Add Two-Factor Authentication to WordPress & Improve WordPress Security – WP 2FA

Picture: Two Factor Authentication

Two-factor authentication is a simple way to make your WordPress login more secure and protect it from brute-force attacks.

Google uses this technology for years, so don’t wait any longer and implement this feature as well.

How to Add Two-Factor Authentication / Video

If you prefer watching a video instead of reading this article on how to secure the WordPress-Login, you can watch this entire article as a video:

Do you like to watch more videos like this?
Check out our YouTube Channel.

How Two-Factor Authentication Works

Passwords are the standard for logging in on the web, but they’re relatively easy to break. Even if you make good passwords and change them regularly, they need to be stored wherever you’re logging in, and a server breach can leak them.

There are three factors to identify a person:
  • Something you know: This could be a personal identification number (PIN), a password, answers to secret questions, or a specific keystroke pattern
  • Something you have: Typically, a user would have something in their possession, like a credit card, a smartphone, or a small hardware token
  • Something you are: This category is a little more advanced and might include a biometric pattern of a fingerprint, an iris scan, or a voiceprint

Logging in with a password is single-factor authentication. It relies only on something you know. Two-factor authentication, by definition, is a system where you use two of the three possible factors to prove your identity instead of just one. We combine “Something you know” (your password) and “Something you have” (your smartphone).

There are a lot of different places to increase the security of a site. Still, the WordPress Security Team has said that “The weakest link in the security of anything you do online is your password,” so it makes sense to put energy into strengthening that aspect of your site.

Use of Two-Factor Authentication on WordPress

On the login screen, first, you will provide your WordPress username and password:

WordPress Login (Username and Password)
WordPress Login (Username and Password)

In the second step, you have to enter an authentication code. You will receive this code via an authentication app on your smartphone:

WordPress Authentication (Authentication Code)
WordPress Authentication (Authentication Code)

How to Install the plugin WP 2FA for Two-Factor Authentication

Search for the WP 2FA plugin in the plugin repository. Install and activate the Two-Factor Authentication plugin.

WP 2FA Plugin
WP 2FA Plugin

After activation, go to Plugins > WP 2FA >  Configure 2FA Settings
to open the setup wizard.

Next, you need to install a “2FA” app on your phone. I recommend the Google Authenticator.

Google Authenticator App
Google Authenticator App

Open your authentication app and scan the QR code that appears in the setup wizard.

Enter the code shown in the app on your smartphone.

WP 2FA: Scan the QR Code
WP 2FA: Scan the QR Code

That’s all; your authentication app will now save the code sent once by WP 2FA. Now make the settings that match your WordPress site.

The next time you log into your website, the plugin will ask you for the two-factor authentication code after entering your password.

WP 2FA: Login
WP 2FA: Login

To do this, open the authentication app on your phone again and enter the code you see on it.

You’ve made a good step forward to improve the security of your WordPress login. If you want to secure your entire WordPress website, don’t stop reading and check out the article “How to Secure your WordPress Website.”

There, I’ll explain everything you need to know about WordPress security.