Looking for a way to enable two-factor authentication in WordPress? Here in this article, we will show how you can easily add two-factor authentication to your WordPress website without any cost.
Nowadays most popular websites enable the two-step authentication option to improve security. Google, Facebook, Amazon, and other websites are adding these features. Following them, you can also add two-factor authentication to improve your website security. Two-factor authentication will make your website secure from being hacked.
Why you need to add two-factor authentication
Brute force attack is one of the common hacking tricks where hackers run an automatic script to detect your username and password. If they are successful in breaking your password then they can easily access your website. Adding two-factor authentication features will protect your website from stolen passwords. If the hackers get your password they can’t log in to your website if you have two-factor authentication enabled.
Two-factor features send a one-time code to your selected mobile numbers or email. So if anyone has your password without having the security code they will not be able to log in.
Enable two-factor authentication WordPress
There are many ways to enable two-factor authentication in a WordPress website. The easiest and quickest way to use a plugin. There are many plugins that provide you with two-factor authentication features. WP 2FA – Two-factor Authentication for WordPress plugins one of them. It offers a flexible and easy process for every user.
Install and activate the plugin and then go to Users > Your Profiles. From this page scroll down and go to the WP 2FA Settings section.
Click on the Change 2FA Setting to configure the plugin. It will launch the setup wizard. The plugin setup wizard also launch after install the plugin
First, the setup wizard will ask you to choose the authentication method. There are two authentication methods available.
- One-time code generated with your app of choice
- This method requires you to install one of the following 2FA apps: Google Authenticator, FreeOTP, Microsoft Authenticator, Duo Security, Authy, LastPass and Okta Verify.
- One-time code sent to you over email
A one-time code generator with the app is the most secure and easy method. You suggest you go for this method. You need to install any of the 2FA apps like Google authenticator. Install any of the apps mentioned on your mobile and click on the Next button.
Now it will open up a page where you need to scan a QR code with the app you installed on your mobile device.
Authenticator apps are mobile apps that generate one-time passwords for the saved accounts. When you connect your website account with the authentication apps, your website server and the apps will work together to generate a code to access the website. It will enable an additional layer of protection for your website
There are so many popular authentication apps available and most of them are free. Google Authenticator, Microsoft Authenticator is the most popular apps for authentication. Google Authenticator is flexible to use but it will not have the backup features. So if you lost your phone then there is no way to get your password back.
There is another popular app named Twilio Authy that offers flexibility and backup features. A password manager like 1Password and others have their app version. You can use any of the app based on your requirements.
Here you are using the Google Authenticator app. You can find the app at Play Store and App Store. Install the app on your mobile device and complete the setup.
Now click on the Scan a QR code to scan the code or you can enter the security key if you want. It will connect your website to the apps.
After connecting your website to the app click on the I’m Ready button from the plugin setup wizard.
Now it will ask for an authentication code from the Google Authenticator app to complete the setup. Go to the Google Authenticator app and you will see a code. Copy the code and paste it into the field.
Now you can generate backup codes for login into your website or you can close the setup wizard.
Set up 2FA for all users
To set up two-factor authentication for all of your users go to Settings >Two-factor Authentication page. Here on this page, you can select the users to enable two-factor authentication.
When you enforce 2FA on the user they have a grace period to configure 2FA. If they fail to configure it within the configured stipulated time, their account will be locked and have to be unlocked manually. The maximum grace period is 10 days.
That’s it. The process will enable the two-factor authentication features for all the users.
We hope this article will help you. You can see our other articles to learn the best ways to effectively secure a WordPress website.
If you like this article please like our Facebook Page to stay connected.