Google Authenticator allows you to combine the classic WordPress login with username and password with an additional security code. This increases the security of your WordPress website.
WordPress supports two factor authentication via Google Authenticator with plugins such as Google Authenticator by Hendrik Schack.
As a first step, you select the desired authentication method in the admin area. Afterwards, you can adapt the two-factor authentication for each user individually.
This means you can explicitly protect admins and exclude authors from the two-factor authentication, for example.
Installing Google Authenticator
Installing the Google Authenticator Plugin
- In the WordPress admin area, select Plugins, then Add New and search for Google Authenticator.
- Install the Google Authenticator plugin by Hendrik Schack.
- Activate the Google Authenticator plugin by Hendrik Schack.
You can now set up two-factor authentication for your users.
Setting Up Two Factor Authentication for Users
- Open the Users section.
- Select the user for which you would like to enable two-factor authentication.
- Under Google Authenticator Settings, check the option Active.
- Click Show/Hide QR code.
You should now be able to see an automatically generated QR code:
- Open the Google Authenticator app on your smartphone and scan the QR code.
Alternatively, you can also set up your account manually. To do so, use the description and secret displayed for this user in WordPress.
You can now see a new entry for your website in the Google Authenticator app. The security code is updated every 30 seconds.
- Click Update Profile.
Loggin in with Google Authenticator Code
Write Down Secret
For situations in which you don’t have access to the Authenticator, you can fall back on the secret to connect a new Authenticator.
Store the secret in a secure location. Pretty old-fashioned, but secure: Write it down on a piece of paper.
That’s it! Congratulations, your WordPress website has just become a bit more secure!