Today in this article I will show you how to enable two-factor authentication in WordPress site for free.
Two-factor authentication adds extra security (two-step verification) to your WordPress login page and protects your site from Brute Force attacks.
In Brute Force attacks, hackers guess your site password and username and hack your site. But two-factor authentication adds an additional security layer to your site’s login page.
For example, if the hacker also finds your password and username, he will need a secret code, which will only be on your phone.
Why Two-Factor Authentication is Important
WordPress is a very popular CMS. Due to this, hackers target it more than other CMS. I do not say that other platforms are more secure than WordPress. According to W3Techs, 32.0% of websites are made by WordPress, which is why WordPress has more attacks.
Two-factor authentication enables a two-step verification process on your WordPress site in which you need a password and a secret code that you can text (SMS), phone call, or time-based one-time password to your cell phone. (TOTP).
WordPress 2-factor authentication is the best way to secure websites from brute force attacks.
How to Add WordPress Two-Factor Authentication
There is no option to set Two-Factor Authentication by default in WordPress. For this, you will need a third-party plugin.
WordPress.org has several plugins that allow two-factor authentication (2FA) to be added to the login page. Here I have made a list of some of the best two-factor authentication WordPress plugins that you can use.
I will use two plugins to add 2 step verification to the WordPress login page.
- Google Authenticator – WordPress Two Factor Authentication Plugin
- Google Authenticator
So let’s start…
1. Using Google Authenticator – WordPress Two Factor Authentication Plugin
First, install and activate the Google Authenticator plugin on your WordPress site. After the plugin is activated, it will add a new menu item to your WordPress dashboard with miniOrange 2-factor. Just click on it. This will take you to the settings page of the plugin.
In this page, you can choose Authentication methods according to your requirement.
- QR Code Authentication
- miniOrange Soft Token
- miniOrange Push Notification
- Google Authenticator
- Security Questions
Here I will use Google Authenticator to add two-step verification to the WordPress login page. Just click the Configure button of Google Authenticator.
Now a popup box will open. Here you have to enter your password and email. If you have an account, click SIGN IN.
You can enter your mail and password and then click on the continue button
On the next page, it will ask you to install the Google Authenticator app on your mobile.
Open the App / Play Store on your phone and search the Google Authenticator app. After installing the application, open it and scan the barcode.
The app will generate a temporary code which you have to enter in the Verify and Save box on the right. The code refreshes after every minute. So you do not have to memorize the code.
Then click on the Verify and save button. This will show you a message with 2FA Setup Successful.
Now how to enable two-factor authentication prompt on the WP login page.
Very easy, just navigate to the mini oranges setup two-factor tab and check the box 2FA prompt on the WP Login Page.
congratulation! You have successfully enabled two-step verification on your website. Logout from your site and check it.
Your login page will now look like this.
2. Using Google Authenticator
Google Authenticator is the most popular WordPress plugin to add two-step verification to your WordPress login page. Its setup is very easy.
First, install and activate the Google Authenticator plugin on your website. After activating the plugin, click on Users >> Profile and scroll to the Google Authenticator section.
Click on Show / Hide QR code here. This will show the QR code, which you need to scan through the Google Authenticator app.
It will show a secret code on your phone which refreshes every minute.
Now you can go to the Google Authenticator setting and check the active box and click on update profile.
Now, log out of your site. When you go to the login page, you will see an additional Google Authenticator code field.
Which plugin would you use to add 2-factor authentication to your WordPress site? What do you think about this tutorial? I would love to hear.
If this article has proved to be helpful for you, then do not forget to share it!
- How to Widget Management in WordPress
- What is Google algorithm and how does it work?
- Setup and Install SSL Certificates on WordPress Multisite
- How to Blacklist Spam IP Address in WordPress