Jetpack Two Step Authentication: Enable Two Factor Authentication to Make Your Site More Secure

Two-factor authentication adds an extra security layer to your WordPress login page and makes your site more secure from Brute Force attacks.

In Brute Force attacks, hackers guess your website’s password and username and hack your site. But two-factor authentication (2FA) adds 2 stage verification to your site’s login page.

If they even hack your password and username, they will need a secret code in the second stage which will be only in your phone.

In this tutorial, I’m going to share how to add two factor authentication in WordPress with Jetpack plugin.

What is Two-Factor Authentication and Why It is Important

Two-factor authentication enablestwo step verification process in which you need your username, password and a secret code that you get from your cell phone via text (SMS) or Google Authenticator app.

WordPress is a very popular CMS. Due to this, the hackers target this CMS instead of others. I do not say that another platform is more secure than WordPress. Mainly more attacks occur on WordPress because of 32.0% websites powered by WordPressaccording to W3Techs.

WordPress two factor authentication is the best way to protect your website from brute force attacks.

How to Enable Jetpack Two Step Authentication In Self-Hosted WordPress

If you do not have a WordPress.com account, first of all, sign up for it.

After creating your account, log in to your WordPress.com account and click on Profile >> Security >> Two-Step Authentication. You can see screenshot below.

Click on Get Started button, enter your phone number and click Verify via SMS or Verify via App. You can use anyone. Here I will cover both methods. So there is no need to worry.

Verify via SMS

After entering your phone number click on Verify via SMS.

You will get a code on your phone number just enter it and hit on Enable button. As you can see the screenshots.

In the next page, you will see some backup codes. If your phone is lost or stolen, these codes will help you log in. Just save them.

Now check I have printed or saved these codes and click on All Finished! button.

That’s it! If you want to enable two factor authentication through the Google Authenticator app, continue reading.

Verify via App

First, install the Google Authenticator app on your mobile. After installing follow the next step.

Now enter your phone number and click on Verify via App.

Scan QR code with your mobile app using the Google Authenticator app. The app will generate a 6digit temporary code that you need to enter in the box below the QR code. Then hit on Enable button.

Here, you will see some backup codes, which will help you to log in if your phone is lost or stolen. So save them.

Now checkI have printed or saved these codesand click onAll Finished!button.

Install and enable theJetpack plugin on your self hosted WordPress site.

Once activated, click on Jetpack >> Settings >> Security, then scroll down to WordPress.com log in and enable Require accounts to use WordPress.com Two-Step Authentication option by enabling Allow users to log into this site using WordPress.com accounts. You can see in the screenshot below.

Now add the following code snippet to your theme’s function.php file to log in your site through WordPress.com Two-Step Authentication.

// force users to login via wordpress.com
add_filter( 'jetpack_sso_bypass_login_forward_wpcom', '__return_true' );

Now when you enter the login URL of your self-hosted WordPress site, it will redirect to wordpress.com and look like this.

That’s it, you have successfully added WordPress.com Two Factor Authentication using Jetpack plugin.

When you enter your WordPress.com credentials, it will ask for verification code (secret code) that you can get from your phone.

Comment below to share your thoughts and experiences about enabling jetpack two step authentication in WordPress.

We’re done, and it’s now your turn! Find this article helpful? Don’t forget to share!