With hackers and scammers attacking WordPress blogs right and left these days, it’s more important than ever to lock your blog down and make it as secure as possible.
There are several things you can do to harden the security of your blog, but one of the most effective methods of thwarting hackers is enabling Two-Factor Authentication on it.
I’ve used several different plugins for enabling two factor authentication on my own WordPress blogs, but I now use and recommend the awesome Google Authenticator plugin from our friends at Google.
Google Authenticator is extremely easy to install and set up, and it’s even easier to use. Just follow the steps below.
First, install and activate the plugin on your blog…
1 – Log in to your WordPress Dashboard.
2 – Click Plugins>Add New.
3 – Search for Google Authenticator.
Note: The plugin you are looking for should be the first one to pop up on the list, but if not look for the one that was written by Henrik Schack.
4 – Once you have found the Google Authenticator plugin, click the Install Now button.
5 – Click Activate.
Next, install the app on your phone…
1 – If you have an Android phone launch the Play Store app. If you have an iPhone launch iTunes.
2 – Search for Google Authenticator and install it.
And finally, set your WordPress user account to log in using Google Authenticator…
1 – Return to the WordPress Dashboard and click Users>Your Profile. You should now see a new section containing the Google Authenticator settings.
2 – Check the box beside Active.
3 – Write down the code in the box beside the word Secret and keep it handy for future reference. You probably won’t need it later, but you never know.
4 – Click the Show/Hide QR Code button to display your blog’s QR code.
5 – Open the Google Authenticator app on your phone and tap the + sign located in the red circle.
6 – Tap Scan a barcode.
7 – Hold your phone in front of the QR code that’s displayed on your computer screen until the phone syncs with the code.
That’s all there is to it. From now on when you attempt to log in to your WordPress Dashboard you’ll be asked to enter your WordPress username, your password AND the code from the Google Authenticator app.
No code, no logging in. No phone, no code. Your WordPress blog is now secure!
Bonus tip #1: This post explains why you should (almost) always login to WordPress using an ‘Editor’ account.
Bonus tip #2: Want to make sure you never miss one of my tips? Click here to join my Rick’s Tech Tips Facebook Group!
Do you have a tech question of your own for Rick? Click here and send it in!
If you found this post useful, would you mind helping me out by sharing it? Just click one of the handy social media sharing buttons below.
Every day, more and more website owners get hacked due to poor site configuration.
As a site owner and wp developer myself, it’s really important to really put serious look towards security. And one of those is enabling the two-factor authentication.
This can really save you a lot and help you secure your WordPress site.
Thanks for sharing useful tutorials, Rick.
You’re welcome Rodney.
Hey there Rick,
I didn’t face many issues with sites being hacked in my online journey. I got only one site hacked and that was due I left the random credentials (admin pass).
I always use on my site a plugin that removes the /wp-admin/ and change it to another word.
Great article btw.
Cheers,
Melos
Thanks for the feedback, Melos.
First of all thanks a lot because now i can save my website from hackers with this plugin that you tell us. thanks again Rick.
Best article.
Best Regards
Rana