Setting Up Two Factor Authentication with WordPress and Google Authenticator

two-factor-ga-wordpress-viGoogle Authenticator allows you to combine the classic WordPress login with username and password with an additional security code. This increases the security of your WordPress website.

WordPress supports two factor authentication via Google Authenticator with plugins such as Google Authenticator by Hendrik Schack.

As a first step, you select the desired authentication method in the admin area. Afterwards, you can adapt the two-factor authentication for each user individually.

This means you can explicitly protect admins and exclude authors from the two-factor authentication, for example.

Installing Google Authenticator

Install the Google Authenticator app on your smartphone: Download: iOS / Android

Installing the Google Authenticator Plugin

  • In the WordPress admin area, select Plugins, then Add New and search for Google Authenticator.
  • Install the Google Authenticator plugin by Hendrik Schack.

wordpress-2fa-install-plugin-en

You can now set up two-factor authentication for your users.

Setting Up Two Factor Authentication for Users

  • Open the Users section.
  • Select the user for which you would like to enable two-factor authentication.
  • Under Google Authenticator Settings, check the option Active.
  • Click Show/Hide QR code.

You should now be able to see an automatically generated QR code:

wordpess-2fa-settings-en
  • Open the Google Authenticator app on your smartphone and scan the QR code.
    Alternatively, you can also set up your account manually. To do so, use the description and secret displayed for this user in WordPress.

You can now see a new entry for your website in the Google Authenticator app. The security code is updated every 30 seconds.

  • Click Update Profile.

The two-factor authentication is now set up for this user. From now on, use a new security code each time you log in.wordpress-2fa-login-en

Loggin in with Google Authenticator Code

Write Down Secret

For situations in which you don’t have access to the Authenticator, you can fall back on the secret to connect a new Authenticator.

Store the secret in a secure location. Pretty old-fashioned, but secure: Write it down on a piece of paper.

That’s it! Congratulations, your WordPress website has just become a bit more secure!

Please rate this post :

4 thoughts on “Setting Up Two Factor Authentication with WordPress and Google Authenticator

  1. Jon says:

    This is all well and good, but when will 1&1 provide for 2-factor authentication on its own Control Panel? If an attacker can gain access to my domain’s configuration account with just a password, it doesn’t matter how well I’ve secured anything else.

    1. 1and1help says:

      Hi Jon,

      thanks for your feedback. 2FA is definitely a feature we would love to see for our logins in the future. It’s on our agenda, but no ETA yet.

      Best regards,
      Michael, 1&1

  2. AM says:

    When will 1 and 1 implement 2-step verification for its own products?

    1. 1and1help says:

      Hi AM,

      2fa is absolutely a feature we want to have for our logins in the future as well. It’s on our agenda, but we can’t give you an ETA yet. Stay tuned!

      Best regards,
      Michael, 1&1

Leave a Reply

Your email address will not be published. Required fields are marked *