Almost every online and offline account we have are protected by the decades old username and password style authentication. If you have the correct username and password of a particular account, then you can easily login to that account and do whatever you want.
Considering the widely available hacking tools and the increased computing power, even a noob is able to crack down the usernames and passwords. Sure, you can easily limit login attempts and secure your WordPress site with several hardening techniques.
But one other surefire way to secure your WordPress dashboard is to enable the two-factor authentication.
When enabled, even with the correct username and password, the hacker cannot log in to your WordPress dashboard without entering the automatically generated security code.
What is Two-Factor Authentication
In case you are wondering, two-factor authentication is an extra layer of security which works in complement with the general username and password.
Two-factor authentication comes in many shapes and sizes like the security code sent to your mobile phones through SMS, using biometrics like fingerprints or even physical authentication devices like thumb drives.
But the most used two-factor authentication type is to use the time-sensitive codes generated by an app in your smartphone.
Being time-sensitive, the code changes every few seconds.
Without the security code or token, the hacker cannot log in to your WordPress dashboard even with the correct username and password.
Enable Two-Factor Authentication
Note: before going any further, download and install the Google Authenticator app in your smartphone.
To enable two-factor authentication in WordPress, we are going to use a free WordPress plugin called Google Authenticator. To start off, download and install the plugin. Once installed, activate the plugin by clicking on the link “Activate plugin.”
The app nicely integrates with your WordPress user profile page. To manage the Google Authenticator plugin, open your profile settings page by navigating to “Users” and then “Your Profile.”
Once you are in the page, scroll down and find the “Google Authenticator Settings” section. Here, select the checkbox “Activate,” enter your site name in the Description field and then click on the button “Show or Hide QR Code.”
The above action will display the QR code which can be scanned using the smartphone.
Now, open the Google Authenticator app in your smartphone and then scan the displayed QR code by going into Options and then selecting the option “Set up Account.” Once scanned, the app automatically generates and displays the time-sensitive code.
Once the app on your smartphone has been configured, scroll down the profile page on your WordPress dashboard and click on the button “Update Profile” to save the Google Authenticator settings.
From this point forward, an extra Google Authenticator field will be displayed on the login page. Here, you should enter the time-sensitive code generated by your smartphone along with the username and password to gain login access.
If you fail to enter the generated code, or if you’ve entered a wrong code, you will not be logged into the WordPress dashboard. Instead, the plugin displays an error message something like the below one.
Now, if you are using WordPress app on your smartphone or other apps to manage your site, then you can generate “App Passwords” in your profile page.
That’s all there is to do and it is that simple to enable two-factor authentication in your WordPress site using a free plugin.
Do comment below sharing your thoughts and experiences about using the above plugin to enable and secure two-step authentication in your WordPress site.