Two-factor authentication is a simple way to make your WordPress login more secure and protect it from brute-force attacks.
Google uses this technology for years, so don’t wait any longer and implement this feature as well.
How to Add Two-Factor Authentication / Video
If you prefer watching a video instead of reading this article on how to secure the WordPress-Login, you can watch this entire article as a video:
How Two-Factor Authentication Works
Passwords are the standard for logging in on the web, but they’re relatively easy to break. Even if you make good passwords and change them regularly, they need to be stored wherever you’re logging in, and a server breach can leak them.
- Something you know: This could be a personal identification number (PIN), a password, answers to secret questions, or a specific keystroke pattern
- Something you have: Typically, a user would have something in their possession, like a credit card, a smartphone, or a small hardware token
- Something you are: This category is a little more advanced and might include a biometric pattern of a fingerprint, an iris scan, or a voiceprint
Logging in with a password is single-factor authentication. It relies only on something you know. Two-factor authentication, by definition, is a system where you use two of the three possible factors to prove your identity instead of just one. We combine “Something you know” (your password) and “Something you have” (your smartphone).
There are a lot of different places to increase the security of a site. Still, the WordPress Security Team has said that “The weakest link in the security of anything you do online is your password,” so it makes sense to put energy into strengthening that aspect of your site.
Use of Two-Factor Authentication on WordPress
On the login screen, first, you will provide your WordPress username and password:
In the second step, you have to enter an authentication code. You will receive this code via an authentication app on your smartphone:
How to Install the plugin WP 2FA for Two-Factor Authentication
Search for the WP 2FA plugin in the plugin repository. Install and activate the Two-Factor Authentication plugin.
After activation, go to Plugins > WP 2FA > Configure 2FA Settings
to open the setup wizard.
Next, you need to install a “2FA” app on your phone. I recommend the Google Authenticator.
Open your authentication app and scan the QR code that appears in the setup wizard.
Enter the code shown in the app on your smartphone.
That’s all; your authentication app will now save the code sent once by WP 2FA. Now make the settings that match your WordPress site.
The next time you log into your website, the plugin will ask you for the two-factor authentication code after entering your password.
To do this, open the authentication app on your phone again and enter the code you see on it.
You’ve made a good step forward to improve the security of your WordPress login. If you want to secure your entire WordPress website, don’t stop reading and check out the article “How to Secure your WordPress Website.”
There I’ll explain everything you need to know about WordPress security.