Two-factor security is an extra layer of security in login process in which users have to enter some other code other than username and password. Such codes are only available to the dedicated user only. In this article, we are going to learn how to enable Google Authenticator based two-factor security on our WordPress website.

What is Google Authenticator?

Google Authenticator is the app from Google which helps you set up two-factor security. It provides special code for your login process which changes in every 60 seconds. And, Google Authenticator’s login credential data is saved on the single device only. So, every time you need to log in, you need to have the device in which you’ve installed Google Authenticator app with you. This is what provides brilliant extra-layer security for your system. You can download this app from Google Play store and Apple app store. After downloading, you need to log in using your Google Account. Now, you are ready to use it.

How to enable Google Authenticator on WordPress website?

First of all, you need to install Google Authenticator app on your mobile device. Then, you need to install Google Authenticator plugin on your WordPress website. If you need help to install new plugin, read this blog: How to install new WordPress plugin on your website

After installing the plugin, go to Users >> Your profile.

Setup google authenticator two step verification system on WordPress website

Click on the checkbox next to Active, to activate the system. Then, click on the Show/Hide QR code button next to Secret. You’ll see QR code as shown in below image.

Setup google authenticator two step verification system on WordPress website step 2

Now, you need to open the Google Authenticator app on your mobile. Click on the Plus (+) icon in the app. Scan the QR code. As soon as the scanning process completes, 6 digit code with description ‘WordPressBlog‘ is shown. This code changes in every 60 seconds.

Go to the end of the profile page, and click on the update profile button.

Congratulations! You’ve successfully setup two-step security on your WordPress website with Google Authenticator. Now everytime you log in, you’ll be asked Google Authenticator code in addition to the password.

Wrapping up

Signin credentials of Google Authenticator cannot be transferred to another device. So, if you are using Google Authenticator, don’t forget to remove two-step security from your website before you factory reset your device or change your device. Also, be aware of the security of your device as well. If your device is stolen, you will fall into trouble.

We’ll be posting more WordPress security-related posts on our blog in upcoming days. So, keep following WPCounsel.