Two-factor authentication adds an extra security layer to your WordPress login page and makes your site more secure from Brute Force attacks.
In Brute Force attacks, hackers guess your website’s password and username and hack your site. But two-factor authentication (2FA) adds 2 stage verification to your site’s login page.
If they even hack your password and username, they will need a secret code in the second stage which will be only in your phone.
In this tutorial, I’m going to share how to add two factor authentication in WordPress with Jetpack plugin.
What is Two-Factor Authentication and Why It is Important
Two-factor authentication enables
WordPress is a very popular CMS. Due to this, the hackers target this CMS instead of others. I do not say that another platform is more secure than WordPress. Mainly more attacks occur on WordPress because of 32.0% websites powered by WordPress according to W3Techs.
How to Enable Jetpack Two Step Authentication In Self-Hosted WordPress
If you do not have a WordPress.com account, first of all, sign up for it.
After creating your account, log in to your WordPress.com account and click on Profile >> Security >> Two-Step Authentication. You can see screenshot below.
Click on Get Started button, enter your phone number and click Verify via SMS or Verify via App. You can use anyone. Here I will cover both methods. So there is no need to worry.
Verify via SMS
After entering your phone number click on Verify via SMS.
You will get a code on your phone number just enter it and hit on Enable button. As you can see the screenshots.
In the next page, you will see some backup codes. If your phone is lost or stolen, these codes will help you log in. Just save them.
Now check I have printed or saved these codes and click on All Finished! button.
That’s it! If you want to enable
Verify via App
First, install the Google Authenticator app on your mobile. After installing follow the next step.
Now enter your phone number and click on Verify via App.
Here, you will see some backup codes, which will help you to log in if your phone is lost or stolen. So save them.
Now check I have printed or saved these codes and click on All Finished!button.
Install and enable the Jetpack plugin on your self hosted WordPress site.
Once activated, click on Jetpack >> Settings >> Security, then scroll down to WordPress.com log in and enable Require accounts to use WordPress.com Two-Step Authentication option by enabling Allow users to log into this site using WordPress.com
Now add the following code snippet to your theme’s function.php file to log in your site through WordPress.com Two-Step Authentication.
// force users to login via wordpress.com
add_filter( 'jetpack_sso_bypass_login_forward_wpcom', '__return_true' );
Now when you enter the login URL of your self-hosted WordPress site, it will redirect to wordpress.com and look like this.
That’s it, you have successfully added WordPress.com Two Factor Authentication using Jetpack plugin.
When you enter your WordPress.com credentials, it will ask for verification code (secret code) that you can get from your phone.
Comment below to share your thoughts and experiences about enabling jetpack
We’re done, and it’s now your turn! Find this article helpful? Don’t forget to share!