How to Add Two-Factor Authentication in WordPress

4 min


How to Add Two-Factor Authentication in WordPress 100% Secured
How to Add Two-Factor Authentication in WordPress 100% Secured

How to Add Two-Factor Authentication in WordPress

Why Add Two-Factor Authentication for WordPress Login?

One of the most common tricks hackers use is called brute force attacks. By using automated scripts, hackers try to guess the right username and password to break into a WordPress site.

If they steal your password or accurately guess it, then they can infect your website with malware.

One of the easiest ways to protect your WordPress website against stolen passwords is to add two-factor authentication. This way even if someone stole your password, then they will need to enter a security code from your phone to gain access.

In this article I will show you How to Add Two-Factor Authentication to WordPress site using a plugin.

Read also:

How to Add Two-Factor Authentication in WordPress

 

secure

First of all you have to install a WordPress Security Plugin.

  1. Wordfence Security – Firewall & Malware Scan
  2. Defender Security – Malware Scanner, Login Security & Firewall

Using these plugins you can secure your website and can add 2FA to your WordPress site. We already tested above plugins. They worked well. So choose the security plugin that you want.

Install 2FA application for your mobile

strong password

To Setup Two-Factor Authentication You Need to install 2FA application for your mobile. Here are the best and recommended applications.

For security we cannot share screenshots.

1. Wordfence Security – Firewall & Malware Scan

Wordfence Security Firewall Malware Scan

Let’s add 2FA for admins using Wordfence Security plugin.

1. Go to the Login Security page in your site’s wp-admin area (this is on the Wordfence menu)

2. Open your authenticator app and add a new entry; most apps have a plus sign or a tiny QR code

3. Scan the QR code on the login security page; your authenticator app should then display a six digit code

  • If you are accessing a site on a phone or tablet and obviously can’t point the camera at its own screen, you can copy the line of letters and numbers below the QR code, and paste that in an app, using the app’s “manual” setup option

Wordfence Security login

4. In the “Download recovery codes” section, click the Download button

Recovery codes can be used if you lose your device
Print or save the file, and store it in a safe place

5. Enter the six digit code that appears in your authenticator app

  • This code changes every 30 seconds
  • If the code expires, you can enter the next code instead

6. Click the Activate button

enter 2FA

That’s it! If this is your first time setting up 2FA on a site you may want to try logging in to the site in a different browser or in a private or incognito browser window to check for any compatibility issues before logging out.

2. Setting Up Two Factor Authentication with Defender

defender security plugin wp

1. Go to Defender > Dashboard in the WordPress admin and scroll down to the bottom where you’ll see this Advanced Tools.

advanced tools defender

2. Click Activate.

The message will refresh to let you know two-factor authentication has been enabled for your site.

two factor update

3. You’ll then see this screen:

install authenticator app

4. Follow the steps by downloading Google Authenticator for your phone, scanning the barcode, and entering the six digit passcode that the Authenticator app generates.

5. Click Verify and you’re all done!

Next time you log in to your site, after you enter your username and password, you’ll be asked to enter a passcode. Just fire up the Google Authenticator app on your phone and enter the passcode.

defender enter passcode

Defender includes some advanced features for two-factor authentication, including:

  • User Roles – Enable two-factor authentication for certain user roles for your site.
  • Lost Phone – If a user is unable to access their phone, you can enable an option to send a one-time password to their registered email.
  • Active Users – Site admins can view a list of users who have the feature enabled.
  • Deactivate – No longer require two-factor authentication for your site? Simply turn it off.

Read also: How to Secure WordPress site (Advanced Security and simple steps to do)

WordPress security is one of the crucial parts of a website. If you don’t maintain your WordPress security, hackers can easily attack your site. Maintaining your website security isn’t hard and can be done without spending a penny. if you have any questions we are here to help you. Click here to Ask Question.


Like it? Share with your friends!

Danushka Sanjeewa
Danushka Sanjeewa is a Software engineer with more than 5 years of experience in Android App Development, Web Development, Marketing, Graphic design, Video editing, and WordPress. And also Writer/Founder of TechEduTricks.com.

0 Comments

Your email address will not be published. Required fields are marked *