With the ever increasing number of criminals and hackers, simple usernames and passwords are becoming ineffective against various types of cyber attacks. The most common types of attacks are brute force attacks in which hackers attempt to guess your username and password. Adding Two Factor authentication or 2-FA can help you easily add an extra layer of security to your WordPress website.

Other than attackers stealing your usernames and passwords, it is also possible that users are not careful with their passwords and leak them online or store them insecurely. This can also mean easy unauthorized access to their accounts.

In WordPress you can easily add two factor authentication using a plugin such as Google Authenticator – WordPress Two Factor Authentication (2FA).

Why You Need to Add Two Factor Authentication in Your Site?

When you add two factor authentication, any user logging in to your website will need their username, password and a special code generated for that login session only. The code can either be sent to their email or mobile phone via an app, sms or notification.

Google authenticator is popular 2FA authentication app that can receive one time passwords or codes and is easy to use. It works with most mobile platforms including android and ios.

Step by Step: How to Add Two Factor Authentication in a WordPress Site?

Installing the Plugin

In your WordPress dashboard navigate to plugins and click on Add new. Search for Google Authenticator – WordPress. Install and activate the plugin.

  Install Google authenticator wordpress two factor authentication 2FA plugin

General Overview of the Plugin

Once installed and activated you will find a new menu item in your WordPress dashboard. The mini-Orange 2 Factor.

Mini Orange 2 Factor in wordpress admin menu

In the dashboard of the plugin you can see various 2 factor authentication methods that you can use. In the free version of the plugin the following methods are available.

  • Google Authenticator – Setup logins with the google authenticator app
  • Security questions – You will need to answer 3 security questions that you had set
  • miniOrange Soft Token – Setup logins with the miniorange authenticator app using a soft token
  • miniOrange QR Code Authentication – Setup logins with the miniorange authenticator app using a QR Code
  • miniOrange Push notification – Setup logins with the miniorange authenticator app using push notifications

In the Standard version of the plugin there are additional authentication methods such as one time password via sms or email. The authentication methods in the premium plan are also the same. However there are additional features offered in both plans.

2 factor authentication methods

P.S.: You can also view the additional features offered by the plugin, in the dashboard click on upgrade to standard / premium plans.

Setting up Google Authenticator

In the plugin dashboard click on Configure.

Setting up Google Authenticator

In the pop up that appears you need to register for an account. Enter your email and choose a password. Enter the password again to confirm and click on continue.

Register for an account to setup 2FA

On the next page you need to select the authenticator app that you would like to use. You can download these from the Android Play or iOS App store. Choose an Account Name for the app. Scan the QR Code with your app.

Select the authenticator app

Once you scan the QR code with your app, you will get a 6 digit code that you need to enter. Click on verify and save.

Verify and save code

To test the 2 factor authentication try and log in to your WordPress dashboard. Enter your username and password and click on Log In.

Test the 2 factor authentication in wordpress

You will now be asked to enter a one time password. This will be generated in the google authenticator app on your phone. Enter the code and click on validate.

Validate the 2FA code

More Options

The free version of the plugin allows you to enable 2 factor authentication for one user only. The pro version of the plugin has a dynamic pricing based on the number of users. There are additional features such as additional authentication methods, multiple login options such as username and password or username and one time password, multi-site support and user role based redirections.

Conclusion

As you can see the plugin adds another layer of security to your WordPress website. The only way you can log in is by using the right username and password along with a onetime password generated on your mobile device.

It is good practice to try and keep the number of plugins you have in WordPress to as few as possible. Some plugins tend to slow down your website and others have incompatibility issues. If you have another plugin installed such as Wordfence, you might not need this at all. Wordfence comes with a two factor authentication option and also helps you secure your WordPress website against brute force attacks.

https://wordpress.org/plugins/wordfence/