Setting Up Two Factor Authentication with WordPress and Google Authenticator

two-factor-ga-wordpress-viGoogle Authenticator allows you to combine the classic WordPress login with username and password with an additional security code. This increases the security of your WordPress website.

WordPress supports two factor authentication via Google Authenticator with plugins such as Google Authenticator by Hendrik Schack.

As a first step, you select the desired authentication method in the admin area. Afterwards, you can adapt the two-factor authentication for each user individually.

This means you can explicitly protect admins and exclude authors from the two-factor authentication, for example.

Installing Google Authenticator

Install the Google Authenticator app on your smartphone: Download: iOS / Android

Installing the Google Authenticator Plugin

  • In the WordPress admin area, select Plugins, then Add New and search for Google Authenticator.
  • Install the Google Authenticator plugin by Hendrik Schack.


You can now set up two-factor authentication for your users.

Setting Up Two Factor Authentication for Users

  • Open the Users section.
  • Select the user for which you would like to enable two-factor authentication.
  • Under Google Authenticator Settings, check the option Active.
  • Click Show/Hide QR code.

You should now be able to see an automatically generated QR code:

  • Open the Google Authenticator app on your smartphone and scan the QR code.
    Alternatively, you can also set up your account manually. To do so, use the description and secret displayed for this user in WordPress.

You can now see a new entry for your website in the Google Authenticator app. The security code is updated every 30 seconds.

  • Click Update Profile.

The two-factor authentication is now set up for this user. From now on, use a new security code each time you log in.wordpress-2fa-login-en

Loggin in with Google Authenticator Code

Write Down Secret

For situations in which you don’t have access to the Authenticator, you can fall back on the secret to connect a new Authenticator.

Store the secret in a secure location. Pretty old-fashioned, but secure: Write it down on a piece of paper.

That’s it! Congratulations, your WordPress website has just become a bit more secure!

Please rate this post :

Leave a Reply

Your email address will not be published. Required fields are marked *