Security implementation #2 for hardening my WordPress website is to setup Two-Factor Authentication (2FA). I’d previously configured my website to use 2FA – back when I was running my site on Joomla CMS). However, I have to configure 2FA again since I’ve migrated my site to WordPress CMS.
2FA is a security process in which the user provides two different authentication factors to verify themselves to better protect both the user’s credentials and the resources the user can access. This method of authentication offers good protection against brute force attacks.
Step 1 – Download Google Authenticator Plugin
I’ve integrated Google Authenticator for two-factor authentication to various platforms such as AWS, Joomla, and Gmail. I like Google Authenticator so I’ve decided to use it for my WordPress site. Incase you haven’t already done so, download Google Autheticator from your app store on your mobile device. Once that is completed, search for “Google Authenticator” from WordPress dashboard, then install and activate it.
Step 2 – Select 2FA Option
Once you’ve installed and activated the plugin, go to Settings > Google Authenticator to configure the options. Make sure to click the Save Changes button once you’ve selected all your preferred options.
Step 3 – Scan Code
Logout and login to your WordPress site. You’ll be directed to a page to scan the QR code using the Google Authenticator app on your mobile device. Once the QR code is scanned successfully, you’ll see a series of numbers associated to the platform. Enter the series of numbers displayed on your mobile app in the Authenticator Code text-box, then click Verify Authentication Code.
Step 4 – Perform Test
Logout and login to your WordPress site. Unlike before, you will now be directed to another page to provide a second set of authentication credential. Simply enter the code from your Google Authenticator mobile app and click Log In. Very simple and straight forward. Congratulations, you have successfully enabled Google Authenticator for your WordPress site.