Setting up Two-factor authentication is very important for any online service we use today. It secures account from having any unauthenticated person access to your account even with the login credentials.
WordPress login page is always brute-forced by malicious bots. These bots try to guess the username and password of your WordPress website.
First of all, users should set a strong password so that it becomes impossible to guess the password. If even after a secure password, username and password are hacked or leaked accidentally, and for that, you can setup a login verification or two-factor authentication.
What is Two-Factor authentication or 2fa?
2-factor authentication is a way to authenticate that it is the owner of the account who’s trying to log in. The way it works is that a 4 or 6 digit code is sent to the owner registered email id or registered phone number after providing the correct user credentials. Then user has to provide the code to verify the login.
This way anyone who has an account username and password will not be able to login since he can’t provide the code sent to the registered email or phone.
How to setup 2-Factor authentication in WordPress?
WordPress does not have a built-in login verification system. Besides not having this feature in WordPress core, there are multiple plugins for implementing OTP verification in WordPress.
1. miniOrange Google Authenticator – WordPress two factor authentication
Google authenticator is a popular mobile app for login verification. It is better than phone & email verification because phone verification sometimes get delayed due to network issues. Google authenticator is instant.
To setup Google authenticator with WordPress, we can use this plugin from miniOrange.
First of all, install Google authenticator on your smartphone. You can install it on iPhone and Android.
Setup Google authenticator – WordPress two factor authentication
- Login to your WordPress dashboard and go to Plugins > Add New.
- Search Google authenticator & install the plugin Google Authenticator – WordPress Two Factor Authentication from miniOrange.
- After installing the plugin, activate it.
- Now open miniOrange 2-Factor settings from the sidebar.
It will open the plugin settings.
It will ask you to enter an email address and password to create a miniOrange account.
After the account creation, it’ll redirect you to the dashboard.
This plugin supports multiple ways for WordPress login verification The easiest one is to setup Google Authenticator. For that, you’ll first need to install Google authenticator on your smartphone. Google authenticator is available to install from the Android and Apple store.
After you’ve installed the app on your smartphone, let’s configure it with WordPress website.
From the miniOrange dashboard, click ‘Google Authenticator’ from the dashboard. It will take you to the setup page.
If you want, you can also use Authy Authenticator and LastPass Authenticator. In this article, I will only setup Google Authenticator but the process for the other two apps are the same.
Select Google Authenticator and enter the account name. This will be visible in the authenticator app.
Now open the authenticator app on mobile and click on ‘+’ sign to add a new account. Select to scan QR code. This will activate the phone camera and ask for QR code. Scan the QR code to complete the process from the app side.
After that, authenticator app will generate the code and enter this code in the text box as shown below. Finally, click ‘Verify and Save’ to complete the setup.
And that’s it. From now on for each login, WordPress will require OTP from the Google authenticator app to verify the login.
miniOrange authentication plugin provides many other verification methods. So do check them out if you want. The app also provides various other security settings for WordPress sites so do check them out and enable if necessary.
miniOrange Google authenticator is an excellent plugin for verifying WordPress login through Google Authenticator and other authentication apps. But, besides this, that plugin has various security features that some of you may already have implemented in WordPress and been using. So this plugin is not useful when more than 90% of features are inactive. In that case, it’s better to install a plugin that is just for two-factor authentication.
And Two-Factor, as the name says, is just for that. Two-Factor is so simple that it does not have its own page for configuration. After installing the plugin, simply, go to your WordPress profile and in the bottom, you will have all the settings to setup WordPress 2-Factor authentication.
First of all, install Two-Factor from the WordPress plugin store. Go to Plugins >> Add New and search for Two-Factor.
After the installation is complete, go to your profile (Users >> Your Profile) for the setup.
As you can see there are various ways to verify the login. Email and Google authenticator are the once you can easily setup and use in WordPress.
Receive OTP on email
To receive OTP on email, check ‘Enabled’ and select Email as primary.
Update profile to save the changes. And that’s it. Next time you login, WordPress will send an OTP to registered email to verify the login.
Setup Google Authenticator for verification
To setup Google authenticator, check ‘Enabled’ and select ‘Time based One-Time password’ as primary. Now open the Google Authenticator app in your mobile, tap ‘+’ sign to add a new account, tap ‘Scan bar code’ and scan the code.
Finally, enter the OTP in the text box and hit submit.
And that’s it. Next time you login, WordPress will require to enter OTP from Google Authenticator app in order to validate the login.
So this is how you can setup login verification or 2fa on your WordPress site. These two plugins do the job easily, specially Two-Factor plugin that is only for this security.
If you have any difficulty setting up the plugin, please let me know in the comment section below.