Today in this article I will show you how to enable WordPress two-factor authentication for free. Two-factor authentication adds extra security step (two-step verification) to your WordPress login page and makes your site more secure from Brute Force attacks.
In Brute Force attacks, hackers guess your website’s password and username and hack your site. But two-factor authentication (2FA) adds an extra security layer to your site’s login page.
For example, If the hacker gets your password and username, then he will need an additional secret code, which will be in your phone only.
Why Two-Factor Authentication Is Important
WordPress is a very popular CMS. Due to this, the hackers target this CMS instead of other. We do not say that another platform is more secure than WordPress. Mainly more attacks occur on WordPress because of 32.0% websites powered by WordPress according to W3Techs.
Two-factor authentication enables two-step verification process in which you need your password and a secret code that you receive through a text (SMS), phone call, or time-based one-time password (TOTP) in your cell phone.
WordPress 2 factor authentication is the best way to protect your website from brute force attacks.
How to Enable WordPress Two-Factor Authentication
There is no option to setup Two-Factor Authentication by default in WordPress. You will need a third-party plugin for this. There are many plugins in the WordPress.org that offers to turn on two-factor authentication (2FA) on your WordPress login page. Here I have picked some of the best two-factor authentication WordPress plugins that you can use.
Here I will use two plugins to add 2 step verification in WordPress login page.
- Google Authenticator – WordPress Two Factor Authentication (2FA) Plugin
- Google Authenticator
So, let’s get started…
#1. Using Google Authenticator – WordPress Two Factor Authentication (2FA) Plugin
First, install and activate Google Authenticator plugin on your WordPress site. Once activated, it will add a new menu item in your WordPress dashboard with miniOrange 2-factor. Just click on it. This will take you to the settings page of the plugin.
In this page, you can choose Authentication methods according to your need.
- miniOrange QR Code Authentication
- miniOrange Soft Token
- miniOrange Push Notification
- Google Authenticator
- Security Questions
But here I will use Google Authenticator to add two step verification in WordPress login page. Just click on Google Authenticator’s Configure button.
Now a popup box will open where you have to enter password and email to create your account. If you already have an account, click on SIGN IN.
After entering your information click on the Continue button.
On the next page, it will ask you to install the Google Authenticator app on your mobile.
Open App/Play Store in your phone and search for Google Authenticator. After installing open the app and scan a barcode.
The app generates a temporary code that you will need to enter in the Verify and Save box on the right. The code refreshes every minute.
Then hit on Verify and save button. It will show you a message with 2FA Setup Successful.
Now how to Enable two-factor authentication (2FA) prompt on the WP Login Page.
Very easy, just navigate to the miniOrange’s setup two-factor tab and check the box of Enable 2FA prompt on the WP Login Page.
Congratulations! You have successfully enabled two step verification on your site. Logout from your site and check it out.
Your login page will now look like this.
#2. Using Google Authenticator
Google Authenticator is the most popular WordPress plugin to add two-step verification on your WordPress login page. It is very easy to use and available in free.
First, install and activate the Google Authenticator plugin on your site. Once activated click on Users >> Profile and scroll down to Google Authenticator section.
Here click on Show/Hide QR code. This will show QR code, which you need to scan from the Google Authenticator app.
This will show a secret code in your phone that refreshes every minute. Finally, check the active box and click on update profile.
Now, log out of your site. When you visit the login page, you’ll see extra Google Authenticator code field.
Which plugin will you use to add 2-factor authentication to your WordPress site? Have any thoughts regarding this tutorial? We’d love to hear what you think about it.
Find this article helpful? Don’t forget to share!