Rick's Daily Tips

Tech Tips, Tricks and Tutorials

You are here: Home / Blogging Tips / How to protect your WordPress blog from hackers with Two-Factor Authentication

How to protect your WordPress blog from hackers with Two-Factor Authentication

Posted on

With hackers and scammers attacking WordPress blogs right and left these days, it’s more important than ever to lock your blog down and make it as secure as possible.

There are several things you can do to harden the security of your blog, but one of the most effective methods of thwarting hackers is enabling Two-Factor Authentication on it.

I’ve used several different plugins for enabling two factor authentication on my own WordPress blogs, but I now use and recommend the awesome Google Authenticator plugin.

Google Authenticator is extremely easy to install and set up, and it’s even easier to use. Just follow the steps below. 

First, install and activate the plugin on your blog…

1 – Log in to your WordPress Dashboard.

2 – Click Plugins>Add New.

3 – Search for Google Authenticator.

4 – Once you have found the Google Authenticator plugin, click the Install Now button.

5 – Click Activate.

Next, install the app on your phone…

1 – If you have an Android phone launch the Play Store app. If you have an iPhone launch iTunes.

2 – Search for Google Authenticator and install it.

And finally, set your WordPress user account to log in using Google Authenticator…

1 – Return to the WordPress Dashboard and click Users>Your Profile. You should now see a new section containing the Google Authenticator settings.

2 – Check the box beside Active.

3 – Write down the code in the box beside the word Secret and keep it handy for future reference. You probably won’t need it later, but you never know.

4 – Click the Show/Hide QR Code button to display your blog’s QR code.

5 – Open the Google Authenticator app on your phone and tap the + sign located in the red circle.

6 – Tap Scan a barcode.

7 – Hold your phone in front of the QR code that’s displayed on your computer screen until the phone syncs with the code.

That’s all there is to it. From now on when you attempt to log in to your WordPress Dashboard you’ll be asked to enter your WordPress username, your password AND the code from the Google Authenticator app.

No code, no logging in. No phone, no code. Your WordPress blog’s login page is now secure!

Bonus tip: This post explains why you should (almost) always login to WordPress using an ‘Editor’ account.

Never miss a tip!  Click here to sign up for my free Daily Tech Tips Email Newsletter!

Computer Tips
Smartphone Tips
Blogging Tips

Tech Q & A
Reviews
Tech News

Write for RicksDailyTips.com

Scam alerts
Downloads

Read previous post:
Q&A: Should I leave the ‘Page File’ on the SSD or move it to the hard drive?

Close