A quick easy way to increase your WordPress sites security is to enable 2 step authentication in WordPress Google authenticator app using a free plugin for WordPress to introduce this functionality to your site.
By using WordPress Google authenticator it enables a 2 step login process on your WordPress site generating a unique code on a iOS or Android smartphone app to be used in conjunction with a users password when logging into your site.
There are several other services that allow for 2 step login authentication other than Google with one of the most popular alternatives being Duo Security, In this particular tutorial I will be focusing on the WordPress Google authenticator plugin and app which I personally prefer as a single app to use across all my WordPress installs along with many others site too.
What you will need to get setup
The first thing I would suggest is that you download the respective Google Authenticator app for you smartphone device and install this first. You can download either the iOS app or the Android app from the links below.
You will next need to either download the WordPress Google authenticator plugin from the link below and install it manually or alternatively you can install it directly from your WordPress admin dashboard in the plugins section.
Once you have the plugin installed it will add some new settings for your site where you can configure the 2 step authentication plugin and how you would like this to work.
Activate Plugin – You want to set this to yes to enable the plugin on your site.
Force Use – This will force registered users to use 2 step authentication and I usually enable this.
Force Roles – This decides what roles require 2 step authentication, you can set this to all roles or choose specific roles. This is good if you only want 2 step authentication enabled for only admins or you can also select multiple specific roles.
Site Name – This is the name that your site will appear in when added to the smartphone app.
Max Attempts – The number of times a login is allowed without having setup 2 step authentication, after this number the user will be forced to setup authentication.
Once you have this setup and saved it’s time to connect your site to your smartphone app.
Goto WordPress Admin > Users > Your Profile and you will see a new section titled WP Google Authenticator Settings. You will need to generate a secret key here. After this you will get a button which says Get QR Code and it’s the QR code which allows you to link to your smartphone. Write the recovery code you get down in a safe place too.
Next open your Google Authenticator smartphone app, click the Get QR Code button in WordPress and scan the QR code with the Google Authenticator App. The app will now be connected to your smartphone and 2 step authentication will now be enabled for your profile.
The next time you login to your WordPress site you will see this new field below on your WordPress login screen, this is where you enter your authenticator code when logging into your site.
Another cool added feature of this particular plugin is the integration for authenticator applications passwords.
Application passwords allow you to grant access to your WordPress administrative functions to applications that can’t provide a one time 2 step authentication password. This is useful if you use the WordPress mobile app for instance to blog from your smartphone or tablet device.
Your site is now secured with a 2 step unique key login system making that little bit harder for unauthorised people to gain access to your site via your login details.