginning)
- You will need a plugin named google authenticator.
Download
Install it on your wordpress website. - Login to your wordpress dashboard, and go to User-> Your profile.
- In that enable Google authenticator settings by clicking the checkbox in front of active.
- Now in front of secret, you will see a button ‘show/hide QR code‘. Click on that and a barcode will appear.
- Launch authenticator app on mobile, go in options-> set up account -> Scan a QR code. And scan the code.
- After completing scanning click ‘update profile‘ at the bottom of the page.
- Log out of your account, and try to login in again. Now you will be asked for Google authentication code, along with username and password.
This was the method to enable 2-factor authentication on wordpress blog or website.
If you lost your Mobile Phone
What to do if you lost your mobile phone?? The solutions will be :
- For Blog you can generate backup codes and keep it with you. So whenever you lost your mobile, you can use the backup codes.
- For self-hosted wordpress website, go to your hosting account-> File manager-> delete the plugin from the plugins folder. Now you will be able to access your wordpress website without codes.
For Multi-User
According to the plugin developer it supports multi-user. So you can scan the same barcode from your friends mobile and he will also be able to access the website using 2-step authentication.
If you have any doubts or question regarding above tutorial, feel FREE to post them in the comment section below.
Great post karan thanks for sharing.