Implementing 2 Factor Authentication for Your WordPress Website

Implementing 2 Factor Authentication for Your WordPress Website

Adam Morgan

As the digital age continues to grow and develop, security is becoming increasingly important.  If you’re not careful about keeping up with the latest security for your WordPress website, you leave yourself open to unnecessary risks.  Here, we’re going to talk you through the 2 factor authentication process using Google’s handy Authenticator app with WordPress plugins.

How 2 Factor Authentication Works

A common method of attack that many online hackers use is running a script that will attempt to login to your WordPress site until it successfully guesses your password.  This type of attack is known as a brute-force attack.  One of the easiest ways to prevent this type of attack from being successful is to utilise a 2 factor authentication process.  This means that a secondary step is created in the login process where the user is required to verify their identity.  For website security, it is now standard to have two-factor authentication.  When you use the likes of Twitter and Google, you can setup 2 factor authentication to give you peace of mind.

If you’re a little unsure about two-factor authentication, basically it requires the user to first know the correct login details.  The site will then send out a unique code to either an email account, secondary application or mobile device.  If you wish to login successfully, you will need to have access to this time-sensitive code.  This secondary identification site makes it much more difficult for hackers.

We all know that there is no such thing as a fix-all feature when it comes to internet security. So, it’s important to keep in mind that you will need to send passcodes safely and securely.  You will also need to consider that some of your users may find using a second device difficult.

Adding Your WordPress Website to Google Authenticator

Google Authenticator is a Google app that will generate a security code for 2 factor authentication.  These codes are regenerated on a timer and will still work even when your phone is not connected to the internet. If you choose to register your website with Google Authenticator, this will automatically create a link between your WordPress website and the codes it generates.  This means that when you attempt to login, the Google Authenticator app knows to look for codes from the all for the second part of the authentication process.

It’s super easy to visit either the App Store or Google Play Store to download Google Authenticator.  Once you have downloaded the app on your device, you can register your WordPress site:

  1. The WordPress plugin you decide to use will create a unique QR code.
  2. In the Google Authenticator app, click on the + sign to add your WordPress site.
  3. Scan the QR code created by the WordPress plugin.

That’s all you need to do to add your WordPress website to the app.  When you open Google Authenticator, you should see the name of your WordPress site, along with your six-digit code that will regenerate regularly.

Are you thinking of implementing 2 factor authentication?  Let us know in the comments below.