WordPress Security Tip: Adding Google Authenticator Two-Step Verification

Relying on passwords alone to protect your website is hard enough to keep out hackers and those unauthorized users. But the good news is that if you use Google Authenticator's two-step verification feature, you can add an extra layer of shielding to make your website more secure.

What is the Google Authenticator app and why do you need it for your WordPress website?

Google Authenticator The app is a mobile application that adds a second layer of authentication every time you log into a third-party application or website like WordPress. But passwords can sometimes be cracked. If you use the same password on multiple websites, a security breach on one of them can put your other accounts at risk. Sometimes, one does not bother to change the password even after receiving an email about a security breach on a major website.

Two-step authentication is designed to solve this problem. Even if a hacker knows your WordPress username and password, they won't be able to log into your site unless they also have that time-sensitive random security code generated by Google Authenticator. Since your blog is directly connected to your cell phone, you are the only one who can get the unique security code that you need to log in every time. This security code expires after a while, which makes it even more secure.

Actually, Google Authenticator is just one of many mobile apps that can provide two-factor authentication (aka 2FA). It generates a time-based password that serves as a second verification when logging into your account.

Attention: Google Authenticator is only available for iOS, Android, Windows Phone, webOS, PalmOS and BlackBerry devices. It means that you need a smartphone to log in to your website.

How to Add Google Authenticator in WordPress

The first thing to do is to install the Google Authenticator app on your phone. For the purposes of this article, we're using iOS terminology, but the process is pretty much the same for other devices.

Step 1: Install the Google Authenticator app on your phone

Visit the App Store, search for "Google Authenticator" and click "Install" for the app.

Now, let's go back to the WordPress dashboard.

Step 2: Install MiniOrange's Google Authenticator plugin

Continue installation and activationGoogle Authenticator plugin for MiniOrangeThe

This is a free WordPress plugin that enhances the security of your website and prevents people from accessing it without permission. Every time you want to log into WordPress, the system will ask you to enter a one-time password from the Google Authenticator app to confirm your identity. Once you've installed and activated the plugin, you'll be guided through the setup. All you need to do is follow the steps for setting up Google Authenticator two-factor authentication in WordPress, it's very simple.

Step 3: Complete the Setup Wizard

Click on the "Let's Get Started!" button.

Next, you will be asked if you want to set up 2FA after your first login or in the plugin dashboard. either method is fine.

Click "Continue Setting".

The next step is to select who 2FA will apply to. You can select all users for maximum security or apply it to only certain user roles.

Then click "Continue Setting".

Finally, the system will ask if you want to immediately enforce the 2FA directly or give the user a grace period. If you choose to provide the user with a grace period, you can select a grace period (in hours and days). When finished, click "Finish All".

Now that the setup process has been completed, you can decide whether you want to set up the 2FA immediately or later on your own.

Continue and click on the "Configure 2FA for yourself" button.

Here, you will be asked to enter the two-factor authentication method that you want to add to your WordPress site. Here, we have chosen "Google/Microsoft/Authy Authenticator". Then, just click on the "Save and Continue" button.

Next, the system will ask to scan the barcode on the screen. At this point you must open the Google Authenticator app on your phone and scan the barcode that is displayed.

In the Google Authenticator app on your mobile device, tap the "+" icon at the bottom and select "Scan QR Code". Then, point your phone's camera at your computer screen to scan the barcode.

From here, a One Time Password (OTP) will appear on your phone. Enter it into step 2 on your computer. From there, you can click "Save and Continue".

You should now receive a message indicating that two-factor authentication has been successfully configured. Simply select "Advanced Settings".

Step 4: Add a security question

In addition to using Google Authenticator for two-factor authentication, you might also consider adding some security questions. That way, even if you can't open the Google Authenticator app, you'll still be able to log in to your WordPress site as long as you can correctly answer these questions that you set up yourself.

To set up these questions, all you need to do is go to the Two Factor page under Mini Orange 2-Factor in the WordPress admin interface. Then, in the "Set up 2FA for me" section, find the "Security Questions" method and click "Reconfigure".

Don't forget that there are many other two-factor authentication methods to choose from besides Google Authenticator, such as receiving one-time passwords via email or SMS, or using Telegraph OTP, or even Duo Authenticator. you can set it up as you see fit.

Next, up to three security questions can be selected. Two of them can be selected from the drop-down menu, and the third is a custom question that you can ask yourself.

Then, enter the answers to each question and click the "Save" button.

Step 5: Test it yourself

Once everything is set up, you can test it yourself. Simply log out of the WordPress dashboard and try to log back in.

Now, you will be taken to a page where you can answer security questions or enter a one-time password using Google Authenticator. Continue and select the "Google Authenticator" option.

On this page, you will be asked to enter the OTP from the Google Authenticator application. enter the code and click Verify.

Now, it's back to the WordPress admin dashboard as usual.

Finally, it is recommended that everyone enable two-step verification on their Google account. It can also be configured using Google Authenticator, as shown in our webgate.